European banks bleed millions from physical cyber attacks through devices like the Raspberry Pi

Cyber attack on company

At least eight banks in Eastern Europe have fallen victim to attacks from cyber criminals who have stolen tens of millions of pounds, gaining access through physical devices planted inside the buildings.

Posing as job seekers, couriers and inspectors, the cyber criminals used three types of device to connect to a bank's network and syphon data. Netbooks, Raspberry Pi devices and Bash Bunnies - a special tool for carrying out USB attacks - were all used after access to the building was gained, according to Kaspersky Lab.

The clandestine devices were simply plugged in and left, only to be controlled remotely via GPRS, 3G or LTE by the attackers. Meeting rooms were a common target as tables often have multiple communications and data transfer-related sockets to facilitate presentations, which can be accessed and exploited easily for ill-gotten gain.

Rather than take the risk of using laptops to facilitate attacks, as such machines would be less secretive and would require access to a port and also a power supply, smaller more portable devices were the weapon of choice for the cyber criminals. Raspberry Pis would be easier to hide, as would Bash Bunnies but because they are used more traditionally as penetration testing tools, device control technology can react to it immediately making such attacks less likely to succeed.

When discussing the method of attack, collectively dubbed 'DarkVishnya', Nikolay Pankov of Kaspersky said: "The method has the potential for use against any big company. The bigger the better; it is much simpler to hide a malicious device in a large office - and especially effective if a company has many offices around the world connected to one network."

Once a device has gained access to the target company's network, attackers could access public shared folders, web servers and other open files. The aim was supposedly to harvest information about the servers and workstations used to make payments and also brute-force and sniff for login details for these machines.

Once successful, malicious programs were launched on the compromised workstations which allowed the attackers to steal funds from the banks' accounts.

Such attacks highlight the need for robust cyber security in the physical as well as the virtual world, particularly in organisations with access to sensitive data.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.