Recently, it was discovered that a group of hackers have reportedly stolen almost $1 billion from 100 banks in over 30 countries in a cyber-theft that has been going on for the past 2 years – making this the biggest bank heist in history.
According to a report by cybersecurity firm Kaspersky Lab, the attacks are believed to be orchestrated by a hacking ring working out of Russia, Ukraine and China named “Carbanak cybergang.” Most of the banks that were breached were Russian, but the 30 other countries effected include Japan, Europe and the United States. The group deceptively limited the theft at each bank to $10 million to help avoid detection which exhibits the expertise of this particular ring of hackers. According to Chris Doggett, managing director of Kaspersky’s North America office, “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”
Each bank theft took between two to four months to complete. First, the hackers gain access to the bank’s computers using malware that gives them access to video surveillance feeds. Then, they familiarize themselves with the daily activities of employees and day-to-day operation of the bank so when they are ready to complete the theft, they can disguise it as a routine transaction.
The actual theft was done in a couple of different ways. Some used the online banking facility to transfer money to fake accounts, and others hacked the bank’s ATMs network directly.
One major factor that allowed the group to execute this attack is the ability to move about their target’s system like a regular user. They were able to monitor the bank’s regular user activity to mimic it as closely as possible. What’s even more alarming is the months they had to monitor the bank’s user activity. As we’ve said in the past, hackers generally need to spend months in your system in order to be successful, and the longer they have the more potential there is for loss or damage.
It wasn’t until two years after the breaches had taken place, that the banks finally became aware of this hack only after Kaspersky released a briefing. None of the bank names were revealed as the investigation into the attacks – and the attacks themselves – are still ongoing.
For financial institutions, these attacks represent a growing trend that should concern all security professionals. The recent hacks of JP Morgan and Morgan Stanley, while damaging, did not compare to the sophistication or the cost of this most recent attack. Hackers are quickly learning that the most effective way to perform an attack is to attain user credentials to gain access to your systems. Security professional need to address this threat with strategies that anticipates these user-centric hacks.
To learn about how to mitigate user-based risk, please take a look at “Your Users: Gateways to Risk.”
Subscribe to the Proofpoint Blog