A huge and highly sophisticated malware attack affecting multiple banks in as many as 30 countries has reportedly netted those behind the crime as much as $1 billion over the last two years.
Chris Doggett of computer security firm Kaspersky North America told the NY Times the malware used by the cybercriminals represented a marked increase in the complexity of such attacks on financial organizations.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Doggett said.
Kaspersky pegged the stolen amount at between $300 million and $1 billion, adding that so far it hasn’t been able to offer a more definitive figure as each of the detected thefts was limited to a maximum amount of $10 million.
The security firm said the attack started in late 2013 when the cybergang sent emails to hundreds of bank workers that tricked them into downloading the malicious software. This gave hackers the opportunity to trawl a bank’s computer network in search of employees operating its money transfer systems and ATMs.
The criminals then installed tools capable of capturing video and screenshots of employees’ workstations to learn how they worked.
Kaspersky’s Sergey Golovanov told the NY Times that the cybergang’s goal was “to mimic [the bank’s] activities,” adding, “That way, everything would look like a normal, everyday transaction.”
When the necessary information had been gathered, fake accounts were set up in a number of countries into which money transfers were made. ATMs were also commandeered to dispense cash to waiting associates.
According to Kaspersky, hacking into banks’ accounting operations has netted the gang the largest amounts. Using this method, the gang would inflate an account’s balance and then immediately withdraw the inflated amount before returning the account to its original balance. Such a method made it harder for the account holder and bank to spot that an illegal transaction had taken place.
While most of the targets have been in Russia, banks in the U.S., Europe, and Japan have also been hit. None of the affected banks have so far been named, though Kaspersky said law enforcement agencies around the world, among them the FBI, have already been briefed on its findings.
The security firm plans to publish a full report on the incident today.