“Security experts have uncovered a major targeted attack campaign in which criminals infiltrated around 100 banks worldwide and made off with up to $1bn over a two-year period.
Interpol, Europol, local law enforcers and Kaspersky Lab worked together on the case.
They estimate that the hackers – who hail from Russia, Ukraine, Europe and China – stole up to $10m per raid, with each attack lasting between two and four months.
The attacks are said to begin with a classic spear phishing email sent to a bank employee, infecting them with the Carbanak malware.
Once in the bank’s internal network, the hackers searched for administrator machines which allowed them to monitor cash transfer activity. They were then able to mimic that same activity at a later stage to transfer money out to themselves, according to Kaspersky Lab.
Sometimes they used online banking or international e-payment systems to transfer the funds out to accounts in the US and China.
On other occasions they would hack a victim bank’s accounting systems, inflating customers’ account balances by adding some extra zeros and then stealing the extra funds via a fraudulent transaction.
A third method of stealing cash was apparently to program specific ATMs to dispense money at certain times and then arrange for a gang member to collect it.”
Read more>>
