Hit By CyberHeist
A multinational gang of CyberCriminals has stolen as much as $1 billions from as many as 100 financial institutions across the world, including Canada and the US.
This was a highly sophisticated operation that managed to stay inside bank networks for a very long time…
Antivirus developer Kaspersky’s publication on Feb. 16, 2015, revealed details on what is likely the biggest cyberheist ever.
The CyberCriminals used carefully crafted emails
to trick pre-selected employees into opening malicious software files,
a common technique known as spear-phishing.
The opened software files infected their workstations. Once the CyberCriminal had access, they roamed the internal network freely, until they tracked down administrators’ computers for video surveillance. They studied how the bank clerks worked, and were then able to mimic their activity and tell ATMs to dispense cash to a gang member at a pre-determined time, or transfer larger amounts to accounts located all over the world. In some cases, they inflated account balances before pocketing the extra funds through a fraudulent transaction. Because legitimate funds were still there, the account holder would not suspect a problem.
Kaspersky reports evidence of theft in the amount of $300 million. The NY Times reports thefts could add up to 3 times that amount, likely exceeding $1 billion.
Chris Doggett, from Kaspersky North America, told the NY Times, “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”
The CyberGang, dubbed the “Carbanak CyberGang” by Kaspersky because of the malware they used, appears to be the first international CyberMafia: a group of CyberCriminals from Russia, Ukraine and other parts of Europe and China.
Kaspersky could not release the names of the banks because of nondisclosure agreements, but reports they were in Russia, Japan, Europe, The Netherlands, the US, and Canada. NY Times states that The White House and FBI have been briefed on Kaspersky’s findings. Interpol and Europol are coordinating the investigation.
Sanjay Virmani, director of Interpol Digital Crime Center said in a statement prepared by Kaspersky,
“These attacks again underline the fact that criminals will exploit any vulnerability in any system. It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”
Kevin Mitnick, KnowBe4’s Chief Hacking Officer tweeted,
“Even after 20 years, social engineering is still the easiest way into a target’s network and systems, and it’s still the hardest attack to prevent.”