Hackers steal millions from banks by sneaking devices onto networks
Mr. Robot styleBy Rob Thubron 7 comments
In brief: When it comes to portraying hacking, movies and TV shows often get it very wrong. But at least one of these techniques so loved by Hollywood is found in the real world---surreptitiously attaching devices to company networks to steal money---and it has been used to pilfer millions of dollars from Eastern European banks.
Security firm Kaspersky Lab reports that its specialists were asked to investigate a series of cybertheft incidents. In each case, they discovered an unknown device connected to a company's local network. These consisted of either a netbook or similar cheap laptop, a Raspberry Pi, or a Bash Bunny---a special tool intended for use in penetration testing that looks like a flash drive.
Once a device was in place, remote access was achieved via a built-in or USB-connected GPRS/3G/LTE modem.
After remotely connecting to a device, the attackers scanned the local network looking for access to public shared folders, web servers, and any other open resources. They were searching for information on the networks, along with servers and workstations used for making payments.
In the third and final stage of the attack, hackers logged into the target systems and used remote access software to retain access. They then placed malware on the compromised systems, which was later used to steal funds from the banks.
Kaspersky has given these hacks the codename "DarkVishnya," and said they took place through 2017 and 2018. It estimates the damage caused to be in the tens of millions of dollars.
While being able to plant a device in a bank's computer might sound difficult, Kaspersky Lab's Nikolay Pankov says it's far from impossible. "Couriers, job seekers, and representatives of clients and partners are commonly allowed into offices, so malefactors can try to impersonate any of them."
Image credit: M.a.u via shutterstock