Carbanak cybergang swipes over $300 million from banks

Pierluigi Paganini February 15, 2015

Kaspersky discovered that a multinational gang of hackers dubbed Carbanak cybergang has stolen at least $300 million from 100 financial institutions.

A group of cybercriminals used a malware to steal at least $300 million from banks and other financial institutions worldwide, according to a report published Saturday by The New York Times.

The hackers have named the criminal crew “Carbanak cybergang” because of the name of the malware they used. The majority of victims were hit are in Russia, but the malware hit also banks in Japan, Europe and in the United States. The Kaspersky firm could not release the names of the banks because of nondisclosure agreements, but according the experts this malware based attacks could be one of the biggest bank thefts ever.

Researchers at Kaspersky Lab that investigated the cyber attacks will provide a detailed report on their findings next Monday, the document was sent in preview to The New York Times.

The experts discovered that the hackers hit more than 100 institutions in 30 countries, the attacks started in 2013 and may still be ongoing.

“In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.” reported the New York Times.

Kaspersky has evidence of thefts accounting for $300 million, but experts speculate that the overall amount maybe three times in value. And the attacks may still be happening.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.” Chris Doggett, managing director of the Kaspersky Lab North America market, explained the Times.

Which is the attack scenario?

The infection started with a classic spear phishing attack that allowed Carbanak cybergang to compromise banks’ computer systems. The malicious emails included a link that once clicked triggered the download of the malware.

The malicious code was used by the hackers of the Carbanak cybergang to gather information on the targeted bank, for example, to find employees who were in charge of cash transfer systems or ATMs. In a second phase of the attacks, the hackers installed a remote access tool (RAT) to control the machines of those employees. With this tactic the Carbanak cybergang collected imagines of victims’ screens and study what their daily activity in the bank. At this point the hackers were able to remotely control the ATMs to dispense money or transfer money to fake accounts.

Carbanak cybergang NYT

“The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.

Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries.” reported the New York Times

The managing director of the Kaspersky North America office in Boston, Chris Doggett, explained that the “Carbanak cybergang,” represents a significant increase in the sophistication of cyberattacks against financial organizations.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.

The US authorities and Interpol with the support of the Kaspersky Lab are already coordinating their efforts in a joint investigation.

“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” said Sanjay Virmani, director of Interpol Digital Crime Center. “It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”

Waiting for public disclosure of the report, Stay Tuned …

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  bank hacking, Carbanak cybergang)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment