Security firm Kaspersky Lab reports that its specialists were asked to investigate a series of cybertheft incidents. In each case, they discovered an unknown device connected to a company's local network. These consisted of either a netbook or similar cheap laptop, a Raspberry Pi, or a Bash Bunny—a special tool intended for use in penetration testing that looks like a flash drive.
Once a device was in place, remote access was achieved via a built-in or USB-connected GPRS/3G/LTE modem.
After remotely connecting to a device, the attackers scanned the local network looking for access to public shared folders, web servers, and any other open resources. They were searching for information on the networks, along with servers and workstations used for making payments.
In the third and final stage of the attack, hackers logged into the target systems and used remote access software to retain access. They then placed malware on the compromised systems, which was later used to steal funds from the banks.
Kaspersky has given these hacks the codename "DarkVishnya,” and said they took place through 2017 and 2018. It estimates the damage caused to be in the tens of millions of dollars.
While being able to plant a device in a bank's computer might sound difficult, Kaspersky Lab’s Nikolay Pankov says it’s far from impossible. "Couriers, job seekers, and representatives of clients and partners are commonly allowed into offices, so malefactors can try to impersonate any of them."
Image credit: M.a.u via shutterstock