GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Leasing 2.0 – An old tradition gets a new look

News

Industry Update

AmEx to appeal court ruling on merchant steering

Massive hack siphons nearly $1 billion from banks worldwide

EMV, interchange concern ATM deployers

Costco, JetBlue disengaged with AmEx

Trade Association News

Features

Mobile poised for online growth

Use newsletters for customer retention

Views

Remote capture is for more than just checks

Patti Murphy
ProScribes Inc.

Paradigm shift on portfolio ownership

Alex Nouri
EFT Direct

Education

Street SmartsSM:
Keep calm and process on

Tom Waters and Ben Abel
Bank Associates Merchant Services

ISO third-party integrations and data sharing

Adam Atlas
Attorney at Law

How do you decide which terminals belong in your toolbox?

Jeff Fortney
Clearent LLC

Company Profile

ISO Advance

Premier Payment Systems Inc.

New Products

Seamless, scalable in-store mobile payments

PD40
Zebra Technologies Corp.

Cloud-based, interactive payments for food service

iPAD POS
Aptito LLC

Inspiration

Workplace Oscar party

Departments

GS 10 Years Ago

Readers Speak

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

March 09, 2015  •  Issue 15:03:01

previous next

Massive hack siphons nearly $1 billion from banks worldwide

It's being billed as the largest data heist in the history of banking. And it may not yet be over. Reports published recently in various media outlets revealed that at least 100 banks in 30 countries were hit with malware that resulted in hundreds of millions of dollars in losses. However, no banks have yet revealed whether they were hit. The reports were based on information released by Kaspersky Lab, a Russian-based security firm. Kaspersky said it was called in to investigate possible network breaches after ATMs in Kiev began dispensing cash at seemingly random times throughout the day. Kaspersky said it can't be sure, but based on experiences of its clients, it said it expects losses at the defrauded banks to exceed $1 billon.

Most of the banks hit by the attack were located in Russia, although banks in the United States, Europe and Japan also were hit, according to Kaspersky. The group of attackers is believed to have penetrated the banks' internal systems with Word documents attached to phishing emails. Once there, they allegedly placed malware that enabled them to record daily transfers and bookkeeping routines on the infected networks.

Eventually, members of the group used that information to impersonate bank officers, transferring millions of dollars at a time into dummy accounts at other institutions and dispensing large sums of cash through ATMs. In an apparent attempt to escape easy notice, the gang limited transfers to $10 million.

Security experts believe the attacks – orchestrated by a group dubbed the Carbanak cybergang, named for the malware it used – should serve as a wake-up call to banks and other enterprises. Long-trusted detection technologies are no match for sophisticated web-born malware.

Indeed, The Challenge of Preventing Browser-Borne Malware, a study conducted by Ponemon Institute LLC and released on Feb. 2 by Spikes Security Inc., suggested web-born malware is the fastest growing data security threat to enterprises. Internal systems at as many as 75 percent of large firms Spikes recently surveyed have been infected, the security firm said. Companies surveyed averaged 51 breaches apiece in just 12 months, at a cost of about $62,000 per breach.

Banks urged to be more proactive, less reactive

"With attacks like this easily evading detection, this attack serves as a stark reminder that it is unwise to shift the focus from prevention solely onto reactive things like information sharing," said Branden Spikes, the firm's Chief Executive Officer and founder. His comments refer, in part, to a message delivered last week by the White House calling for greater information sharing between banks and other enterprises to combat cyberattacks.

At a Feb. 13 summit that drew more than 1,000 executives, government officials and technology heavyweights to Palo Alto, Calif., President Barack Obama officially laid out the federal government's cybersecurity game plan going forward. That plan includes proposed new laws that would facilitate greater information sharing and work efforts between and within the public and private sector to combat cyber threats.

"Grappling with how government protects the American people from adverse events, while at the same time making sure the government itself is not abusing its capabilities is hard," the President told the group. And he likened the Internet to the Wild, Wild West.

Although no banks have spoken publicly about the news or whether they were hit by the Carbanak cybergang, some published reports have pointed to several large money center banks as places where dummy accounts were set up to receive fraudulent wire transfers.

John Gunn, Vice President of Vasco Data Security International, warned that large banks are not the only targets of malware attacks. Headquartered in Chicago, Vasco specializes in authentication and e-signature security. "It's worth remembering that local banks and credit unions are also targets because they have weaker defenses than large banks," Gunn said. "As the largest institutions spend more and increase their defenses even further, hackers will be forced to move down the food chain."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems