It seems that a criminal group tried to access Santander via a remote device. The social engineering bit was a phoney third party engineer who was able to gain access to the branch computers and install a device (apparently a KVM “keyboard video mouse” switch) that would have been able to allow remote access to the computers.
KVM switches are mainly used in server rooms to allow one monitor to access multiple servers located in one rack. Sometimes users will have switches like this if they have more than one physical computer but only one monitor. One question here is where the device was installed. Of course the most pertinent question is how the engineer gained access to the branch.
Luckily for Santander the device was never activated and that could have been down to internal procedures regarding the release of kit into live environments…as it stands we do not know.
As the story is still breaking, and although the perpetrators are in custody, there are questions here that need to be addressed and evaluated to ensure that banks, and other businesses that use third party companies to support their ICT infrastructure have the right measures in place to prevent such an occurrence.
What these are will be dependent on the company but there are some fundamentals that every company can follow…
- Due diligence on the third party company
- Be wary of unsolicited visits
- Do not give any information out to anyone unless you are satisfied (and verified) their authority
- Train your staff on how to deal with social engineers and more importantly to identify such attacks.
This is a good starting point (which also deals with phishing attacks) –