European banks bleed millions from physical cyber attacks through devices like the Raspberry Pi

At least eight European banks have been hit by attackers from inside their own walls

Cyber attack on company

At least eight banks in Eastern Europe have fallen victim to attacks from cyber criminals who have stolen tens of millions of pounds, gaining access through physical devices planted inside the buildings.

Posing as job seekers, couriers and inspectors, the cyber criminals used three types of device to connect to a bank's network and syphon data. Netbooks, Raspberry Pi devices and Bash Bunnies - a special tool for carrying out USB attacks - were all used after access to the building was gained, according to Kaspersky Lab. 

The clandestine devices were simply plugged in and left, only to be controlled remotely via GPRS, 3G or LTE by the attackers. Meeting rooms were a common target as tables often have multiple communications and data transfer-related sockets to facilitate presentations, which can be accessed and exploited easily for ill-gotten gain.

Rather than take the risk of using laptops to facilitate attacks, as such machines would be less secretive and would require access to a port and also a power supply, smaller more portable devices were the weapon of choice for the cyber criminals. Raspberry Pis would be easier to hide, as would Bash Bunnies but because they are used more traditionally as penetration testing tools, device control technology can react to it immediately making such attacks less likely to succeed.

When discussing the method of attack, collectively dubbed 'DarkVishnya', Nikolay Pankov of Kaspersky said: "The method has the potential for use against any big company. The bigger the better; it is much simpler to hide a malicious device in a large office - and especially effective if a company has many offices around the world connected to one network."

Once a device has gained access to the target company's network, attackers could access public shared folders, web servers and other open files. The aim was supposedly to harvest information about the servers and workstations used to make payments and also brute-force and sniff for login details for these machines.

Once successful, malicious programs were launched on the compromised workstations which allowed the attackers to steal funds from the banks' accounts.

Such attacks highlight the need for robust cyber security in the physical as well as the virtual world, particularly in organisations with access to sensitive data. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021