$1bn hack heist: Kaspersky Lab exposes massive bank attack, describes scheme to RT
While the majority of around 100 robbed banks are in Russia, financial institutions were also targeted in Japan, the Netherlands, Switzerland and the US.
The already-confirmed cases of hacking have cost banks some $300 million, according to Kaspersky Lab.
“The overall damage could be near $1 billion,” Kapersky
Lab expert Sergey Lozhkin told RT over the phone. “Each of
the [attacked] organizations could have lost an estimated $10
Among various means of getting into banks’ systems, perpetrators used fake emails from genuine financial institutions, including the Central Bank, with Microsoft Word attachments.
“If a victim who received the letter, a bank employee, had old software, then the system’s vulnerability allowed for the malware to infect the computer,” Lozhkin said.
After that, a number of sophisticated means would let the hackers first learn how that particular employee was working with the bank’s internal programs, than move from one computer to another and eventually gain full access to the bank’s entire system.
“They were then remotely making the banks transfer money to
ATMs, so that certain people could then come up to those ATMs and
pick the money. Someone was waiting by an ATM for the money to be
spitted out [sic],” Lozhkin said.
Something went wrong with the scheme in Ukraine. No one would come for the cash that was suddenly coming out of an ATM. That was exactly when Kaspersky Lab was invited to look into the matter. That little clue eventually gave away the whole of the attack, which was first reported by the New York Times.
The names of the banks affected have not been disclosed. Lozhkin
believes they are largely to blame for what happened.
“When it comes to cyber-infrastructure, then even the largest banks are not always careful enough to merely update the software their employees use,” he said. “Sometimes they just forget about it or don’t think [its] important and so the malware can use the system’s vulnerability to penetrate it. That’s the way we see it.”
Kaspersky Lab is continuing its investigation of the attack.