Eastern European banks lose tens of millions of dollars in Hollywood-style hacks
Cyber-criminal gangs are believed to have stolen tens of millions of dollars from at least eight banks in Eastern Europe using tactics usually seen only in Hollywood movies.
These “hacks” consisted of cyber-criminals entering bank offices to inspect and then leave malicious devices connected to the bank’s network.
Russian cyber-security firm Kaspersky Lab, which was called to investigate some of these mysterious cyber-heists, says it found three types of devices at central or regional offices at the eight banks it reviewed.
These included cheap laptops, Raspberry Pi boards, or malicious USB thumb drives known as Bash Bunnies.
Kaspersky said hackers left these devices connected to a bank network or computer, and then connected to the rogue device from a remote location using a GPRS, 3G, or LTE modem.
Hackers used this access to scan local networks for publicly shared folders, but also for web servers or any other computer with open access.
At the last stage of their attacks, attackers left malware on the bank’s network, which they later used to orchestrate cyber-heists during which they stole funds from the banks’ accounts.
Kaspersky experts said these hacks, which the company has been tracking under the codename of “DarkVishnya,” have happened throughout 2017 and 2018, but declined to name the breached banks, due to privacy clauses in incident response contracts.
“Even in companies where security issues are taken seriously, planting such a device is not impossible,” said Nikolay Pankov of Kaskerpsky Lab. “Couriers, job seekers, and representatives of clients and partners are commonly allowed into offices, so malefactors can try to impersonate any of them.”
While a laptop would have been spotted more easily, the other two devices –the Raspberry Pi and Bash Bunnies– are small and easy to hide. They only require a USB connection and were easy to sneak between a computer’s cables or under desks.