European banks bleed millions from physical cyber attacks through devices like the Raspberry Pi

At least eight European banks have been hit by attackers from inside their own walls

Cyber attack on company

At least eight banks in Eastern Europe have fallen victim to attacks from cyber criminals who have stolen tens of millions of pounds, gaining access through physical devices planted inside the buildings.

Posing as job seekers, couriers and inspectors, the cyber criminals used three types of device to connect to a bank's network and syphon data. Netbooks, Raspberry Pi devices and Bash Bunnies - a special tool for carrying out USB attacks - were all used after access to the building was gained, according to Kaspersky Lab. 

The clandestine devices were simply plugged in and left, only to be controlled remotely via GPRS, 3G or LTE by the attackers. Meeting rooms were a common target as tables often have multiple communications and data transfer-related sockets to facilitate presentations, which can be accessed and exploited easily for ill-gotten gain.

Advertisement - Article continues below

Rather than take the risk of using laptops to facilitate attacks, as such machines would be less secretive and would require access to a port and also a power supply, smaller more portable devices were the weapon of choice for the cyber criminals. Raspberry Pis would be easier to hide, as would Bash Bunnies but because they are used more traditionally as penetration testing tools, device control technology can react to it immediately making such attacks less likely to succeed.

Advertisement
Advertisement - Article continues below

When discussing the method of attack, collectively dubbed 'DarkVishnya', Nikolay Pankov of Kaspersky said: "The method has the potential for use against any big company. The bigger the better; it is much simpler to hide a malicious device in a large office - and especially effective if a company has many offices around the world connected to one network."

Once a device has gained access to the target company's network, attackers could access public shared folders, web servers and other open files. The aim was supposedly to harvest information about the servers and workstations used to make payments and also brute-force and sniff for login details for these machines.

Once successful, malicious programs were launched on the compromised workstations which allowed the attackers to steal funds from the banks' accounts.

Such attacks highlight the need for robust cyber security in the physical as well as the virtual world, particularly in organisations with access to sensitive data. 

Advertisement

Recommended

Visit/security/cyber-security/355210/cyber-criminals-torn-over-how-to-adapt-to-post-coronavirus-threat
cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020
Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020