A hacking ring has stolen up to $1 billion from banks around the world in what would be one of the biggest banking breaches known
A hacking ring has stolen up
to $1 billion from banks around the world in what would be one of the
biggest banking breaches known, a cybersecurity firm says in a report
scheduled to be delivered Monday.
The hackers have been active since at least the end of 2013 and infiltrated more than 100 banks in 30 countries, according to Russian security company Kaspersky Lab.
After gaining
access to banks' computers through phishing schemes and other methods,
they lurk for months to learn the banks' systems, taking screen shots
and even video of employees using their computers, the company says.
Once the
hackers become familiar with the banks' operations, they use that
knowledge to steal money without raising suspicions, programming ATMs to
dispense money at specific times or setting up fake accounts and
transferring money into them, according to Kaspersky. The report is set
to be presented Monday at a security conference in Cancun, Mexico. It
was first reported by The New York Times.
The hackers
seem to limit their theft to about $10 million before moving on to
another bank, part of the reason why the fraud was not detected earlier,
Kaspersky principal security researcher Vicente Diaz said in a
telephone interview with The Associated Press.
The attacks are unusual because they target the banks themselves rather than customers and their account information, Diaz said.
The goal seems to be financial gain rather than espionage, he said.
"In this case
they are not interested in information. They're only interested in the
money," he said. "They're flexible and quite aggressive and use any tool
they find useful for doing whatever they want to do."
Most of the
targets have been in Russia, the U.S., Germany, China and Ukraine,
although the attackers may be expanding throughout Asia, the Middle
East, Africa and Europe, Kaspersky says. In one case, a bank lost $7.3
million through ATM fraud. In another case, a financial institution lost
$10 million by the attackers exploiting its online banking platform.
Kaspersky did
not identify the banks and is still working with law-enforcement
agencies to investigate the attacks, which the company says are ongoing.
The Financial
Services Information Sharing and Analysis Center, a nonprofit that
alerts banks about hacking activity, said in a statement that its
members received a briefing about the report in January.
"We cannot
comment on individual actions our members have taken, but on balance we
believe our members are taking appropriate actions to prevent and detect
these kinds of attacks and minimize any effects on their customers,"
the organization said in a statement. "The report that Russian banks
were the primary victims of these attacks may be a significant change in
targeting strategy by Russian-speaking cybercriminals."
No comments:
Post a Comment