Carbanak - H Kaspersky LabThe INTERPOLThe Europol and authorities from various countries around the world worked together to uncover an unprecedented digital heist. Specifically, up to $1 billion was stolen from financial institutions around the world over a two-year period. The experts involved in the investigation report that the responsibility for the robbery lies with an international gang of digital criminals from Russia, Ukraine, other European countries and China. 
The criminal gang Carbanak, η οποία είναι υπεύθυνη για την ψηφιακή ληστεία, χρησιμοποίησε τεχνικές απευθείας από το οπλοστάσιο των στοχευμένων attacks. Η συγκεκριμένη εξέλιξη σηματοδοτεί την απαρχή μιας νέας φάσης στην εξέλιξη της ψηφιακής εγκληματικής δραστηριότητας, στην οποία οι κακόβουλοι χρήστες κλέβουν χρήματα απευθείας από τις τράπεζες, αποφεύγοντας να βάλουν τους τελικούς χρήστες στο στόχαστρο.
Since 2013, criminals have attempted to attack up to 100 banks, electronic systems payments and other financial institutions in approximately 30 countries. Their attacks remain active. According to her data Kaspersky Lab date, to the objectives of the campaign Carbanak included financial institutions in Russia, USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Norway, India, United Kingdom, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria and Australia.
It is estimated that the biggest sums were dismantled by banking systems and the theft of $ 10 million in every gang's raid. On average, each robbery took place in 2 to 4 months, from the time of the first computer attack on the bank's corporate network to the ultimate theft of money.
Digital criminals gained access to worker computers through technicians spear-Phishing, "Infecting" the victims with malware Carbanak. They were then able to penetrate the corporate network, locate computer administrators, and monitor video lesson. This allowed them to see and record what was happening on the screens of the staff involved in money transfer systems. In this way, the scammers could learn up to the last detail about the work of the employees and imitate the activities of the staff in order to transfer and liquidate money.
How the thefts were done
· When it was time to liquidate the sums they extracted from their activities, the scammers used online banking systems or international electronic payment systems to transfer money from bank accounts to their own. In this case, stolen money was deposited with banks in China and America. Experts do not rule out the possibility that other banks, in other countries, would be used as "recipients".
· In other cases, digital criminals penetrated directly into the "heart" of accounting systems, "contaminating" account balances before extracting the extra money through fraudulent transactions. For example, if an account had $1.000, the criminals would change its value to $10.000 and then transfer the $9.000 to their own accounts. The account holder had no idea there was one problem, because the $1.000 capital was still there.
· In addition, criminals gained control over them ATM of the banks and through orders they regulated them so that they would give cash at predetermined time intervals. When the payment was completed, one of the gang's "top boys" would wait by the machine to collect the money that came from the "voluntary" payment.
"These robberies were surprising, because criminals played no role what software the banks used. So, even if a bank uses a single software, a bank can not be satisfied. The criminals did not even have to "hurt" the services of the banks. Once they gained access to the network, they learned how to hide their malicious actions behind legitimate actions. It was a very skillful and professional digital robbery, "he commented Sergey Golovanov, Principal Security Researcher in its World Research and Analysis Group Kaspersky Lab.
"Once again, these attacks underline the fact that criminals will exploit every vulnerability in every system. It also underlines that no industry can assume that it has "immunity" to the attacks and that it must continually cover its security processes. Recognizing new trends in digital crime is one of the key areas of its cooperation INTERPOL and Kaspersky Lab, which aims to help both the public and the private sector better protect themselves against the evolving threats, "he said. Sanjay Virmani, Director of the Digital Crime Center INTERPOL.
Η Kaspersky Lab urges all financial institutions to carefully monitor their networks for its possible existence malware Carbanak and if they find it, report the invasion of the law enforcement authorities.
