igor - Fotolia
A campaign to insert malware into banking institutions around the globe may be responsible for one of the largest bank heist schemes in history, new research shows, with attackers getting away with as much as $1 billion.
Researchers from Moscow-based Kaspersky Lab revealed new details Monday on the attack and the group responsible, which it has dubbed "the Carbanak gang" based on the type of malware used. According to the report, Carbanak targeted more than 100 banks in at least 30 countries, and was responsible for the theft of anywhere between $300 million and $1 billion, and possibly more.
The attacks were first revealed in December 2014 by researchers at Russian research firm Group-IB and Dutch security intelligence firm Fox-IT. The attack group, first called Anunak, was said to have used a custom-made banking Trojan known as Canberp to steal more than $15 million from Eastern European banks.
The data for Kaspersky's research came through its own research in addition to research from INTERPOL and Europol. It found that known vulnerabilities in Microsoft Office were used to send phishing attachments to bank employees. The employees, by clicking links and opening attachments, would unsuspectingly instigate malware installs, which allowed attackers access to bank networks. There they would find and target employees responsible for cash transfer systems and remotely connected ATMs.
Kaspersky said that the Carbanak group didn't go after customer data -- including account information and payment card numbers -- but instead attacked the banks directly by installing RAT software, which recorded video and screenshots of employee computers in order to learn how to best mimic normal bank transfers.
Carbanak reportedly lurked for months, enabling attackers to impersonate bank officers, turn on ATMs to release cash at random, and transfer millions of dollars from target banks into dummy accounts around the world. Each bank was said to have lost at least $2.5 and up to $10 million.
The Carbanak group is said to be made up of members mainly from Russia, China and Europe. While the group targeted dozens of banks, Kaspersky said that banks in Russia, the United States, Japan and Eastern Europe were hit the most frequently. The names of the banks attacked were not released due to non-disclosure agreements, and not one of the institutions has come forward to acknowledge any theft.
Learn how to protect against phishing attacks.