When hackers steal money from banks, they usually go for Bonnie and Clyde attacks, taking whatever they can take in a single grab, one Kaspersky executive told The New York Times, as the security research discovered a different type of bank cyber heist, one likened to Ocean’s Eleven in terms of planning, but also when it comes to the significant amount of stolen cash.
DON’T MISS: A simple security oversight was responsible for the massive JPMorgan Chase hack
Following a well planned operation, that involved months of spying through the use of sophisticated software, unknown hackers originating from Russia, China and Europe managed to steal at least $300 million from a large number of banks — which are now aware of the hack but chose not to disclose these losses.
The attacks appear to be continuing, the publication says, but the attacks may have went on for a couple of years before anyone noticed.
Kaspersky Labs says that more than 100 banks and financial institutions might have been hit in this elaborate scheme that involved no guns or getaway cars. This might be the largest bank thefts ever, and one that could have netted hackers up to $900 million, though traces for only a third of that amount have been discovered.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Kaspersky North America’s managing director Chris Doggett said.
Hackers used “regular” techniques to get in a bank — targeting employees with malware emails set up to look as if coming from their colleagues and hoping they’ll click and install malicious programs contained in seemingly safe attachments — and then, instead of going for a quick hit, they got into the banks internal network, studying the habits of other employees with help of advanced software. The attackers looked for employees responsible for bank transfers or ATM remote control.
They were able to capture video and screenshots of an employee’s computer, and then mimic their activities to transfer money to accounts they controlled, without alerting the bank that anything unusual is going on.
One of the techniques used to steal money was manipulating account balances to show more money than they actually had. An account with $1,000 in it would be altered to show $10,000, so that hackers could transfer $9,000 out of the bank without anyone noticing anything.
More details about this major cyber theft are available at the source link.
The New York Times