Following the news that eight men have been arrested in an attempt to steal data from Barclays bank, David Emm, Senior Security Researcher at Kaspersky Lab comments on such attempts at large scale hacking.
Attempts to hack large, financial organisations are certainly nothing new, but the recent attempts to infiltrate Santander and Barclays show different characteristics to that of regular cybercrime.
Like many other hacking attempts, the game plan of the hackers was to get information on bank transactions and customer data held on computers in the bank for financial gain. But the method used was different, making use of both ‘low-tech’ and ‘high-tech’ means, through the use of hardware and software. Hacking attempts to large organisations usually focus mainly on using software e.g. installing Trojans to infiltrate a vulnerable employee’s computer within the organisation, thus giving the cybercriminal remote access to the company’s infrastructure.
In these attacks, a physical breach of security took place before the IT security breach took place. The ‘low-tech’ part of the attack consisted of someone getting physical access to the branch, in order to plant the KVM (keyboard video mouse) device used – the ‘high-tech’ method used. So the starting-point, in both cases, was the use of social engineering to achieve physical penetration of an organisation.
KVM devices have been around for some time now. They allow the use of multiple devices through one keyboard or mouse. The successful fitting of such a device, combined with specific software would give the hackers remote access to that particular computer and any network or information it had access to.
This attempt should remind organisations that a holistic approach needs to be taken toward security. It’s not just the IT security methods that need to be scrutinised, but the people within the organisation as well. With the use of a physical device being planted within the branch, it is clear that organisations need to keep an eye out for physical breaches, as well as software infiltration.