A massive criminal plot that stole some US$1 billion (RM3.6 billion) from multiple banks across the globe has been uncovered. The multi-national cyber-criminals managed to escape detection for some two years, although authorities are still trying to track the perpetrators down.
Operating since 2013, the Carbanak cybergang has targeted up to 100 different financial institutions and siphoned out between US$2.5-10 million at a time. This was done using a varying number of methods, including initiating fund transfers to their own accounts, or by setting ATMs to dispense cash a pre-determined time and place. In the event that the criminals managed to gain access to the accounting systems, they would manually inflate the bank balances of several accounts before pocketing the additional amount. In this case, the account owner would not have noticed the difference and been none the wiser.
As is the norm with these kinds of attacks, the victims were infected through a targeted spear phising campaign. Once the criminals managed to infect any computer with the Carbanak backdoor, they would begin moving across the network until they gained access to administrator access to for video surveillance. This allowed them to watch the bank clerks as they worked and mimic staff activity to avoid raising suspicion.
Banks and financial institutions from some 30 countries including Russia, USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Spain, Norway, India, the UK, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria, and Australia. Unfortunately, the attacks remain active and is also expanding operations to Malaysia, Kuwait, and several African nations.
Kaspersky has been working closely with INTERPOL, Europol, and law enforcement agencies to prevent further attacks and track the location of the cyber-criminals. While the security company is able to detect samples of Carbanak, it cannot prevent attacks without the users also being on alert.
As usual, users are asked to avoid opening attachments from unknown senders and avoid clicking on suspicious links; especially those working in banks and are dealing with large amounts of money.