Hackers steal up to $1 billion from banks through malware “Carbanak”

Imagine standing in front of an ATM machine that suddenly starts to dispense money. That’s apparently what sparked a large investigation the end of 2013. It has now been discovered that this was part of what may be the largest bank theft ever.

“In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.” reported the New York Times.

10777282_sKaspersky Lab revealed on Saturday that a multinational gang of cyber criminals has stolen up to $1 billion from as many as 100 financial institutions around the world in a few years time. Attacks on ATM machines or individual bank accounts are quite common nowadays. This time the criminals took the unusual approach of stealing directly from banks by targeting bank employee’s computers. The hackers sent emails to hundreds of bank employees that included a malicious link. Once clicked on, a malware program called Carbanak would install which allowed the hackers to get onto the bank’s internal network and spy on the staff’s activities. The malware program recorded keystrokes and took screen shots of the bank’s computers, so that hackers could learn bank procedures and get access to the bank’s administrative system.

Controlling ATM machines remotely was on of the methods

The hackers then stole money from the bank in a few different methods that are known so far:

No bank has come forward yet to acknowledge the theft

The majority of the targets were in Russia, but also many in the US, Japan and Europe. According to the New York Times, no bank has come forward acknowledging the theft, a common problem that US President Obama addressed recently. The full report will be published by the New York times this Monday. Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever. The affected banks are aware of what’s going on, but Kaspersky says it can’t name them because of non-disclosure pacts.

Kaspersky said it’s working with Interpol, Europol and authorities from different countries to try to uncover more details on what it being called an unprecedented robbery. While it’s always a good idea to keep an eye out for suspicious bank account activity, you now have an even better reason to be cautious. More details will most likely be revealed this week, after the full report has been published.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great (malware-free) day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next