Kaspersky Lab experts responded to a group of cyber theft cases targeting financial institutions in Eastern Europe. The researchers found that in each case, corporate networks were accessed by an unknown device controlled by the attackers. These networked devices were sneaking into company buildings. To date, eight banks in the region have been attacked by this method. Tens of millions of dollars were lost as a result of the attacks.

Once the connection is established, the cybercriminals try to access the web servers to steal the necessary data from a particular computer via the remote desktop protocol. Then they commit data theft. This fileless attack method uses the remote launch toolkits Impacket, winexesvc.exe, and psexec.exe. In the final stage, attackers use remote control software to protect their access to the computer they have seized.

What needs to be done to prevent such attacks;

• Physical security systems should be given importance.

• More attention should be paid to monitoring connected devices and accessing the corporate network.

• Network, Security devices in the environment must be positioned correctly.

• Environmental Monitoring and Control Systems, in the simplest sense, should pay attention to monitor certain parameters of the values required.

• Psexec, script etc. In order to prevent the commands from being executed by the end user, the necessary policies must be activated.