Hackers use malware to steal millions of dollars from global banks

It seems that data breaches have started to occur so frequently that people don’t even notice them anymore. But the most recent hack to make the news was a little different, as it is considered to be the largest bank theft in the world. According to a report by The New York Times , a group of cybercriminals were able to access the networks of more than 100 banks in 30 countries and steal at least $300 million.

Security researchers with Kaspersky Labs were called to investigate a strange glitch affecting the ATM machines of a Ukrainian bank in late 2013. The machine would dispense cash at random intervals without anyone swiping a card or entering a PIN, providing lucky passersby with free money. After looking into the problem, however, the analysts discovered that the bank’s network had been hacked and malicious actors had rigged the ATMs to release cash and then posed as random pedestrians to retrieve their haul.

The group of cybercriminals sent phishing emails to employees at the targeted banks which caused malware to be installed when opened. The malicious software allowed the hackers to record internal videos and view the daily operations of the bank, enabling them to perfectly mimic the actions of bank officials and steal money without raising suspicion.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” said Chris Doggett, managing director of Kaspersky North America’s Boston office, in an interview with the Times.

Sophisticated malware creating costlier breaches
The malware, known as Carbanak, allowed the cybercriminals to make transfers to fraudulent accounts by temporarily inflating the amount in legitimate accounts and then moving the money off-site. While researchers are confident that at least $300 million was stolen, they believe the actual total could be as much as three times that amount. The transactions never exceeded $10 million and some banks were attacked multiple times, making it difficult to calculate an accurate total. The majority of the financial institutions affected were in Russia, but banks in Europe, Japan and the U.S. were also targeted.

While this type of large scale hack doesn’t happen every day, the scope and sophistication of the cyberattack points to a trend of increasingly harmful data breaches targeting financial services institutions. Industry regulators have started to implement much stricter compliance standards, causing organizations to scramble to increase their security or face steep fines. It can be difficult for businesses to know what level of defense is necessary for their files, however. Partnering with a trusted service provider to establish a customized compliance program allows organizations to deploy the necessary security without the hassle and confusion.

ISG Technology has been an expert in the industry for decades, offering reliable security services for organizations in a variety of sectors. Compliance requirements can easily be met with firewall protection, intrusion prevention, network security assessments and monitoring services from ISG.