An international band of cyber crooks that worked its way into dozens of banks has experts warning of a “new era” of cyber crime where criminals steal directly from banks instead of their customers.
And the problem could soon spread to other industries, experts warn.
On Monday, Moscow-based security firm Kaspersky Lab released a report showing that a gang of international hackers have stolen as much as $1 billion from 100 banks across 30 countries by installing malware that allowed them to take control of the banks’ internal operations.
While such hacks have been attempted before, the scale and sophistication of the attacks, which spanned several nations over several years, has experts worried that this represents a new trend.
“The recent news of bank thefts around the world is an example of the new normal in terms of cyber attacks leveraging insider threats,” says Eric Chiu, president and co-founder of HyTrust, a cloud services company.
Previously, the biggest cyber threat to banks was of hackers going after customers, including lifting their personal financial information and skimming their cards.
The scheme, which goes back as far as 2013, used phishing and other techniques to infect bank employee computers, and then to spread the virus to entire networks.
Once inside, the hackers would lie in wait, often for months, watching how employees operated until they could figure out how to lift money, often in amounts under $10 million, to an outside account.
They were so good at taking control of the banks’ operations they could remotely dispense cash from ATMs where mules were waiting on the other end. One bank lost up to $7.3 million this way, the report said.
“These thefts are a significant evolution in approach,” says Mike Lloyd of at RedSeal, a security analytics company.
The success of the method could mean it spreads to other industries, warns Michael Daly, chief technology office for Raytheon’s cyber-security business.
“It’s definitely not limited to banks,” says Daly, who said it could happen to any company with business-to-business transactions.
The Kaspersky report declined to name the banks that have been compromised, but said the victims were mostly “Russian-speaking financial institutions.” Still, the problem is global and has targeted banks in China, Ukraine, the U.S., India and Great Britain.
Losses per bank ranged from $2.5 million to $10 million, where it seemed to be deliberately capped, perhaps to avoid detection, the report said. Total financial losses could be as a high as $1 billion, however, “making this by far the most successful criminal cyber campaign we have ever seen,” said the report.
Carbanak is the name given to the malware by Kaspersky Lab.
Source: https://www.usatoday.com/story/tech/2015/02/16/bank-hesit-cybersecurity-kaspersky-report/23509937/