Russian-based security firm Kaspersky Labs recently released a report that an international hacking ring has stolen as much as $1 billion from more than 100 banks in 30 countries. The report was first delivered to The New York Times and details how the hacker group, which contains members from Russia, China and Europe, has been actively stealing from banks since of late 2013.
According to the report, in order to pull this off the hackers used sophisticated malware (dubbed ‘Carbanak’) which enabled them to withdraw funds and dispense cash from ATM machines without even coming into physical contact. The “ring-leaders” then sent “mules” to said machines to pick up the stolen cash at specified times. The hacking group also deliberately limited their theft to roughly $10 million per bank, as to avoid detection.
The attack is unique in that it appears the cyber-criminals were not at all interested in personal customer information, but instead focused their attention to the institutions themselves. Usually, hackers try to steal customer data from people like you and me through security exploits found in a company’s technological infrastructure. Hackers then use that information to withdraw/transfer funds from your personal account to wherever they see fit. In this case the hackers bypassed that step completely and instead went right after the banks themselves. In short, these hackers wanted money, not data.
“The ‘Carbanak cybergang’ operation reported by Kaspersky is no doubt the most daring, most sophisticated, and potentially the most damaging cybercrime directly against banks up to date” said Fengmin Gong, chief strategy officer at Cyphort.
Although a growing global problem, the Kaspersky report noted that most of the victims were “Russian-speaking financial institutions”. Kaspersky did not identify the banks and is still working with law-enforcement agencies to investigate the attacks, which the company says are ongoing. No banking institutions have publicly acknowledged the theft as of yet, though the report claims that losses per bank have ranged from $2.5 million all the way up to $10 million.
Up until now, the primary victims of these attacks have been the consumers. This coordinated strategy on financial institutions foreshadows an increasing sophistication of underground hacking rings and their understanding of organized crime as a whole. Think about it for a second. The same way a gang-member can start as a petty criminal, then grow and adapt to become a full-time felon, hackers too can start out by stealing data or intercepting communications, then eventually grow and learn to take down an entire infrastructure for malicious gains.
One of the major problems is that far too many companies are downplaying the risk of damage that a cyberattack can cause on both their internal and external systems. CHIPS Technology Group knows this is one of the most important risks for companies of all sizes. We send out security news and updates to our clients and proactively make suggestions to minimize risks. CHIPS helps our clients with security strategies whether it’s with our staff or a third-party provider. Your data is your most important asset, isn’t it time you treated it as such?
