Hi there! A while ago, Positive Technologies published the news that ATMs manufactured by Diebold Nixdorf (previously known as Wincor), or more specifically, the RM3 and CMDv5 cash dispensers, contained a vulnerability which allowed attackers to withdraw cash and upload modified (vulnerable) firmware. And since my former colleague Alexei Stennikov and I were directly involved in finding this vulnerability, I would like to share some details.
Show first
How to detect a cyberattack and prevent money theft
Positive Technologies corporate blog Information Security *Programming *Research and forecasts in IT
Money theft is one of the most important risks for any organization, regardless of its scope of activity. According to our data, 42% of cyberattacks on companies are committed to obtain direct financial benefits. You can detect an attack at various stages—from network penetration to the moment when attackers start withdrawing money. In this article, we will show how to detect an attack at each of its stages and minimize the risk, as well as analyze two common scenarios of such attacks: money theft manually using remote control programs and using special malware—a banking trojan.
Positive Technologies Brings ‘Hackable City’ to Life in The Standoff Cyberbattle at HITB+ CyberWeek
Attackers and defenders to face off in digital metropolis security challenge featuring real-world critical infrastructure and technologies.
Cybersecurity experts at Positive Technologies and Hack In The Box are inviting red and blue team security specialists to test their skills attacking and defending a full-scale modern city at The Standoff Cyberbattle held during HITB+ CyberWeek. This mock digital metropolis with full IT and OT infrastructure including traffic systems, electrical plants, and transportation networks will feature all the latest technologies used in actual critical infrastructure installations, allowing players to expose security issues and the impact they might have on the real world.
Cybersecurity experts at Positive Technologies and Hack In The Box are inviting red and blue team security specialists to test their skills attacking and defending a full-scale modern city at The Standoff Cyberbattle held during HITB+ CyberWeek. This mock digital metropolis with full IT and OT infrastructure including traffic systems, electrical plants, and transportation networks will feature all the latest technologies used in actual critical infrastructure installations, allowing players to expose security issues and the impact they might have on the real world.
Detecting Web Attacks with a Seq2Seq Autoencoder
Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early 1980s.
Nowadays, an entire attack detection industry exists. There are a number of kinds of products—such as IDS, IPS, WAF, and firewall solutions—most of which offer rule-based attack detection. The idea of using some kind of statistical anomaly detection to identify attacks in production doesn’t seem as realistic as it used to. But is that assumption justified?