Over the weekend Russian computer security company Kaspersky Lab revealed that a multinational group of cybercriminals has stolen as much as $1 billion from as many as 100 financial institutions around the world. Kaspersky Lab is currently working with Interpol, Europol and other authorities to try and uncover more details on what they are calling The Great Bank Robbery.
The group known now as Carbanak is said to have members from Europe, Russia, Ukraine and China. The group used carefully crafted e-mails to trick pre-selected employees into opening malicious software files. This is commonly known as spear phishing. This gave them access to the banks network and then allowed them to use the computers for surveillance. The surveillance was used to find out how the bank clerks worked and their process of transferring money etc.
Once they had all of the information they needed they then proceeded to create fake bank accounts on inflate current accounts, then when the accounts were drained the owner of the account would not notice the funds missing. The group also gained remote access to ATMs where they would send a remote command for the ATM to dispense money and someone would go pick it up.
Kaspersky Lab has said that up to 100 financial institutions have been hit and losses per bank range from $2.5 million to $10 million. Total financial losses could be as high as $1 billion, making this the most successful criminal cyber campaign Kaspersky has ever seen!
“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” Sanjay Virmani, director of Interpol Digital Crime Center, said in a statement prepared by Kaspersky. “It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”