European banks bleed millions from physical cyber attacks through devices like the Raspberry Pi

At least eight European banks have been hit by attackers from inside their own walls

Cyber attack on company

At least eight banks in Eastern Europe have fallen victim to attacks from cyber criminals who have stolen tens of millions of pounds, gaining access through physical devices planted inside the buildings.

Posing as job seekers, couriers and inspectors, the cyber criminals used three types of device to connect to a bank's network and syphon data. Netbooks, Raspberry Pi devices and Bash Bunnies - a special tool for carrying out USB attacks - were all used after access to the building was gained, according to Kaspersky Lab. 

The clandestine devices were simply plugged in and left, only to be controlled remotely via GPRS, 3G or LTE by the attackers. Meeting rooms were a common target as tables often have multiple communications and data transfer-related sockets to facilitate presentations, which can be accessed and exploited easily for ill-gotten gain.

Rather than take the risk of using laptops to facilitate attacks, as such machines would be less secretive and would require access to a port and also a power supply, smaller more portable devices were the weapon of choice for the cyber criminals. Raspberry Pis would be easier to hide, as would Bash Bunnies but because they are used more traditionally as penetration testing tools, device control technology can react to it immediately making such attacks less likely to succeed.

Advertisement
Advertisement - Article continues below

When discussing the method of attack, collectively dubbed 'DarkVishnya', Nikolay Pankov of Kaspersky said: "The method has the potential for use against any big company. The bigger the better; it is much simpler to hide a malicious device in a large office - and especially effective if a company has many offices around the world connected to one network."

Once a device has gained access to the target company's network, attackers could access public shared folders, web servers and other open files. The aim was supposedly to harvest information about the servers and workstations used to make payments and also brute-force and sniff for login details for these machines.

Once successful, malicious programs were launched on the compromised workstations which allowed the attackers to steal funds from the banks' accounts.

Such attacks highlight the need for robust cyber security in the physical as well as the virtual world, particularly in organisations with access to sensitive data. 

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019