Bank Hackers Steal Millions Via Malware

There was a story published in The New York Times, a few weeks ago about a organized group of cybercriminals that pulled off one of the largest bank heists, digitally, ever. This group, named by Kaspersky, Carbanak, is responsible for deploying malware to gain access to computers at more than 100 banks and steal well over $300 million.

Image: Kaspersky

There were 300 IP addresses targeted and the attack spanned nearly 30 countries worldwide. And the method used:

Phising

I’d hope that a bank would have better sense not to fall for a simple phising attack, but this wasn’t very simple. Most times, phishing attacks are aimed at the customers, trying to gain sensitive information. Carbanak targeted the machines in the banks directly, and finding ways to steal cash directly from the financial institution.

This same group is also thought to be behind several credit/debit card breaches at retail stores around the world, including Staples, however there has not been any noticable activity since the bank heists, which the story was covered by Brian Krebs back in December 2014.

Article: http://krebsonsecurity.com/2015/02/the-great-bank-heist-or-death-by-1000-cuts/#more-29921

Kaspersky Report: http://krebsonsecurity.com/wp-content/uploads/2015/02/Carbanak_APT_eng.pdf

-Jeremiah Faison

Advertisements