Banks Lose Tens Of Millions Of Dollars In Hollywood-style Hacks

Uploaded on 2018-12-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-criminal gangs are believed to have stolen tens of millions of dollars from at least eight banks in Eastern Europe using tactics usually seen only in Hollywood movies.

These "hacks" consisted of cyber-criminals entering bank offices to inspect and then leave malicious devices connected to the bank's network.

Russian cybersecurity firm Kaspersky Lab, which was called to investigate some of these mysterious cyber-heists, says it found three types of devices at central or regional offices at the eight banks it reviewed.

These included cheap laptops, Raspberry Pi boards, or malicious USB thumb drives known as Bash Bunnies.

Kaspersky said hackers left these devices connected to a bank network or computer, and then connected to the rogue device from a remote location using a GPRS, 3G, or LTE modem.

Hackers used this access to scan local networks for publicly shared folders, but also for web servers or any other computer with open access.

At the last stage of their attacks, attackers left malware on the bank's network, which they later used to orchestrate cyber-heists during which they stole funds from the banks' accounts.

Kaspersky experts said these hacks, which the company has been tracking under the codename of "DarkVishnya," have happened throughout 2017 and 2018, but declined to name the breached banks, due to privacy clauses in incident response contracts.

"Even in companies where security issues are taken seriously, planting such a device is not impossible," said Nikolay Pankov of Kaskerpsky Lab. "Couriers, job seekers, and representatives of clients and partners are commonly allowed into offices, so malefactors can try to impersonate any of them."

While a laptop would have been spotted more easily, the other two devices, the Raspberry Pi and Bash Bunnies, are small and easy to hide. They only require a USB connection and were easy to sneak between a computer's cables or under desks.

ZDNet:

You Might Also Read:

Financial Sector Breaches Soar Despite Heavy Security Spending

« IoT Cybercrime Hotspot In Canada
NCSC Aims To Inspire Young Female Code-Breakers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

Nextgen Group

Nextgen Group

Nextgen Group is a pioneering technology services group with innovative and unique services across enterprise software, cloud, data management, and cybersecurity solutions.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Sekur Private Data

Sekur Private Data

Sekur Private Data Ltd. is a Cybersecurity and Internet privacy provider of Swiss hosted solutions for secure communications and secure data management.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

Orca Fraud

Orca Fraud

Orca is an AI-driven fraud orchestration platform. We empower fraud fighters to outpace fraud using our custom ML models.

Infrassist Technologies

Infrassist Technologies

We're Infrassist - a trusted white label Managed IT & Professional Services partner for MSP businesses.