Hackers steal millions from banks by sneaking devices onto networks

midian182

Posts: 5,872   +48
Staff member

Security firm Kaspersky Lab reports that its specialists were asked to investigate a series of cybertheft incidents. In each case, they discovered an unknown device connected to a company's local network. These consisted of either a netbook or similar cheap laptop, a Raspberry Pi, or a Bash Bunny—a special tool intended for use in penetration testing that looks like a flash drive.

Once a device was in place, remote access was achieved via a built-in or USB-connected GPRS/3G/LTE modem.

After remotely connecting to a device, the attackers scanned the local network looking for access to public shared folders, web servers, and any other open resources. They were searching for information on the networks, along with servers and workstations used for making payments.

In the third and final stage of the attack, hackers logged into the target systems and used remote access software to retain access. They then placed malware on the compromised systems, which was later used to steal funds from the banks.

Kaspersky has given these hacks the codename "DarkVishnya,” and said they took place through 2017 and 2018. It estimates the damage caused to be in the tens of millions of dollars.

While being able to plant a device in a bank's computer might sound difficult, Kaspersky Lab’s Nikolay Pankov says it’s far from impossible. "Couriers, job seekers, and representatives of clients and partners are commonly allowed into offices, so malefactors can try to impersonate any of them."

Image credit: M.a.u via shutterstock

Permalink to story.

 

Uncle Al

Posts: 7,217   +5,608
Until the penalties are severe enough there will be no deterrence. While collar crime crime, as a whole, has never been taken seriously enough because of the influence of money. If conviction of a while collar crime resulted in a punishment no less than the worst damage done (for example, the old man or woman who died because their life savings was stolen and they could not afford life saving medical care) we would see more deterrence than today. Doubtful that it would completely stop, but if we could cut it by half wouldn't that be a good start???
 
  • Like
Reactions: Khanonate

Capaill

Posts: 1,200   +737
Or the old classic where hackers distribute a few nice looking USB sticks in the car park during the night, workers find them in the morning, stick them into their work computers to see what's on them and delete it to use as their own personal USB drive. Not realising it just ran malicious code and their network is now hacked.
 
  • Like
Reactions: Underdog

Capaill

Posts: 1,200   +737
Smart companied disable USB and CD/DVDs.
Then my mouse, keyboard and headset would stop working. I know audio ports and PS2 connections are an option but most laptops don't come with PS2 ports. My work laptop is over 8 years old and it still doesn't have a PS2 port.
 

fktech

Posts: 540   +144
Then my mouse, keyboard and headset would stop working. I know audio ports and PS2 connections are an option but most laptops don't come with PS2 ports. My work laptop is over 8 years old and it still doesn't have a PS2 port.
Disable reading and notify when usb is plugged in is a feature of W10!
 

jobeard

Posts: 13,898   +1,763
In secured environments (you're deluded if you think commercial networks are), it is common to control all new device attachments and 'mounts'. It's a massive job, but EVERY device visible on the LAN is surveyed, given a property-label and registered with the admin. All new devices trigger a network alert.
 

fktech

Posts: 540   +144
In secured environments (you're deluded if you think commercial networks are), it is common to control all new device attachments and 'mounts'. It's a massive job, but EVERY device visible on the LAN is surveyed, given a property-label and registered with the admin. All new devices trigger a network alert.
Yep!!!