Home / / Hackers used hidden devices to attack banks

Hackers used hidden devices to attack banks

Kaspersky reveals details DarkVishnya attacks that used devices hidden in banks to access networks

Hackers used hidden devices to attack banks
The DarkVishnya attacks used devices hidden on bank's networks.

Kaspersky Lab has released details of a series of cyberattacks against banks which used physical devices hidden within the banks own premises as a way into the network.

The security company said that three separate attacks, which it collectively refers to as DarkVishnya, may have stolen tens of millions of dollars from at least eight banks across Eastern Europe.

In each case, attackers appear to have gained access to either a main bank or a branch office, and connected a device to the network. The concealed device then created a connection to the network which could not be detected remotely.

The attackers used three types of devices: a laptop, a Raspberry Pi (a single-board computer size of a credit card) or a Bash Bunny (a specially designed tool for automating and conducting USB attacks), equipped with a GPRS, 3G- or LTE- modem that allowed the attackers to penetrate remotely the corporate network of the financial organisation.

Once the connection was established, the cybercriminals tried to gain access to the web servers to steal the data they needed to run RDP (remote desktop protocol) on a selected computer and then seize funds or data. This fileless method of attack included the use of Impacket, winexesvc.exe, or psexec.exe remote execution toolkits. In the final stage, the attackers used remote control software to maintain access to the infected computer.

"Over the past year and a half, we've been observing a completely new type of attacks on banks, quite sophisticated and complex in terms of detection. The entry point to the corporate network remained unknown for a long time, since it could be located in any office in any region. These unknown devices, smuggled in and hidden by intruders, could not be found remotely. Additionally, the threat actor used legitimate utilities, which complicated the incident response even more," said Sergey Golovanov, security expert at Kaspersky Lab

To protect against this unusual approach to digital robbery, Kaspersky Lab advises financial institutions to pay particular attention to the monitoring of connected devices accessing the corporate network; use penetration testing services to find vulnerabilities on the network and fix them properly, and use specialized solutions which can detect all types of anomalies and suspicious activities at deep levels of the network.

Follow us to get the most comprehensive IT infrastructure news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.