Carbanak - Η Kaspersky LabThe INTERPOLThe Europol and authorities from various countries around the world have teamed up to uncover an unprecedented digital robbery. Specifically, up to $ 1 billion were stolen from financial institutions around the world, over a two-year period. Experts engaged in the investigation report that responsibility for robbery has an international gang of digital criminals from Russia, Ukraine, other European countries and China.
The criminal gang Carbanak, which is responsible for digital robbery, used techniques directly from the arsenal of targeted attacks. This development marks the beginning of a new phase in the evolution of digital crime, in which malicious users steal money directly from banks, avoiding targeting end users.
Since 2013, criminals have attempted to attack up to 100 banks, electronic payment systems and other financial institutions in some 30 countries. Their attacks remain active. According to her data Kaspersky Lab date, to the objectives of the campaign Carbanak financial institutions included in Russia, the USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Norway, India, United Kingdom, Nepal, Morocco, Iceland, Ireland, the Czech Republic, Switzerland, Brazil, Bulgaria and Australia.
It is estimated that the biggest sums were dismantled by banking systems and the theft of $ 10 million in every gang's raid. On average, each robbery took place in 2 to 4 months, from the time of the first computer attack on the bank's corporate network to the ultimate theft of money.
Digital criminals gained access to worker computers through technicians spear-Phishing, "Infecting" the victims with malware Carbanak. They were then able to penetrate the corporate network, locate computer administrators, and monitor video. This allowed them to see and record what was happening on the screens of the staff involved in money transfer systems. In this way, the scammers could learn up to the last detail about the work of the employees and imitate the activities of the staff in order to transfer and liquidate money.
How the thefts were done
· When it was time to liquidate the sums they extracted from their activities, the scammers used online banking systems or international electronic payment systems to transfer money from bank accounts to their own. In this case, stolen money was deposited with banks in China and America. Experts do not rule out the possibility that other banks, in other countries, would be used as "recipients".
· In other cases, digital criminals penetrated directly into the "heart" of accounting systems, "contaminating" account balances before extracting extra money through fraud transactions. For example, if an account had 1.000 dollars, the criminals changed their value to 10.000 dollars and then I transferred 9.000 to their own accounts. The account holder did not suspect that there was a problem because the 1.000 dollar capital was still there.
· In addition, criminals gained control over them TMJ of the banks and, through orders, arranged them to give cash at predetermined intervals. When the payment was completed, one of the gang's "boss" was waiting next to the machine to get the money coming from the "voluntary" payment.
"These robberies were surprising, because criminals played no role what software the banks used. So, even if a bank uses a single software, a bank can not be satisfied. The criminals did not even have to "hurt" the services of the banks. Once they gained access to the network, they learned how to hide their malicious actions behind legitimate actions. It was a very skillful and professional digital robbery, "he commented Sergey Golovanov, Principal Security Researcher in its World Research and Analysis Group Kaspersky Lab.
"Once again, these attacks underline the fact that criminals will exploit every vulnerability in every system. It also underlines that no industry can assume that it has "immunity" to the attacks and that it must continually cover its security processes. Recognizing new trends in digital crime is one of the key areas of its cooperation INTERPOL and Kaspersky Lab, which aims to help both the public and the private sector better protect themselves against the evolving threats, "he said. Sanjay Virmani, Director of the Digital Crime Center INTERPOL.
Η Kaspersky Lab urges all financial institutions to carefully monitor their networks for its possible existence malware Carbanak and if they find it, report the invasion of the law enforcement authorities.