ATMs Robbed of $1.5M in Bitcoin
March 23rd, 2023 |
An as-yet unidentified group has successfully robbed multiple Crypto-ATM vendors of $1.5M. A vulnerable server at General Bytes a cloud-based service provider for Crypto-ATMs was the source of the compromise. Crypto-ATMs are a key component of many Ransomware attacks, where the attackers direct organizations to a Crypto-ATM in their region to convert fiat currency to crypto for ransomware payouts.
The attackers identified and took advantage of the inconsistency in end-to-end security for the Crypto-ATM service provider. The ATMs communicate with General Bytes’ Crypto Application Server (CAS) operating on Digital Ocean’s cloud platform. The CAS was Internet exposed.
To compromise the CAS platform and its customers, the attackers injected malicious java code into the CAS’ video feed system that had an unnoticed vulnerability, despite multiple security audits since 2021.
The successfully stole 56 Bitcoins valued at $1.5M from multiple vendors. Within hours, the company had identified and patched the vulnerability, however, the damage was done.
Acreto’s Ecosystem model proactively prevents this exact compromise, by isolating the ATMs, the application server, authorization service and management resources to a dedicated Ecosystem. This prevents any visibility from any other local and Internet resource.
Furthermore Acreto limits communications between Ecosystem member resources to only authorized applications and performs inline behavioral analysis to identify and mitigate any unauthorized communications.
Acreto has been successfully secured ATM infrastructures for banking institutions for years. Especially banking institutions who have opted to replace some of their expensive and limited branches with ATMs and Interactive Teller Machines (ITM).
About Acreto
Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.