Advanced Malware Steals Millions from Banks
Sophisticated malware has attacked hundreds of banks in 30 countries enabling hackers to steal hundreds of millions of dollars. Security firm Kaspersky says that they have initially discovered this theft which first started in 2013 and supposed to be one of the largest in history.
In late 2013, Kaspersky was called to Ukraine to investigate an issue regarding a local ATM which had strangely started dispensing cash randomly whole day and found the theft.
The security vendor dubbed the criminal gang, “Carbanak” which seems to be a group of cybercriminals from Ukraine, Russia and other parts of China and Europe.
It found that the bank’s problem was least caused by the ATM machines. The crisis was basically generated due to the internal computers of employees who process daily transfers and do bookkeeping as they had been infected with malware permitting cybercriminals to record their every move.
Hackers had been getting video feeds and images for months enabling them to keep an eye on the infected banks. Once they had become aware of employee’s behavior, they could process transactions which would look similar to everyday business.
They then used the malware to transfer millions of dollars from banks in Japan, Russia, the Netherlands, Switzerland and the U.S. to their “dummy” accounts in other countries.
Kaspersky Lab analysed and said that the Carbanak attackers are trying to expand their operations to other Baltic and central Europe countries, Asia, Africa and the Middle East.
Arstechnica.com published news on 15th February, 2015 quoting Chris Doggett, Security Researcher of Kaspersky, as saying “This is most sophisticated attack in the world till date in terms of methods and tactics adopted by cybercriminals to remain covert.”
Securityweek.com reported on 15th February, 2015 quoting a comment of Dwayne Melancon, CTO of Tripwire, as “This is really a matter of worry that even sophisticated enterprises easily overlook the damages happening to their cyber infrastructure. Malware leaves behind a sign when it compromises a system including custom malware. It is unfortunate that most of the times that sign are not noticed because enterprises have not established a baseline or known good state and are not constantly monitoring for modifications to that baseline.”