In just one year, Internet security firm Kaspersky Lab, said that Hackers have stolen approximately $1 billion in what could be one of the largest bank heists ever.
Kaspersky said, weekend, that it has uncovered how hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft.
More than 100 banks were hit, Kaspersky said, and based on the hackers’ practice of stealing between $2.5 million and $10 million from each bank, it estimated total financial losses could be as a high as $1 billion, making this by far the most successful criminal cyber campaign ever seen.
Although Kaspersky did not name the banks involved, it however said they are institutions located in 25 countries, including the United States.
It also said the attacks still remain active and provided tips for bank officials to determine if their computers are vulnerable.
The hackers according to Kaspersky were traced to Russian, Ukranian, Chinese and European areas. They did not particularly major on individual accounts but where individual thefts involved, they were no more than $10 million apiece.
Kaspersky called the malware “Carbanak” and said it provided the hackers the ability to watch bank employees conduct their business.
“This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems. In this way the fraudsters got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out.”
After penetrating a bank’s computer systems, the hackers lurked for two to four months before striking in one of several ways, like changing an account balance, then transferring the excess funds into their own accounts.
They also spewed cash out of ATMs when one of the gang’s henchmen was waiting beside the machine to collect the money.”