Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Network Security Software The Almighty Buck Hardware Technology

Eastern European Banks Were Attacked Via Backdoors Directly Connected To Local Networks, Report Finds (securelist.com) 43

An anonymous reader writes: Karspesky security researcher Sergey Golovanov writes about recent cybertheft incidents involving hardware backdoors planted by criminals. Each attack had a common springboard: an unknown device directly connected to the company's local network. In some cases, it was the central office, in others a regional office, sometimes located in another country. At least eight banks in Eastern Europe were the targets of the attacks, which caused damage estimated in the tens of millions of dollars. Hardware backdoors are cheap and immune to antivirus. A firmware modified OpenWrt based router can provide covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Will a flashlight and a ladder be common tools of computer security someday? After the cybercriminals entered a organization's building, connected a device to the local network and scanned the local network seeking to gain access to the resources, they proceeded to stage three. "Here they logged into the target system and used remote access software to retain access," writes Golovanov. "Next, malicious services created using msfvenom were started on the compromised computer. Because the hackers used fileless attacks (PDF) and PowerShell, they were able to avoid whitelisting technologies and domain policies. If they encountered a whitelisting that could not be bypassed, or PowerShell was blocked on the target computer, the cybercriminals used impacket, and winexesvc.exe or psexec.exe to run executable files remotely."
This discussion has been archived. No new comments can be posted.

Eastern European Banks Were Attacked Via Backdoors Directly Connected To Local Networks, Report Finds

Comments Filter:
  • by SuperKendall ( 25149 ) on Thursday December 06, 2018 @05:32PM (#57762620)

    I totally understand why a company would want to put all remote offices into a private company VPN, but it sure seems like it opens them up to physical attacks like this in a way they would not be otherwise... maybe companies should work harder to make everything a worker needs accessible via the internet at large and have a more protected domain that is harder to attack - physical as well as network-wise.

    That would help improve the life of remote workers also, as a happy byproduct.

    • by kiviQr ( 3443687 )
      Better question is why they are on the same network. Office and bank networks should have been separated.
    • The point is, you can't trust something just because it is on the LAN. If you understand that, then a VPN increases security. If you don't, then it decreases it.

      Same with most tools, really.

      • The point is, you can't trust something just because it is on the LAN.

        I agree but how long does that ever really hold in any large company?

        Over time a LOT of stuff will grow in any company to lazily trust the LAN, or at least they sure will not think about attacks from that vector nearly as hard as the firewall guys.

        If you have to make those things open to outside use the whole chain gets a lot more thought applied as to access security. Otherwise server after server gets thrown up with minimal access prot

    • "I totally understand why a company would want to put all remote offices into a private company VPN"

      But the key of this attack was not VPN, the general concept. It was physical access coupled to "... malicious services created using msfvenom [...] If they encountered a whitelisting that could not be bypassed, or PowerShell was blocked on the target computer, the cybercriminals used impacket, and winexesvc.exe or psexec.exe to run executable files remotely."

      Or, in other words, another Windows-vector attack

  • Windows never followed the least privilege principle.
  • by bobstreo ( 1320787 ) on Thursday December 06, 2018 @06:13PM (#57762874)

    Security 101, deny unauthorized hardware from connecting to the local network, either hardwired or via WIFI. Especially when having anything to do with banks. Going cheap never works well with networking that should be "secure".

    Switches and access points are pretty trivial to setup to deny access.

    • by Anonymous Coward

      Denying unauthorised hardware connection to the corporate network is fine - until the CEO can't connect his new iPad.

  • When you design a network, some basic concepts can really help when it comes to security. If you use a locked down DHCP system where the hardware MAC address of all approved machines is used, you assign an IP address from the DHCP server ONLY to those machines that are supposed to be there. New equipment must have that MAC address logged. Locking access to select IP addresses, and testing any connected equipment for MAC addresses that are not known would find the unauthorized devices.

    So, who designed

  • This is why you only enable switch ports for authorized devices. plug in what ever you want, without me there to enable the port on the switch your device is gonna be pretty useless.
  • Check out this video:

    https://youtu.be/r-7lUgpemqc [youtu.be]

    Along with showing how this is done, heâ(TM)s a great speaker.

    Min

No spitting on the Bus! Thank you, The Mgt.

Working...