Crooks stole 800,000€ from ATMs in Italy with Black Box attack

A cyber criminal organization has stolen money from at least 35 Italian ATMs with a black box attack technique.

A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique.

The Carabinieri of Monza dismantled by the gang, the Italian law enforcement agency confirmed that the cybercrime organization stole about 800,000€ in just 7 months using #ATM Black Box attack.

The Italian Carabinieri identified 12 people, 6 have been already arrested, 3 are currently restricted in Poland, one has returned to Moldova before being stopped and 2 may no longer be on Italian territory.

According to local media, the gang had numerous logistical bases in the provinces of Milan, Monza, Bologna, Modena, Rome, Viterbo, Mantua, Vicenza and Parma.

Black box attacks are a type of jackpotting attack aimed at forcing an ATM to dispense the cash by sending a command through a “black box” device.

In this attack, a black box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine.

The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs.

Below the list of the compromised ATM:

• UFF PP TT 12/07/2020 BELLUSCO
• BANCA POPOLARE DI NOVARA 07/16/2020 CRODO
• BPM 07/18/2020 WEEKLY
• BPM 07/20/2020 MORAZZONE
• UFF PP TT 03/08/2020 SANT’ILARIO D’ENZA
• CASSA SAVINGS 04/08/2020 SAONARA
• UFF PP TT 08/05/2020 CARUGATE
• UFF PP TT 08/08/2020 PESSANO WITH BORNAGO
• UFF PP TT 08/18/2020 SEVESO
• UFF PP TT 08/19/2020 FAGNANO OLONA
• BBPM 08/21/2020 COMO
• BANCA INTESA 08/27/2020 GRONTARDO
• BBPM 01/09/2020 BREMBATE DI ABOVE
• UFF PP TT 01/09/2020 SIZIANO
• UFF PP TT 02/09/2020 MELZO
• UFF PP TT 09/04/2020 CARATE BRIANZA
• UFF PP TT 07/09/2020 SENAGO
• UFF PP TT 11/09/2020 BRESCIA
• BPM 11/09/2020 PARMA
• UFF PP TT 09/14/2020 BUSNAGO
• BBPM 09/18/2020 ROZZANO
• BBPM 09/18/2020 CARONNO PERTUSELLA
• UFF PP TT 21/09/2020 GHEDI
• BBPM 09/22/2020 CASARILE
• BBPM 09/24/2020 MACHERIO
• BBPM 09/30/2020 RESCALDINA
• BBPM 09/30/2020 LIMENA
• VOLKS 21/10/2020 VILLAVERLA
• UNICREDIT 22/10/2020 GRISIGNANO DI ZOCCO
• BANCO S. MARCO 10/28/2020 SPINEA
• BANCA CAMBIANO 10/30/2020 MONTELUPO FIORENTINO
• BBPM 11/06/2020 BIASSONO
• BBPM 11/8/2020 Santo Srefano Ticino
• BCC 10/11/2020 Junction of Capannelle (RM)
• OFFICE PP. TT. 11/11/2020 Vermicino- Frascati

Poorly protected ATMs are more exposed to this type of attack because crooks can easily tamper with their case in order to connect the mobile device.

In July, Diebold Nixdorf, a leading manufacturer of ATM machines, issued an alert to customers warning all banks of a new variant of ATM black box or jackpotting attacks. The alert was issued after the Agenta Bank in Belgium was forced to shut down 143 ATMs after a jackpotting attack.

All the compromised machines were Diebold Nixdorf ProCash 2050xe devices. This was the first time that Belgian authorities observe this criminal practice in the country.

According to the security alert issued by Diebold Nixdorf, and obtained by ZDNet, the new variation of black box attacks has been used in certain countries across Europe.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, black box attack)

[adrotate banner=”5″]

[adrotate banner=”13″]