Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hardware features in latest bank hacking attempt

Kaspersky Lab UK : 23 September, 2013  (Technical Article)
Kaspersky Lab comments on the use of a combination of hardware and software to gain access to customer records at Barclays bank
Hardware features in latest bank hacking attempt

Following the news that eight men have been arrested in an attempt to steal data from Barclays bank, David Emm, Senior Security Researcher at Kaspersky Lab comments on such attempts at large scale hacking.

Attempts to hack large, financial organisations are certainly nothing new, but the recent attempts to infiltrate Santander and Barclays show different characteristics to that of regular cybercrime.

Like many other hacking attempts, the game plan of the hackers was to get information on bank transactions and customer data held on computers in the bank for financial gain. But the method used was different, making use of both ‘low-tech’ and ‘high-tech’ means, through the use of hardware and software. Hacking attempts to large organisations usually focus mainly on using software e.g. installing Trojans to infiltrate a vulnerable employee’s computer within the organisation, thus giving the cybercriminal remote access to the company’s infrastructure.

In these attacks, a physical breach of security took place before the IT security breach took place. The ‘low-tech’ part of the attack consisted of someone getting physical access to the branch, in order to plant the KVM (keyboard video mouse) device used – the ‘high-tech’ method used. So the starting-point, in both cases, was the use of social engineering to achieve physical penetration of an organisation.

KVM devices have been around for some time now. They allow the use of multiple devices through one keyboard or mouse. The successful fitting of such a device, combined with specific software would give the hackers remote access to that particular computer and any network or information it had access to.

This attempt should remind organisations that a holistic approach needs to be taken toward security. It’s not just the IT security methods that need to be scrutinised, but the people within the organisation as well. With the use of a physical device being planted within the branch, it is clear that organisations need to keep an eye out for physical breaches, as well as software infiltration.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo