Committing a robbery no longer requires a physical presence. A laptop, Raspberry Pi or a Bash Bunny will do the trick.
That’s how the DarkVishnya attacks.
At least eight banks in Eastern Europe have reported the online attack that had resulted in the loss of more than ten million dollars.
How did DarkVishnya commit the crime?
According to Kaspersky Labs, “Once the connection was established, the cybercriminals tried to gain access to the web servers to steal the data they needed to run RDP (remote desktop protocol) on a selected computer and then seize funds or data. This fileless method of attack included the use of Impacket, winexesvc.exe, or psexec.exe remote execution toolkits. In the final stage, the attackers used remote control software to maintain access to the infected computer.”
Sergey Golovanov, security expert at Kaspersky Lab said:
“Over the past year and a half, we’ve been observing a completely new type of attacks on banks, quite sophisticated and complex in terms of detection. The entry point to the corporate network remained unknown for a long time, since it could be located in any office in any region. These unknown devices, smuggled in and hidden by intruders, could not be found remotely. Additionally, the threat actor used legitimate utilities, which complicated the incident response even more.”
To help reduce the possibility of financial institutions falling victim to DarkVishnya, here are some precaution measures that Kaspersky Labs suggests:
- Pay particular attention to the monitoring of connected devices and accessing the corporate network network, for example by using Kaspersky Endpoint Security for business.
- Eliminate security holes altogether, including those involving improper network configurations. For this, the Kaspersky Penetration Testing service is a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising organisations on how to fix it, further strengthening corporate security.
- Use a specialised solution against advanced threats that can detect all types of anomalies and scrutinise suspicious activities in a network at a deeper level to reveal, recognise and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.