Multiple banks in Eastern Europe have been attacked from inside their network via various electronic devices connected directly to the company's own infrastructure, security researchers have discovered. Where possible, the adversary made an effort to hide the entry point by planting the malicious devices in a way that did not attract attention. The losses created this way are estimated to tens of millions of dollars.
Direct access to the local network
Dubbed DarkVishnya, the attacks targeted at least eight banks using readily-available gear such as netbooks or inexpensive laptops,
Raspberry Pi mini-computers, or a
Bash Bunny - a USB-sized piece hardware for penetration testing purposes that can pose as a keyboard, flash storage, network adapter, or as any serial device.
They gained access to the local network from various places inside the victim's central or regional offices, and even from company branches in a different country.
Given their position, the devices could launch attacks that bypassed network defenses and could easily run reconnaissance routines, which are the first step of a cyber attack once on the target infrastructure.