A cyber gang consisting of members from China, Ukraine and Russia conducted a cyber robbery targeting up to 100 banks, financial institutions and e-payment systems around the globe, stealing over $1 billion.
The investigation carried out by Kaspersky Labs, Interpol, and Europol revealed the money was stolen in attacks carried out since 2013. Criminals took between 2-4 months (on average) to attack a bank and steal $10 million from each bank.
The criminal gang, known as ‘Carbanak’, is believed to be an international group from the 3 countries. They use a range of digital weapons to conduct attacks that take 2-4 months from the point of infiltrating the computer through to stealing the cash.
The criminals gain access to the network before mimicking legitimate actions of employees in an attempt to pilfer funds. Criminals conduct spear-phishing attacks involving targeted emails hosting malicious software in the form of attachments and links sent to the employees of banking and financial institutions.
Kaspersky Lab stated that it had seen evidence of $300 million in theft via clients, and believes that the actual total stolen could be 3 times of that. Banks in 30 countries including Canada, the US, Germany, China and Russia were targeted; this is thought to be one of the largest attacks on banking institutions ever.
Sergey Golovanov, principle researcher at Kaspersky Lab, stated:
“These bank heists were surprising because it made no difference to the criminals what software the banks were using. It was a very slick and professional cyber robbery.”
This time around, criminals stole money from banks directly in contrast to previous methods of targeting customers. They utilized malware that enabled them to record and see everything that was happening on employees’ computer screens (this enabled cyber criminals to learn how different banking clerks were behaving before they mimicked their activity to transfer funds).
Also, they programmed ATMs to dispense cash at pre-defined times automatically while a gang member stood nearby to collect the loot , as well as set up fake accounts for money transfer. Kaspersky Lab has not revealed any names of the banks who suffered an attack due to nondisclosure agreements.
Mitigating damage and preventing attacks
Financial Services Information Sharing and Analysis Center stated that their members are taking appropriate actions to detect and prevent such attacks and mitigate their effects on customers.
What financial institutions need to do is to develop a common cyber education policy for highlighting the dangers of phishing attacks, which could involve educating employees on how to detect emails containing malicious links.
Additionally, the institutions can also leverage Massive’s Anti Money laundering Feed for compliance purposes. This feed includes a constant intel stream of underground money mule profiles for banks, credit scoring firms and risk management. This would help banks avoid heavy fines from regulators such as FCA and FCC for hosting money mules and letting them go undetected. Malicious Hosts and IP Feeds can further help detect any compromise or infection of employee devices, compromised accounts and company profiles, and infected networks.