Cybersecurity firm Kaspersky Lab has indicated that a group of international hackers dubbed the Carbanak gang, named after the malware used to infect financial systems, have stolen hundreds of millions of dollars, possibly as much as $1 billion or more in what could be an ongoing heist of “unprecedented” proportions.
Principal security researcher with the company’s global research and analysis team, Sergey Golovanov, referred to the heists as “very slick and profession” while conveying surprise at the fact that “it made no difference to the criminals what software the banks were using.”
These bank heists were surprising because it made no difference to the criminals what software the banks were using […] It was a very slick and professional cyber-robbery.
According to reports, the gang targeted as many as 100 banks, e-payment systems and other financial institutions around the world, effecting financial entities in 30 countries including the United States, China and Russia.
The hackers, which this author doubts you’ll find selling their services on Hacker’s List, launched their cyber-attack with a spear-phishing campaign targeting bank employees with the goal of infecting an employee computer. Once in, the hackers leveraged their access to install spyware which allowed them to remotely monitor and control compromised computers. The culprits then transferred millions of dollars into dummy accounts under their control. Not only that, they also dumped hard currency from cash dispensing machines.
Kaspersky became aware of the incident after a Eastern European bank alerted the company in light of security footage which showed an ATM dispensing cash to a thief who never pushed any buttons nor inserted a bank card. Initially, the antivirus company was under the impression that the ATM was infected, but eventually realized that hackers had taken control of it using the bank’s internal network. Analysis later revealed that the extent of the hack had reached an international level with infections in both regional as well as global banks.
The cyber-security firm can’t release the names of financial institutions infiltrated by the hackers due to a confidentiality agreement.
