To uncover the recent cyber robbery, Kaspersky Lab, Interpol and Europol have combined their efforts and found shocking results. According to the investigation, up to $1 billion have been stolen in about two years from financial institutions worldwide. The experts claims the Carbanak, a multinational gang of cyber criminals are responsible for the robbery.
The Carbanak criminal gang used techniques drawn from the arsenal of targeted attacks. The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid directly targeting the end users.
Since 2013, the criminals have attempted to attack up to 100 banks, e-payment systems and other financial institutions in around 30 countries. The attackers continue to remain active. According to Kaspersky Lab data, the Carbanak targets included financial organisations in Russia, USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Spain, Norway, India, the UK, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria, and Australia.
It is estimated that the largest sums of money were grabbed by hacking into banks and stealing up to ten million dollars in each raid. On an average, each bank robbery took between two and four months, from infecting the first computer at the bank's corporate network to making off with the stolen money.
The cybercriminals began by gaining entry into an employee's computer through spear phishing, infecting the victim with the Carbanak malware. They were then able to jump into the internal network and track down administrators' computers for video surveillance. This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems. This way, the fraudsters got to know every last detail of the bank clerks' work and were able to mimic staff activity in order to transfer money and cash out.
How they stole the money
- When the time came to cash in on their activities, the fraudsters used online banking or international e-payment systems to transfer money from the banks' accounts to their own. In the second case, the stolen money was deposited with banks in China or America. Experts do not rule out the possibility of banks in other countries being used as receivers.
- In other cases, cybercriminals penetrated right into the very heart of the accounting systems, inflating account balances before pocketing the extra funds via a fraudulent transaction. For example: if an account has $1,000 dollars, the criminals change its value so it has $10,000 dollars and then transfer $9,000 to themselves. The account holder doesn't suspect a problem because the original $1,000 dollars are still there.
- In addition, the cyberthieves seized control of banks' ATMs and manipulated them to dispense cash at a pre-determined time. When the payment was due, one of the gang's henchmen waited beside the machine to collect the 'voluntary' payment.