$1bn hack heist: Kaspersky Lab exposes massive bank attack, describes scheme to RT

Reuters / Neil Hall
The hacker network behind an unprecedented $1 billion attack on banks took control of financial systems by first sending out emails with malware Word files, RT found out from an expert at the Russian cybersecurity firm which revealed the crime.

While the majority of around 100 robbed banks are in Russia, financial institutions were also targeted in Japan, the Netherlands, Switzerland and the US.

The already-confirmed cases of hacking have cost banks some $300 million, according to Kaspersky Lab.

READ MORE: Hackers steal ‘$300 million in 100 banks’ in massive heist

The overall damage could be near $1 billion,” Kapersky Lab expert Sergey Lozhkin told RT over the phone. “Each of the [attacked] organizations could have lost an estimated $10 million.”

Among various means of getting into banks’ systems, perpetrators used fake emails from genuine financial institutions, including the Central Bank, with Microsoft Word attachments.

If a victim who received the letter, a bank employee, had old software, then the system’s vulnerability allowed for the malware to infect the computer,” Lozhkin said.

After that, a number of sophisticated means would let the hackers first learn how that particular employee was working with the bank’s internal programs, than move from one computer to another and eventually gain full access to the bank’s entire system.

They were then remotely making the banks transfer money to ATMs, so that certain people could then come up to those ATMs and pick the money. Someone was waiting by an ATM for the money to be spitted out [sic],” Lozhkin said.

Something went wrong with the scheme in Ukraine. No one would come for the cash that was suddenly coming out of an ATM. That was exactly when Kaspersky Lab was invited to look into the matter. That little clue eventually gave away the whole of the attack, which was first reported by the New York Times.

READ MORE:‘Many major states lack the expertise to prevent cyber-terror’ – security chief

The names of the banks affected have not been disclosed. Lozhkin believes they are largely to blame for what happened.

When it comes to cyber-infrastructure, then even the largest banks are not always careful enough to merely update the software their employees use,” he said. “Sometimes they just forget about it or don’t think [its] important and so the malware can use the system’s vulnerability to penetrate it. That’s the way we see it.

Kaspersky Lab is continuing its investigation of the attack.