igor - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Carbanak bank malware attack causes nearly $1 billion in losses

A malware attack on more than 100 banks around the globe has led to one of the largest bank heist schemes in history, with losses potentially reaching $1 billion.

A campaign to insert malware into banking institutions around the globe may be responsible for one of the largest bank heist schemes in history, new research shows, with attackers getting away with as much as $1 billion.

Researchers from Moscow-based Kaspersky Lab revealed new details Monday on the attack and the group responsible, which it has dubbed "the Carbanak gang" based on the type of malware used. According to the report, Carbanak targeted more than 100 banks in at least 30 countries, and was responsible for the theft of anywhere between $300 million and $1 billion, and possibly more.

The attacks were first revealed in December 2014 by researchers at Russian research firm Group-IB and Dutch security intelligence firm Fox-IT. The attack group, first called Anunak, was said to have used a custom-made banking Trojan known as Canberp to steal more than $15 million from Eastern European banks.

The data for Kaspersky's research came through its own research in addition to research from INTERPOL and Europol. It found that known vulnerabilities in Microsoft Office were used to send phishing attachments to bank employees. The employees, by clicking links and opening attachments, would unsuspectingly instigate malware installs, which allowed attackers access to bank networks. There they would find and target employees responsible for cash transfer systems and remotely connected ATMs.

Kaspersky said that the Carbanak group didn't go after customer data -- including account information and payment card numbers -- but instead attacked the banks directly by installing RAT software, which recorded video and screenshots of employee computers in order to learn how to best mimic normal bank transfers.

Carbanak reportedly lurked for months, enabling attackers to impersonate bank officers, turn on ATMs to release cash at random, and transfer millions of dollars from target banks into dummy accounts around the world. Each bank was said to have lost at least $2.5 and up to $10 million.

The Carbanak group is said to be made up of members mainly from Russia, China and Europe. While the group targeted dozens of banks, Kaspersky said that banks in Russia, the United States, Japan and Eastern Europe were hit the most frequently. The names of the banks attacked were not released due to non-disclosure agreements, and not one of the institutions has come forward to acknowledge any theft.

Next Steps

Learn how to protect against phishing attacks.

Dig Deeper on Threat prevention in financial institutions

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Are your employees trained to protect themselves from phishing attacks?
Unfortunately it's hard to stop this in a lot of businesses. We have had a lot of e-mails for users with subjects like FedEx un-deliverable package. or USPS or other delivery service we do a lot of business with. When opened they have contained viruses. WE also have had e-mails with names of bans we do business with that also have contained viruses. We tell our user to be careful and try and have them look at the e-mail header to see if the domain it's from is valid. Even with our protection and trying to stay proactive against threats there are always a few that may get through. Worse is when a user checks their personal e-mails , say on Yahoo, Hotmail or Gmail, on a work device. That negates all of  our security and opens up a whole new set of problems.
Being a digital/internet based company, our employees are given a brief training surrounding general online security, password/information protection and how to treat classified and high-touch documents. However, I do believe that a more structured and detailed program should be developed in the near future, focusing on specific instances. If employees could be shown how easy it's becoming to phish information, it would benefit them for activities surrounding work as well as in their everyday lives.
The most troubling part of this is that bank employees are opening attachments. Hopefully they were at least from fellow employees and not unknown senders.