Billion Dollar Cyberheist Caused By Phish-prone Employees

In what appears to be one of the largest and most highly sophisticated cyberheists ever, more than 100 financial institutions in 30 countries have been the victim of a cyberheist that lasted in some cases nearly 2 years.  Most of the banks that were hit are in Russia, but also include banks in Japan, Europe, and the United States. The gang appears to be the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China. Kaspersky could not release the names of the banks because of nondisclosure agreements. The Times said that The White House and FBI have been briefed on Kaspersky Lab's findings, and Interpol is coordinating an investigation.

Kevin Mitnick, KnowBe4's Chief Hacking Officer said, "Even after 20 years, social engineering is still the easiest way into a target's network and systems, and it's still the hardest attack to prevent."

KnowBe4’s CEO Stu Sjouwerman stated, “While this cyberheist is considered very sophisticated, spear-phishing is one of the most preventable and affordable. You would expect the finance industry to set the bar very high and have employees trained within an inch of their lives not to fall for such an attack. We would highly encourage financial institutions to take a look at their training methods and beef them up accordingly. ”

The gang responsible for this has been dubbed the “ Carbanak cybergang" because of the name of the malware they used. As reported by the NY Times on Saturday, February 14th, the gang managed to stay under the radar and inside bank networks by sending spear-phishing emails to employees containing infected attachments which were opened, infecting the workstation.

Once access was provided the gang tunneled into the network and found employees who were in charge of cash transfer systems or ATMs. Next they installed a remote access Trojan, which gave them full access so they could study what these key employees did. At that point they were able to tell ATMs to dispense cash or transfer larger amounts to accounts all over the world. It appears that well over 100 bank networks (that we know of) have been penetrated for years, and the attacks may still be happening.

According to reports from the Times, one Kaspersky client lost $7.3 million through A.T.M. withdrawals alone, while another lost $10 million from the exploitation of its accounting system. In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.

Chris Doggett, of Kaspersky North America, said, "This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert."

According to Dutch security firm Fox-IT, Carbanak is the same group that was uncovered by Group-IB and Fox-IT in a Dec. 2014 report which referenced the attackers as the “Anunak hackers group” which stole reams of data from Staples, Sheplers and Bebe.

Sjouwerman offered, “Security Awareness Training is really needed for every employee in any organization, not just banks. It allows you to put in place a more effective human firewall and protect your corporate and financial assets.”

  • The Z-Wave Alliance Focuses on the Residential Market The Z-Wave Alliance Focuses on the Residential Market

    Mitchell Klein serves as the executive director of the Z-Wave Alliance, an industry organization that drives numerous initiatives to expand and accelerate the global adoption of smart home and smart cities applications. In this Podcast, we talk about the 2022 State of the Ecosystem, and the fact that technology has brought about almost unimaginable residential security resources. The Alliance also provides education resources as well as looking at expanding technology.

Digital Edition

  • Security Today Magazine - May June 2022

    May / June 2022

    Featuring:

    • The Ying and Yang of Security
    • Installing Smart Systems
    • Leveraging Surveillance
    • Using Mobile Data
    • RIP Covid-19

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety