Committing a robbery no longer requires a physical presence. A laptop, Raspberry Pi or a Bash Bunny will do the trick.

That’s how the DarkVishnya attacks.

At least eight banks in Eastern Europe have reported the online attack that had resulted in the loss of more than ten million dollars.

How did DarkVishnya commit the crime?

According to Kaspersky Labs, “Once the connection was established, the cybercriminals tried to gain access to the web servers to steal the data they needed to run RDP (remote desktop protocol) on a selected computer and then seize funds or data. This fileless method of attack included the use of Impacket, winexesvc.exe, or psexec.exe remote execution toolkits. In the final stage, the attackers used remote control software to maintain access to the infected computer.”

Sergey Golovanov, security expert at Kaspersky Lab said:

“Over the past year and a half, we’ve been observing a completely new type of attacks on banks, quite sophisticated and complex in terms of detection. The entry point to the corporate network remained unknown for a long time, since it could be located in any office in any region. These unknown devices, smuggled in and hidden by intruders, could not be found remotely. Additionally, the threat actor used legitimate utilities, which complicated the incident response even more.”

To help reduce the possibility of financial institutions falling victim to DarkVishnya, here are some precaution measures that Kaspersky Labs suggests:

  • Pay particular attention to the monitoring of connected devices and accessing the corporate network network, for example by using Kaspersky Endpoint Security for business.
  • Eliminate security holes altogether, including those involving improper network configurations. For this, the Kaspersky Penetration Testing service is a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising organisations on how to fix it, further strengthening corporate security.
  • Use a specialised solution against advanced threats that can detect all types of anomalies and scrutinise suspicious activities in a network at a deeper level to reveal, recognise and uncover complex attacks – like Kaspersky Anti Targeted Attack Platform.
Mark Ko

Mark Ko

Besides tech, I love chicken rice. Point me in the right direction and I'll go and try it. :)
JUMO SECURES US$12.5M INVESTMENT FROM ODEY ASSET MANAGEMENT BRINGING TOTAL FUNDS RAISED TO US$103M Previous post JUMO secures US$12.5M investment from ODEY Asset Management bringing total funds raised to US$103M
Logitech MX Master 2S Next post The answer to Logitech MX Master 2S’s scrolling issue

One thought on “Eight banks in Eastern Europe fall victim to DarkVishnya

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: