Skip to main content

Woburn, MA – December 6, 2018 – Today, Kaspersky Lab researchers are revealing a new type of attack called “DarkVishnya” following a number of cyber-robberies targeting financial organizations in Eastern Europe during 2017 and 2018. To date, at least eight banks in the region have been affected by the cyberattacks, with estimated losses running into tens of millions of dollars.

Through Kaspersky Lab’s involvement in the incident response, researchers discovered that in each case the corporate network was breached through an unknown device, controlled by the attackers, which had been smuggled into a company building and connected to the network.

The attackers used three types of devices: a laptop, a Raspberry Pi (a single-board computer size of a credit card) or a Bash Bunny (a specially designed tool for automating and conducting USB attacks), equipped with a GPRS, 3G- or LTE- modem that allowed the attackers to penetrate remotely the corporate network of the financial organization.

Once the connection was established, the cybercriminals tried to gain access to the web servers to steal the data they needed to run RDP (remote desktop protocol) on a selected computer and then seize funds or data. This fileless method of attack included the use of Impacket, winexesvc.exe, or psexec.exe remote execution toolkits. In the final stage, the attackers used remote control software to maintain access to the infected computer.

“Over the past year and a half, we’ve been observing a completely new type of attacks on banks, quite sophisticated and complex in terms of detection,” said Sergey Golovanov, security expert at Kaspersky Lab. “The entry point to the corporate network remained unknown for a long time, since it could be located in any office in any region. These unknown devices, smuggled in and hidden by intruders, could not be found remotely. Additionally, the threat actor used legitimate utilities, which complicated the incident response even more.”

To protect against this unusual approach to digital robbery, Kaspersky Lab advises financial institutions to:

  • Closely monitor connected devices and which devices are accessing the corporate network by using endpoint security software, such as Kaspersky Endpoint Security for Business.
  • Eliminate security holes altogether, including those involving improper network configurations. Kaspersky Penetration Testing service is a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising organizations on how to fix it, further strengthening corporate security.
  • Use a specialized solution against advanced threats, such as Kaspersky Anti Targeted Attack Platform, which can detect all types of anomalies and scrutinize suspicious activities in a network at a deeper level to reveal, recognize and uncover complex attacks.  Kaspersky Endpoint Security for business

Read the full version of the report on Securelist.com.


About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Kaspersky Lab Media Contact:

Denise Berard

781.503.1836

Denise.Berard@kaspersky.com

 

DarkVishnya: new series of unprecedented cyber-robberies in Eastern Europe

Banks in Eastern Europe impacted by attacks resulting in losses of tens of millions of dollars
Kaspersky Logo