In spite of the increased online and mobile banking security, more often banks are being targeted by hackers.
A hacking ring dubbed Carbanak made off with up to 1 billion dollar from a number of banks and financial institutions around the world in what would be one of the biggest banking heist known, according to a report published by Kaspersky Lab, a Russian cybersecurity firm.
The Carbanak gang members came from Russia, China, Ukraine and other parts of Europe, and they are still active, it said. “These bank heists were surprising because it made no difference to the criminals what software the banks were using,” said Sergey Golovanov, principal security researcher at Kaspersky Lab’s global research and analysis team. “It was a very slick and professional cyber-robbery.”
The Russian firm further states that the attackers have been active at least since the end of 2013 and hacked more than 100 banks in 30 countries. The hackers gain access to banks’ computers through phishing schemes and other methods. After this, for months together they to learn the banks’ systems by capturing screenshots and taking videos of the workers using their computers, the company says.
After familiarizing themselves with the banks' operations, they use that knowledge to steal money without letting anyone know about it. They program ATMs to dispense money at specific times or set up fake accounts and get the money transferred in those accounts, according to Kaspersky.
The hackers seem to restrict their theft amount to just $10 million before moving on to another bank, one of the main reasons why the fraud could not be detected earlier, Kaspersky principal security researcher Vicente Diaz said.
The attacks seem unusual because the banks are being targeted rather than customers and their account information, Diaz said.
“In this case they are not interested in information. They’re only interested in the money,” he said. “They’re flexible and quite aggressive and use any tool they find useful for doing whatever they want to do.”
Maximum numbers of theft have taken place in the U.S., Russia, China, Ukraine and Germany, even though the hacking ring may be expanding across Asia, the Middle East, Africa and Europe, Kaspersky says.
In one instance, a bank lost $7.3 million through ATM fraud. In another case, 10 million dollar was stolen from a financial institution by the hackers exploiting its online banking platform.
The report is set to be presented at a security conference in Cancun, Mexico on Monday.