In what may turn out to be one of the biggest hacks of all time, security researchers from Kaspersky North America have said as many as 30 banks were hit and that the bad guys may have gotten away with anywhere from $300 million to $1 billion over the last two years. Want more details on how the attack took place? Check out this PDF report by Kaspersky. And a H/T to them for the graphics and video posted below.
On one of the major cable news networks recently, I saw some poor talking head (anchor-person) become confused when interviewing someone for a story about the big bank hack. She asked why the banks didn’t have better security to protect the money. What she didn’t realize was that a lot of this huge hack came down to social engineering – which is hard to protect against sometimes.
The massive attack started back in 2013 when the attackers sent out emails to hundreds of bank employees around the world. The emails had nasty malware attached – hidden in Word files and CPL files. As you might have guessed, a percentage of the people who got the email had to know more about the file and clicked it to open it. When they did, their computer was infected by the malware.
Once the bad guys were on a bank’s computer system, they were able to poke around the internal networks. In some case, they installed software that ran in the background and took screenshots and logged keystrokes. Are you beginning to see how they pulled off this heist yet? They took great care to make sure all their actions (and transactions) looked natural as they observed the network at each bank.
Eventually, when they felt comfortable and were able to learn the bank’s software, they transferred money (in large amounts – but not TOO large) to bank accounts around the world. They also instructed ATM machines to dispense cash to waiting bad guys. Reportedly, they also had the power to inflate the balance of a bank account (with fake money), transfer that “fake money” to another account, then return the original balance to normal, covering their tracks.
A majority of the banks hit were in Russia, but banks in the U.S. , Europe, and Japan have also been hit over the last couple years. Apparently, they only stole around $10 million from each heist, which helped them avoid detection for quite a long time – about as long as Moonpig ignored a security vulnerability, as we learned recently.
Carbanak Malware Menace
How did the bad guys get into computer systems? They used Carbanak malware, which wasn’t known about until Kaspersky Labs released their report about the hundreds of millions of dollars stolen from banks around the world. According to Kaspersky, “Carbanak is a remote backdoor (initially based on Carberp), designed for espionage, data exfiltration and to provide remote access to infected machines.” As for the name, Kaspersky wrote, “We name the backdoor Carbanak since it is based on Carberp and the name of the configuration file is anak.cfg.” Nice.
Here’s more of what Kaspersky Labs had to say earlier this week:
Kaspersky Lab, INTERPOL, Europol and authorities from different countries have combined efforts to uncover the criminal plot behind an unprecedented cyberrobbery. Up to one billion American dollars was stolen in about two years from financial institutions worldwide. The experts report that responsibility for the robbery rests with a multinational gang of cybercriminals from Russia, Ukraine and other parts of Europe, as well as from China. The Carbanak criminal gang responsible for the cyberrobbery used techniques drawn from the arsenal of targeted attacks. The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users.
SSL Takeaway
While having SSL installed on ALL of your pages is a good start, it’s also important to teach your employees about the dangers of social engineering. Additionally, it’s a good idea to spend time trying to break into your website or steal data so that you can find any vulnerabilities that are available.
“These attacks again underline the fact that criminals will exploit any vulnerability in any system. It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures. Identifying new trends in cybercrime is one of the key areas where INTERPOL works with Kaspersky Lab in order to help both the public and private sectors better protect themselves from these evolving threats,” said Sanjay Virmani, Director of the INTERPOL Digital Crime Centre.
And, as you know, here at SSL.com, we have our eyes open as well. We love sharing all the latest information security news as well as other entertaining and/or informative articles. Leave a comment below if you have anything to add to the conversation.