Hundreds of banks hit by $1 billion hack

Attacks last two to four months

Bank ATM

A sophisticated hacking group has been attacking banks all over the world for two years with $1 billion (around £655 million, or AU$1.28 billion) missing from accounts.

Eastern European cyber criminals managed to steal from financial institutions across the planet in a sustained hacking campaign against sensitive government and industrial targets.

Researchers from Kaspersky Lab reported that the attacks by the Carbanak hacking gang have been going on for two years, targeting banks, epayment services and other organisations in almost 30 countries worldwide including the US, UK and Australia.

What makes the attack unique is that it didn't target the individual end user like many past operations and instead went straight to the banks themselves.

Hackers first gained access to the affected systems through a spearphishing email that contained a .CPL attachment and in some cases a Microsoft Word document was used. From here they lay silently in the bank networks to gain a network foothold and made video recordings to find out how banking systems worked.

Money Mules

Kaspersky reported that, although the video quality was poor, cyber criminals were able to gain enough know-how to pilfer money in a number of ways including taking remote control of ATMs and using "money mules" to collect it and dispense it into their accounts using SWIFT.

The operation is still ongoing and it's estimated that each robbery takes between two and four months between the time of infection to the eventual theft.

Via: Threat Post

Article continues below