As much as $1 billion is expected to have been stolen in what is being called “the most highly sophisticated criminal attack” ever seen.
Kaspersky Lab, a Russian computer security company initially brought in to investigate a Kiev ATM randomly dispensing cash in 2013, broke the news in an advance announcement provided to The New York Times.
The cybercriminal gang, dubbed Carbanak by Kaspersky, is responsible for what could be one of the biggest bank heists of all time, orchestrating an intricate, wide-reaching plan to steal money directly from the banks themselves.
Kaspersky’s investigation into the Kiev ATM revealed the first strand of a huge cyber attack, one the security company says has targeted over 100 banks and financial institutions in 30 nations around the world.
“The cybercriminals sent their victims infected emails — a news clip or message that appeared to come from a colleague — as bait,” the report reads. “When the bank employees clicked on the email, they inadvertently downloaded malicious code. That allowed the hackers to crawl across a bank’s network until they found employees who administered the cash transfer systems or remotely connected A.T.M.s.”
Kaspersky Lab says the bank behind the ATM had been penetrated with malware that allowed criminals to receive video feeds and images from the bank’s security feeds, which in turn informed them of staff routines.
Criminals then impersonated bank officers in order to use cash machines and to transfer millions of dollar from banks in the United States, Russia, Japan, Netherlands and Switzerland to dummy accounts in other countries.
— KasperskyUK (@kasperskyuk) February 16, 2015
Kaspersky confirmed that it had evidence of at least $300 million being stolen, but estimates that the total will triple that amount.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Chris Doggett, Managing Director of the Kaspersky North America office in Boston, said.
Due to nondisclosure agreements with the banks, Kaspersky Lab has not yet named any of the banks targeted by the cybercriminals.
A statement by the Financial Services Information Sharing and Analysis Center said, while they could not comment on individual actions their members have taken, they believe their members “are taking appropriate actions to prevent and detect these kinds of attacks and minimise any effects on their customers.”