Billion Dollar Cyberheist Caused By Phish-prone Employees

In what appears to be one of the largest and most highly sophisticated cyberheists ever, more than 100 financial institutions in 30 countries have been the victim of a cyberheist that lasted in some cases nearly 2 years.  Most of the banks that were hit are in Russia, but also include banks in Japan, Europe, and the United States. The gang appears to be the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China. Kaspersky could not release the names of the banks because of nondisclosure agreements. The Times said that The White House and FBI have been briefed on Kaspersky Lab's findings, and Interpol is coordinating an investigation.

Kevin Mitnick, KnowBe4's Chief Hacking Officer said, "Even after 20 years, social engineering is still the easiest way into a target's network and systems, and it's still the hardest attack to prevent."

KnowBe4’s CEO Stu Sjouwerman stated, “While this cyberheist is considered very sophisticated, spear-phishing is one of the most preventable and affordable. You would expect the finance industry to set the bar very high and have employees trained within an inch of their lives not to fall for such an attack. We would highly encourage financial institutions to take a look at their training methods and beef them up accordingly. ”

The gang responsible for this has been dubbed the “ Carbanak cybergang" because of the name of the malware they used. As reported by the NY Times on Saturday, February 14th, the gang managed to stay under the radar and inside bank networks by sending spear-phishing emails to employees containing infected attachments which were opened, infecting the workstation.

Once access was provided the gang tunneled into the network and found employees who were in charge of cash transfer systems or ATMs. Next they installed a remote access Trojan, which gave them full access so they could study what these key employees did. At that point they were able to tell ATMs to dispense cash or transfer larger amounts to accounts all over the world. It appears that well over 100 bank networks (that we know of) have been penetrated for years, and the attacks may still be happening.

According to reports from the Times, one Kaspersky client lost $7.3 million through A.T.M. withdrawals alone, while another lost $10 million from the exploitation of its accounting system. In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.

Chris Doggett, of Kaspersky North America, said, "This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert."

According to Dutch security firm Fox-IT, Carbanak is the same group that was uncovered by Group-IB and Fox-IT in a Dec. 2014 report which referenced the attackers as the “Anunak hackers group” which stole reams of data from Staples, Sheplers and Bebe.

Sjouwerman offered, “Security Awareness Training is really needed for every employee in any organization, not just banks. It allows you to put in place a more effective human firewall and protect your corporate and financial assets.”

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Busy South Africa Building Integrates Custom Access Control System

    Nicol Corner, based in Bedfordview, Johannesburg, South Africa, is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. This is the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption. Nicol Corner (Pty) LTD has developed a landmark with sophisticated design and unique architecture by collaborating with industry-leading partners and specifying world-class equipment throughout the project. This includes installing a high-spec, bespoke security and access control system. Read Now

  • Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3