European banks bleed millions from physical cyber attacks through devices like the Raspberry Pi

At least eight European banks have been hit by attackers from inside their own walls

Cyber attack on company

At least eight banks in Eastern Europe have fallen victim to attacks from cyber criminals who have stolen tens of millions of pounds, gaining access through physical devices planted inside the buildings.

Posing as job seekers, couriers and inspectors, the cyber criminals used three types of device to connect to a bank's network and syphon data. Netbooks, Raspberry Pi devices and Bash Bunnies - a special tool for carrying out USB attacks - were all used after access to the building was gained, according to Kaspersky Lab. 

The clandestine devices were simply plugged in and left, only to be controlled remotely via GPRS, 3G or LTE by the attackers. Meeting rooms were a common target as tables often have multiple communications and data transfer-related sockets to facilitate presentations, which can be accessed and exploited easily for ill-gotten gain.

Rather than take the risk of using laptops to facilitate attacks, as such machines would be less secretive and would require access to a port and also a power supply, smaller more portable devices were the weapon of choice for the cyber criminals. Raspberry Pis would be easier to hide, as would Bash Bunnies but because they are used more traditionally as penetration testing tools, device control technology can react to it immediately making such attacks less likely to succeed.

When discussing the method of attack, collectively dubbed 'DarkVishnya', Nikolay Pankov of Kaspersky said: "The method has the potential for use against any big company. The bigger the better; it is much simpler to hide a malicious device in a large office - and especially effective if a company has many offices around the world connected to one network."

Once a device has gained access to the target company's network, attackers could access public shared folders, web servers and other open files. The aim was supposedly to harvest information about the servers and workstations used to make payments and also brute-force and sniff for login details for these machines.

Once successful, malicious programs were launched on the compromised workstations which allowed the attackers to steal funds from the banks' accounts.

Such attacks highlight the need for robust cyber security in the physical as well as the virtual world, particularly in organisations with access to sensitive data. 

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Wisconsin Republican Party allegedly loses $2.3 million to hackers
hacking

Wisconsin Republican Party allegedly loses $2.3 million to hackers

30 Oct 2020
What is DevSecOps and why is it important?
Security

What is DevSecOps and why is it important?

30 Oct 2020
Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle
Security

Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle

30 Oct 2020
Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020

Most Popular

Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020
Hackers demand ransom from therapy patients after clinic data breach
Security

Hackers demand ransom from therapy patients after clinic data breach

27 Oct 2020