Billion Dollar Bank Heist Caused by Malware

Billion Dollar Bank Heist Caused by Malware

New reports are emerging of banks across the world that have been targeted in a spear phishing attack that leveraged out of date software – to steal nearly a billion dollars.

In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.

The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.

Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.

The majority of the targets were in Russia, but many were in Japan, the United States and Europe.
Bank Hackers Steal Millions via Malware | NY Times

…employees at victim banks had their computers infected merely after opening booby-trapped emails. “The cybercriminals sent their victims infected emails — a news clip or message that appeared to come from a colleague — as bait,” The Times’ story reads. “When the bank employees clicked on the email, they inadvertently downloaded malicious code.”

As the Kaspersky report (and my earlier reporting) notes, the attackers leveraged vulnerabilities in Microsoft Office products for which Microsoft had already produced patches many months prior — targeting organizations that had fallen behind on patching. Victims had to open booby trapped attachments within spear phishing emails.
The Great Bank Heist, or Death by 1,000 Cuts? | Krebs on Security

And how did this gang get into the networks? The Times report said they sent spear-phishing emails to employees, some of whom clicked on the bad links and infected their workstation. Once the bad guys had access, they tunneled into the network and found the employees who were in charge of cash transfer systems or ATMs.

The next step was they installed a remote access Trojan, which gave them full access so they could study what these key employees did. At that point they were able to tell ATMs to dispense cash or transfer larger amounts to accounts all over the world. It boils down to the conclusion that well over 100 bank networks (that we know of) have been pwned for years, and the attacks are likely still be happening.
Billion Dollar Cyberheist Caused By Phish-prone Employees | KnowBeFor

 481 total views,  1 views today

(Visited 1 times, 1 visits today)
Related Reading  New Malware Warning Issued by CISA, DOD, and FBI

6 thoughts on “Billion Dollar Bank Heist Caused by Malware

  1. So, what do we learn from this?

    Keep your software up to date. ALL your software. While your at it, don’t forget to back-up everything.

    These banks etc. were realy D-U-M-B. Microsoft already had the patches out. All they had to do was install it. They should all be fined and/or be charged a high deductable on their insurance. Dumb….!!

  2. Cyber Criminals street smarts seems to be out performing Cyber Securities best efforts to prevent Cyber Criminals introducing new and creative banking methods.

  3. Couldn't happen to nicer people.

    It is no coincidence that the collective noun for these people is "a wunch of bankers".

  4. The article should specify where the stolen money came from inside these banks. We might all very safely _conclude_ that it came from these banks' own reserves, and not from individual accounts. But it would be educational—and perhaps comforting—to see this probability confirmed or denied.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.