A huge and highly sophisticated malware attack affecting multiple banks in as many as 30 countries has reportedly netted those behind the crime as much as $1 billion over the last two years.
Chris Doggett of computer security firm Kaspersky North America told the NY Times the malware used by the cybercriminals represented a marked increase in the complexity of such attacks on financial organizations.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Doggett said.
Related: Security firms struggle to keep up with malware surge
Kaspersky pegged the stolen amount at between $300 million and $1 billion, adding that so far it hasn’t been able to offer a more definitive figure as each of the detected thefts was limited to a maximum amount of $10 million.
The security firm said the attack started in late 2013 when the cybergang sent emails to hundreds of bank workers that tricked them into downloading the malicious software. This gave hackers the opportunity to trawl a bank’s computer network in search of employees operating its money transfer systems and ATMs.
The criminals then installed tools capable of capturing video and screenshots of employees’ workstations to learn how they worked.
Kaspersky’s Sergey Golovanov told the NY Times that the cybergang’s goal was “to mimic [the bank’s] activities,” adding, “That way, everything would look like a normal, everyday transaction.”
When the necessary information had been gathered, fake accounts were set up in a number of countries into which money transfers were made. ATMs were also commandeered to dispense cash to waiting associates.
Related: FBI wants of malware attack aimed at U.S. businesses
According to Kaspersky, hacking into banks’ accounting operations has netted the gang the largest amounts. Using this method, the gang would inflate an account’s balance and then immediately withdraw the inflated amount before returning the account to its original balance. Such a method made it harder for the account holder and bank to spot that an illegal transaction had taken place.
While most of the targets have been in Russia, banks in the U.S., Europe, and Japan have also been hit. None of the affected banks have so far been named, though Kaspersky said law enforcement agencies around the world, among them the FBI, have already been briefed on its findings.
The security firm plans to publish a full report on the incident today.
FRENCH VERSION
Chris Doggett de sécurité informatique Kaspersky ferme enAmérique du Nord a dit le New York Times le logiciel malveillantutilisé par les cybercriminels représenté une augmentationmarquée de la complexité de ces attaques contre lesorganisations financières.
“C’est probablement l’attaque plus sophistiqué que du monde avu à ce jour sur le plan de la tactique et les méthodes que les cybercriminels ont utilisé pour rester secrètes,” a déclaréDoggett.
Connexes : Entreprises de sécurité luttent pour faire face à lamontée subite de malware
Le cabinet de sécurité, a déclaré l’attaque a commencé fin 2013,quand le cybergang ont envoyé des emails à des centainesd’employés de banque qui eux trompés en téléchargeant lelogiciel malveillant. Cela a permis les pirates de réseauinformatique d’une banque à la recherche d’employés de sessystèmes de transfert d’argent et les guichets automatiques de lapêche au chalut.
Connexes: FBI veut d’attaque de malware destinée auxentreprises américaines
Tandis que la plupart des cibles ont été en Russie, dans les États-Unis, l’Europe et le Japon, les banques ont également ététouchés. Aucune des banques touchées ont jusqu’à présent éténommées, si Kaspersky a dit répressifs dans le monde entier,parmi lesquels le FBI, ont déjà été informés de ses conclusions.