A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques
attackers had physical access to a network switch
physically connected a Raspberry Pi device to a network switch shared with an ATM. Equipped with a 4G modem, the device allowed attackers to remotely access the bank’s internal network over mobile data, completely bypassing perimeter firewalls.
Well, no shit. If you don’t have physical security, you don’t have any security. This is like security 101.
There are mitigations possible against allowing unrecognized MAC addresses from getting network connection when plugged into an open port.
Security is meant to have layers. Defense in depth.
Can’t be forgetting 802.1x
I’ve seen ATMs using Windows 7 embedded. 802.1x support on 7 (let alone embedded) was extremely janky at best. Also it didn’t support some of the features that modern switches support too. That’s not an excuse for them but most likely their “defense in depth” was very limited and they just didn’t do quite a bit of it.
Even if you’re able to plug into the network, it’s a failure that still had access.
Given how much money there is up for grabs, I imagine the next such implant won’t be anything as easily detectable as a Raspberry Pi. For a modest outlay that would fit within existing malware budgets, it would be possible to build a device that fits inside an otherwise conventional-looking Ethernet or USB cable and has enough power to relay traffic across the network. (I wouldn’t be surprised if you could buy those pre-built.)
