It's being billed as the largest data heist in the history of banking. And it may not yet be over. Reports published recently in various media outlets revealed that at least 100 banks in 30 countries were hit with malware that resulted in hundreds of millions of dollars in losses. However, no banks have yet revealed whether they were hit. The reports were based on information released by Kaspersky Lab, a Russian-based security firm. Kaspersky said it was called in to investigate possible network breaches after ATMs in Kiev began dispensing cash at seemingly random times throughout the day. Kaspersky said it can't be sure, but based on experiences of its clients, it said it expects losses at the defrauded banks to exceed $1 billon.
Most of the banks hit by the attack were located in Russia, although banks in the United States, Europe and Japan also were hit, according to Kaspersky. The group of attackers is believed to have penetrated the banks' internal systems with Word documents attached to phishing emails. Once there, they allegedly placed malware that enabled them to record daily transfers and bookkeeping routines on the infected networks.
Eventually, members of the group used that information to impersonate bank officers, transferring millions of dollars at a time into dummy accounts at other institutions and dispensing large sums of cash through ATMs. In an apparent attempt to escape easy notice, the gang limited transfers to $10 million.
Security experts believe the attacks – orchestrated by a group dubbed the Carbanak cybergang, named for the malware it used – should serve as a wake-up call to banks and other enterprises. Long-trusted detection technologies are no match for sophisticated web-born malware.
Indeed, The Challenge of Preventing Browser-Borne Malware, a study conducted by Ponemon Institute LLC and released on Feb. 2 by Spikes Security Inc., suggested web-born malware is the fastest growing data security threat to enterprises. Internal systems at as many as 75 percent of large firms Spikes recently surveyed have been infected, the security firm said. Companies surveyed averaged 51 breaches apiece in just 12 months, at a cost of about $62,000 per breach.
"With attacks like this easily evading detection, this attack serves as a stark reminder that it is unwise to shift the focus from prevention solely onto reactive things like information sharing," said Branden Spikes, the firm's Chief Executive Officer and founder. His comments refer, in part, to a message delivered last week by the White House calling for greater information sharing between banks and other enterprises to combat cyberattacks.
At a Feb. 13 summit that drew more than 1,000 executives, government officials and technology heavyweights to Palo Alto, Calif., President Barack Obama officially laid out the federal government's cybersecurity game plan going forward. That plan includes proposed new laws that would facilitate greater information sharing and work efforts between and within the public and private sector to combat cyber threats.
"Grappling with how government protects the American people from adverse events, while at the same time making sure the government itself is not abusing its capabilities is hard," the President told the group. And he likened the Internet to the Wild, Wild West.
Although no banks have spoken publicly about the news or whether they were hit by the Carbanak cybergang, some published reports have pointed to several large money center banks as places where dummy accounts were set up to receive fraudulent wire transfers.
John Gunn, Vice President of Vasco Data Security International, warned that large banks are not the only targets of malware attacks. Headquartered in Chicago, Vasco specializes in authentication and e-signature security. "It's worth remembering that local banks and credit unions are also targets because they have weaker defenses than large banks," Gunn said. "As the largest institutions spend more and increase their defenses even further, hackers will be forced to move down the food chain."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next