Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eastern European Banks Were Attacked Via Backdoors Directly Connected To Local Networks, Report Finds (securelist.com)

Posted by BeauHD on from the easy-as-1-2-3 dept.

An anonymous reader writes: Karspesky security researcher Sergey Golovanov writes about recent cybertheft incidents involving hardware backdoors planted by criminals. Each attack had a common springboard: an unknown device directly connected to the company's local network. In some cases, it was the central office, in others a regional office, sometimes located in another country. At least eight banks in Eastern Europe were the targets of the attacks, which caused damage estimated in the tens of millions of dollars. Hardware backdoors are cheap and immune to antivirus. A firmware modified OpenWrt based router can provide covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Will a flashlight and a ladder be common tools of computer security someday? After the cybercriminals entered a organization's building, connected a device to the local network and scanned the local network seeking to gain access to the resources, they proceeded to stage three. "Here they logged into the target system and used remote access software to retain access," writes Golovanov. "Next, malicious services created using msfvenom were started on the compromised computer. Because the hackers used fileless attacks (PDF) and PowerShell, they were able to avoid whitelisting technologies and domain policies. If they encountered a whitelisting that could not be bypassed, or PowerShell was blocked on the target computer, the cybercriminals used impacket, and winexesvc.exe or psexec.exe to run executable files remotely."

1 of 43 comments (clear)

  1. It does seem like VPN's are a widespread now... by SuperKendall · · Score: 3, Interesting

    I totally understand why a company would want to put all remote offices into a private company VPN, but it sure seems like it opens them up to physical attacks like this in a way they would not be otherwise... maybe companies should work harder to make everything a worker needs accessible via the internet at large and have a more protected domain that is harder to attack - physical as well as network-wise.

    That would help improve the life of remote workers also, as a happy byproduct.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley