The sophistication of attacks is constantly growing. This video and attached news link demonstrates the power of gaining centralized control over some system that coordinates subsystems all over the country. In this case it’s ATM systems linked to a centralized payroll system run by RBS WorldPay – it could have easily been power grids or air traffic control, but in this case the attacker has compromised a central database of people who are paid by inserting debit-like cards into an ATM that will then transfer money from the employer to the employee.
There are two interesting aspects of this story. First, it’s not one person taking advantage of a system, but rather 130 ATMs over 49 cities compromised within a 30 minute period – a large number of coordinated thieves were involved. Second is the timeframe – the report shows this attack happening in November, and being disclosed this week. The ATMs are all on camera, but once again, detection only works when people are watching for alerts.
This type of attack makes a strong case for real-time detection response, a program that is delivered to your customers through a managed security offering. Logging data is of no use if no one is there to watch it. No suspects, no arrests, but there is one asset owner lawsuit in process…focus on the asset owners, they control the budget.