Criminals Use Locally Connected Devices to Attack, Loot Banks

Criminals Use Locally Connected Devices to Attack, Loot Banks

Tens of millions of dollars stolen from at least eight banks

Attackers, likely working for the same threat group, have looted tens of millions of dollars from at least eight banks after gaining initial access to their networks via devices connected directly to a local network.

In some cases, the attackers planted the devices at the banking institution’s central office. In others, they were planted in a regional office or even an office in another country.

They then used the initial foothold to move deeper into the target organization’s network, finding and manipulating systems in order to withdraw millions of dollars using ATMs and other services.

The “DarkVishnya” campaign, was a series of attacks on financial institutions, “What they all had in common was the use of a physical device that was connected to the local network and later scanned in order to access open resources,” he says.

The attacks are another reminder that network perimeter defenses alone are not enough. “Cybercriminals can connect to the network leaving no trace and no logs in networking gear,” he says.

Devices used in the DarkVishnya attacks as one of three types: a notebook or cheap laptop, a Raspberry Pi computer, or Bash Bunny, a Linux-based tool that can be plugged into a target computer’s USB port to execute malicious payloads.

With each attack, the cybercriminals gained initial access to their target organization’s building by pretending to be a courier, job seeker, or some other guise. They then connected their rogue devices to the banks’ local networks in meeting rooms or to tables with built-in network sockets.

Each of the planted devices was remote-access-enabled via a built-in or USB-connected modem. The device would show up on the local network as an unknown computer, an external flash drive, or a keyboard. But finding it was hard because the device would typically be hidden or installed in a manner to blend in with the surroundings.

The attackers then remotely accessed their rogue devices and used them to scan the network for publicly accessible folders, Web servers, and other open resources. The main goal was to gather as much information as possible on servers and workstations used for making payments.

Once the attackers discovered such systems, they tried brute-forcing their way in or finding data for logging into the systems using legitimate credentials.

“When a malicious program was installed on one of the computers, this program would not connect to external IP addresses belonging to the threat actors,” Instead, it would open a local TCP-port and let criminals connect to it, he says.

In situations where a firewall prevented the technique from working, the attackers would “use a server of one of the local computers on the network that already had permission to access the target system through the firewall,” he says. “So some computers had local ports open, and some computers just had IP addresses of computers from the corporate network, not threat actors’ external IP addresses.”

SCS estimate that the target banks suffered millions of dollars in direct losses from the attack via fraudulent ATM withdrawals and other services that provide banking clients with funds.


Uncovering the Truth About Corporate IoT Security

Uncovering the Truth About Corporate IoT Security

This research looks at the kinds of IoT projects being driven by global organizations, their key challenges and perceived threats, along with hard data outlining the frequency and type of attacks they’ve already experienced.

Connected “things” are quickly pervasive our entire society. From connected cars to the sensible home, medical instrumentality to fitness trackers, the web of Things (IoT) is functioning to create us healthier, happier, safer and additional productive. From a company perspective, it’s empowering corporations as numerous as hospitals, makers and utilities suppliers to contour their operations, enhance business lightness, and drive innovation-led growth.

It’s no surprise that there are over eight billion connected things in use these days — a figure which will top 20 billion by 2020, as well as over seven billion within the company sphere

Yet cybersecurity remains a serious challenge and a barrier to progress. If left unsecured, IoT endpoints might be hijacked to conscript into botnets, sabotaged to disrupt key processes, or used as a stepping stone into company networks. IoT systems sit at an important intersection between IT and OT, usually dominant key operational technologies however conjointly connected into wider IT networks, and thus exposed to internet-facing threats. ancient silos between IT and OT groups compound these risks.

To shed more light on the issue, we commissioned our consultant to interview 1,150 IT and security decision-makers in the India, Singapore, Thiland, Germany, and Japan. We wanted to understand the level of investment in IoT projects today and where it’s being targeted, what the key IoT security challenges are, how widespread attacks are, and what organizations are doing to mitigate cyber risk.

We discovered that Industrial IoT, wearables, sensible utilities, and sensible works initiatives are already well current in several organizations. however securing knowledge, devices, and networks, obliging with laws and try security complexness are major challenges. The risks aren’t any longer theoretical: Responding organizations claimed on the average to own suffered a median of 3 attacks on IoT devices over the previous 12 months, with simply a quarter (27%) having not seasoned any.

In this context, it’s unsatisfactory that thus few organizations involve security groups in comes from the beginning, with several admitting that they read IoT protection as an afterthought. It’s hoped that by delivery to light-weight these problems, the report will facilitate IT and security bosses higher perceive wherever key risks lie and wherever they’ll do higher than their peers going forward. This is particularly important to the new regulatory landscape in India, To gain more insight into these issues, contact us at 9811779128