Attacking from inside, cyber crooks rake in millions from banks

Crooks stole tens of millions of dollars from banks with hacks involving hidden devices and direct connections to local networks.

Attacking from inside, cyber crooks rake in millions from banks
Thinkstock
Current Job Listings

Kaspersky Lab researchers revealed that cyber-crooks stole tens of millions of dollars by hacking Eastern European banks through direct connections to local networks. At least eight banks, dubbed collectively as DarkVishnya, were targeted.

Cyber-criminals pulled off the heists by first entering banks under the guise of couriers, job seekers, or something similar and left behind hidden devices, such as Bash Bunny, Raspberry Pi, inexpensive laptops, or netbooks.

The second stage of the attack involved attackers remotely connecting to the rogue device left behind via a built-in or USB-connected GPRS/3G/LTE modem to scan the local network, harvest information, and brute-force login data. They got around firewalls by planting shellcodes with local TCP servers.

The final stage involved fileless attacks. Kaspersky Lab said that thanks to the use of fileless attacks and PowerShell, the crooks were able to avoid whitelisting tech and domain policies.

Other cybersecurity news:

Sextortion scams with a side of ransomware

Proopoint researchers warned that cyber jerks have a new sextortion scam that persuades victims to download a video of whatever compromising activities they allegedly did. And instead of getting a video, they get a zipped file that contains malware that ultimately leads to the victim being infected with GandCrab ransomware.

Linux.org hijacked, 21 new Linux malware families discovered

Linux.org was hijacked by Twitter user @kitlol5. Administrator Mike McLagan said the linux.org DNS was pointed at the attacker’s Cloudlare account, but the servers were “untouched and no data was leaked.” He promised to add multifactor authentication.

Speaking of Linux, the security firm ESET released a report detailing 21 new Linux malware families (pdf).

DEA audio and video surveillance to be hidden in Shop-Vac

The DEA has a new form of surveillance, having awarded a $42,595 contract to “Special Services Group” for spycams to be put in Shop-Vacs. While it is unclear if the heavy-duty vacuums in question are actual Shop-Vacs or another brand, the type of camera hoovering audio and video surveillance for the DEA is a Canon VB-M50B.

Australia passed a highly controversial anti-encryption law

Australia apparently also has no love for privacy. (Why invade the privacy of few when you can spy on everyone?) The country passed a highly controversial anti-encryption law. The Assistance and Access Act will require tech companies to provide Johnny Lawman and security agencies with access to encrypted communications.

U.S. Energy and Commerce Committee released cybersecurity strategy report

Rep. Greg Walden (R-Ore.), chairman of the House Energy and Commerce Committee, released a cybersecurity strategy report (pdf), which laid out six priorities:

  1. The widespread adoption of coordinated disclosure programs, to ultimately lead to better cybersecurity
  2. The implementation of software bills of materials across connected technologies
  3. The support and stability of the open-source software ecosystem
  4. The health of the Common Vulnerabilities and Exposures (CVE) program
  5. The implementation of supported lifetimes strategies for technologies
  6. The strengthening of the public-private partnership model

NHS banned from buying fax machines

Meanwhile in the U.K., the NHS was told to kick the archaic fax machines on which it still relies to the curb. In July, it was determined that the NHS uses 9,000 fax machines across England. The agency will be banned from buying fax machines starting next month. All of those government fax machines are to be phased out by March 31, 2020.

Feds looking into the millions of anti-net neutrality comments posted on FCC’s site

The Justice Department via the FBI is reportedly investigating the millions of anti-net neutrality comments posted on the FCC’s website. The feds are trying to determine if “crimes were committed when potentially millions of people’s identities were posted to the FCC’s website without their permission.”

This news came to light after the FCC ruled not to release records requested via Freedom of Information requests. After the decision, FCC Commissioner Jessica Rosenworcel asked (pdf) what the FCC was hiding as instead “of providing news organizations with the information requested, in this decision the FCC decides to hide behind Freedom of Information Act exemptions and thwart investigative journalism.”

Microsoft issues call to action to governments over facial recognition tech

Microsoft President Brad Smith urged governments across the globe in 2019 to start adopting laws to regulate facial recognition technology. The three biggest problems needing addressed, according to Smith, are making sure facial recognition tech isn’t biased and violating laws prohibiting discrimination, that the use of this tech doesn’t lead to “new intrusions into people’s privacy,” and that the tech isn’t used by government’s for mass surveillance that would “encroach on democratic freedoms.”

24 Amazon warehouse workers hospitalized after robot tears open bear repellent spray

Twenty-four Amazon workers in New Jersey were hospitalized after a robot damaged a 9-ounce aerosol can of bear repellent spray in a warehouse. The main ingredient is pepper spray. The 24 hospitalized workers were treated at five local hospitals and were expected to be released within 24 hours.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.