Billion Dollar Cyberheist Caused By Phish-prone Employees

In what appears to be one of the largest and most highly sophisticated cyberheists ever, more than 100 financial institutions in 30 countries have been the victim of a cyberheist that lasted in some cases nearly 2 years.  Most of the banks that were hit are in Russia, but also include banks in Japan, Europe, and the United States. The gang appears to be the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China. Kaspersky could not release the names of the banks because of nondisclosure agreements. The Times said that The White House and FBI have been briefed on Kaspersky Lab's findings, and Interpol is coordinating an investigation.

Kevin Mitnick, KnowBe4's Chief Hacking Officer said, "Even after 20 years, social engineering is still the easiest way into a target's network and systems, and it's still the hardest attack to prevent."

KnowBe4’s CEO Stu Sjouwerman stated, “While this cyberheist is considered very sophisticated, spear-phishing is one of the most preventable and affordable. You would expect the finance industry to set the bar very high and have employees trained within an inch of their lives not to fall for such an attack. We would highly encourage financial institutions to take a look at their training methods and beef them up accordingly. ”

The gang responsible for this has been dubbed the “ Carbanak cybergang" because of the name of the malware they used. As reported by the NY Times on Saturday, February 14th, the gang managed to stay under the radar and inside bank networks by sending spear-phishing emails to employees containing infected attachments which were opened, infecting the workstation.

Once access was provided the gang tunneled into the network and found employees who were in charge of cash transfer systems or ATMs. Next they installed a remote access Trojan, which gave them full access so they could study what these key employees did. At that point they were able to tell ATMs to dispense cash or transfer larger amounts to accounts all over the world. It appears that well over 100 bank networks (that we know of) have been penetrated for years, and the attacks may still be happening.

According to reports from the Times, one Kaspersky client lost $7.3 million through A.T.M. withdrawals alone, while another lost $10 million from the exploitation of its accounting system. In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.

Chris Doggett, of Kaspersky North America, said, "This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert."

According to Dutch security firm Fox-IT, Carbanak is the same group that was uncovered by Group-IB and Fox-IT in a Dec. 2014 report which referenced the attackers as the “Anunak hackers group” which stole reams of data from Staples, Sheplers and Bebe.

Sjouwerman offered, “Security Awareness Training is really needed for every employee in any organization, not just banks. It allows you to put in place a more effective human firewall and protect your corporate and financial assets.”

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.