In the past week, Chilean Senator Felipe Harboe issued a serious statement on Twitter. He revealed that the company running the countries ATM bank network, Redbanc had suffered a serious cyber attack.
Public Admission
Local news sites started to release stories offering further details of the attack. Shortly before this, Redbanc had released a public statement admitting the attack had taken place.
Little information beyond this was released by the company. However, they confirmed the network was not disrupted and was functioning normally.
In the statement, they said: ‘As established in our protocols, we kept the different industry players and authorities informed at all times, with total transparency and spirit of collaboration.’
LinkedIn Advert
One Chilean news site claims the attack was the result of a LinkedIn advert which offered a developer role within Redbanc.
A Skype call was set up by the attackers to conduct the interview. During this interview, the employee was persuaded to download a file called ApplicationPDF.exe. This file then infected the employee’s computer and started the hacking process.
Searching For Security Gaps
The malware used could now start exploring the companies network. At some point, the company discovered the search for security flaws. Further probes were then blocked and the malware removed.
Despite the discovery of the malware, it raised questions about how easy it was to access the companies systems.
Better Awareness
This attack has called into question the use of social engineering and how employees react to cyber threats. Employees receive training to avoid emails that look suspicious, though other types of attack might need more awareness.
One way to stop these attacks is to ask employees to get authentication before accepting files. This would stop many of the phishing scams and other attacks before they start to communicate.
Teaching employees how to use tools such as Skype correctly could also help to avoid problems in the future.
