$1 Billion Stolen From Banks In Cyber Attack
This blog post was originally written on February 22, 2015 for coursework for the UWaterloo Computer Science course CS 458: Computer Security and Privacy
Recently, Kaspersky Labs, along with European cybersecurity authorities, uncovered an ongoing theft of over a billion dollars from financial institutions across the globe. The Carbanak criminal gang, hailing from various regions around the globe, including Eastern Europe, Russia and China, is allegedly responsible for this cyberattack.
Why is it important?
Not only did the attack steal up to 10 million dollars in each individual raid, the attacks took between two to four months, and went undetected during that time. The attackers were able to gain access to the internal network(s) of the banks, and subsequently, to the video surveillance systems, which allowed them to spy on bank clerk screens. Not only does this attack impact the affected institutions financially, it also opens up a major privacy concern for bank employees regarding confidential information.
Who is affected?
The bank institutions who are attacked are losing money through fraudulent financial transactions. In additional, bank employees of affected institutions are now being observed illegally by a third-party, and the information can potentially be used for leverage.
The impact on people?
The account holders at affected banks are unable to verify if their account has been involved in a fraudulent transaction. This is alarming because not only is the bank under attack, it’s customers are also unable to verify if their particular bank/accounts have been compromised.
How does it work?
The attackers start by infecting the target financial institution’s internal network with the Carbanak malware. The money is stolen by mimicking the actions of the clerks who are being spied on through the surveillance system.
The attackers were able to transfer money directly from the banks’ accounts to their own (at other banks and/or other countries) through electronic payments. They also inflated legitimate accounts before transferring (and deducting) from them. Last, but not least, bank ATM machines were infected and scheduled to release a certain amount of cash at particular times, so that the money could be physically picked up.
How can similar problems be prevented?
Banks should routinely start inspect their networks and machines for signs of malware, especially the Carbanak malware. In addition, they should reconsider the security of their video surveillance system.
The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide