Carbanak - Η Kaspersky LabThe INTERPOLThe Europol and authorities from various countries around the world worked together to uncover an unprecedented digital heist. Specifically, up to $1 billion was stolen from financial institutions around the world over a two-year period. The experts involved in the investigation report that the responsibility for the robbery lies with an international gang of digital criminals from Russia, Ukraine, other European countries and China. 
The criminal gang Carbanak, which is responsible for digital robbery, used techniques directly from the arsenal of targeted attacks. This development marks the beginning of a new phase in the evolution of digital crime, in which malicious users steal money directly from banks, avoiding targeting end users.
Since 2013, criminals have attempted to attack up to 100 banks, electronic payment systems and other financial institutions in some 30 countries. Their attacks remain active. According to her data Kaspersky Lab date, to the objectives of the campaign Carbanak financial institutions included in Russia, the USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Norway, India, United Kingdom, Nepal, Morocco, Iceland, Ireland, the Czech Republic, Switzerland, Brazil, Bulgaria and Australia.
It is estimated that the biggest sums were dismantled by banking systems and the theft of $ 10 million in every gang's raid. On average, each robbery took place in 2 to 4 months, from the time of the first computer attack on the bank's corporate network to the ultimate theft of money.
Digital criminals gained access to worker computers through technicians spear-Phishing, "Infecting" the victims with malware Carbanak. They were then able to penetrate the corporate network, locate computer administrators, and monitor video lesson. This allowed them to see and record what was happening on the screens of the staff involved in money transfer systems. In this way, the scammers could learn up to the last detail about the work of the employees and imitate the activities of the staff in order to transfer and liquidate money.
How the thefts were done
· When it was time to liquidate the sums they extracted from their activities, the scammers used online banking systems or international electronic payment systems to transfer money from bank accounts to their own. In this case, stolen money was deposited with banks in China and America. Experts do not rule out the possibility that other banks, in other countries, would be used as "recipients".
· In other cases, digital criminals penetrated directly into the "heart" of accounting systems, "contaminating" account balances before extracting the extra money through fraudulent transactions. For example, if an account had $1.000, the criminals would change its value to $10.000 and then transfer the $9.000 to their own accounts. The account holder had no idea there was one problem, because the $1.000 capital was still there.
· In addition, criminals gained control over them ATM of the banks and, through orders, arranged them to give cash at predetermined intervals. When the payment was completed, one of the gang's "boss" was waiting next to the machine to get the money coming from the "voluntary" payment.
"These robberies were surprising, because criminals played no role what software the banks used. So, even if a bank uses a single software, a bank can not be satisfied. The criminals did not even have to "hurt" the services of the banks. Once they gained access to the network, they learned how to hide their malicious actions behind legitimate actions. It was a very skillful and professional digital robbery, "he commented Sergey Golovanov, Principal Security Researcher in its World Research and Analysis Group Kaspersky Lab.
“Once again, these attacks highlight the fact that criminals will exploit any vulnerability, in any system. It also emphasizes that no industry can consider itself "immune" to attacks and that it must constantly cover its security procedures. THE recognition of new trends in digital crime is one of its key areas of cooperation INTERPOL and Kaspersky Lab, which aims to help both the public and the private sector better protect themselves against the evolving threats, "he said. Sanjay Virmani, Director of the Digital Crime Center INTERPOL.
Η Kaspersky Lab urges all financial institutions to carefully monitor their networks for its possible existence malware Carbanak and if they find it, report the invasion of the law enforcement authorities.
