Malware helps Hackers to Hack $1 Billion from Banks across 30 counrties
An international hacking ring has stolen as much as $1 billion from more than 100 banks in 30 countries in what may be the biggest banking breach ever, a new report shows.
The scheme, which goes back as far as 2013, uses malware so sophisticated that hackers have used it to dispense cash from ATMs without any physical contact with the machines, according to the report by Moscow-based security firm Kaspersky Labs.
The hackers then sent mules to pick up the cash, according to the shocking report released Monday.
The malware used in the hacks, dubbed Carbanak, targets employees of banking institutions, rather than customers, and suggests a "new era in cybercrime" in which criminals go after institutions' internal operations, the report said.
The Kaspersky report declined to name the banks that have been compromised, but said the victims were mostly "Russian-speaking financial institutions," and the malware was largely downloaded from Russian.
Still, the problem is global and has targeted banks in China, Ukraine, the U.S., India, Sweden and Great Britain, the report said.
The attackers, who also hailed from China and Europe, appear to be "trying to expand operations to other Baltic and Central Europe countries, the Middle East, Asia and Africa," the report said. Also, the malware may be used to target other institutions, not just banks, the report said.
Losses per bank ranged from $2.5 million to as much as $10 million, the report said, adding that one institution lost a whopping $7.3 million due to ATM fraud alone.
The hackers seemed to deliberately limited their theft to about $10 million per bank before moving on to their next target, which may explain why the fraud went undetected so long.
Total financial losses could be as a high as $1 billion, however, "making this by far the most successful criminal cyber campaign we have ever seen," said the report.