Financial institutions of Australia, China Pakistan, India, UK, US among the affected ones
Investigators are uncovering what is thought to be the biggest ever cybercrime with more than $1 billion going missing from banks around the world.
A criminal cyber gang has stolen as much as $1 billion (£650 million) from up to 100 financial institutions in at least 25 countries over the last two years, says Kaspersky report.
In some cases, the gang learned about wire transfer systems by watching administrators’ computers over video.
“In this way the cybercriminals got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out,” Kaspersky said in a news release.
Kaspersky said it was working with Interpol, Europol and authorities from different countries to uncover details on what is described as “an unprecedented robbery” on banks around the world. The cyber criminals come from Europe, including Russia and Ukraine, as well as China – the company claimed.
Some of the financial institutions affected are in Australia, Brazil, Bulgaria, Canada, China, Czech Republic, France, Germany, Hong Kong, Iceland, India, Ireland, Morocco, Nepal, Norway, Poland, Pakistan, Romania, Russia, Spain, Switzerland, Taiwan, Ukraine, the U.K., the U.S. None of the banks or financial institutions have been named.
Each theft took between two and four months, Kaspersky said. Bank computers would be infected with malware through spear-phishing attacks, which involves sending targeted emails with malicious attachments or links to select employees.
Spear-phishing emails are crafted in a way to make it likely a recipient will open an attachment or click a link that appears innocuous but installs malicious software on a computer.
As much as $10 million was stolen in a raid at a time, Kaspersky said. Funds were transferred using online banking or e-payment systems to the gang’s own accounts or to other banks in the U.S. and China.
In other instances, the attackers had deep control within a bank’s accounting systems, inflating account balances in order to mask thefts. For example, Kaspersky said that an account with $1,000 would be raised to $10,000, with $9,000 transferred to the cybercriminals.
ATMs were also targeted, Kaspersky said. The gang commanded the machines to dispense money at a certain time, with accomplices ready to pick up the disgorged cash.
On average, each bank robbery took between two and four months, from infecting the first computer at the bank’s corporate network to making off with the stolen money.
Another method used was where the criminals would gain access to someone’s account and inflate the balance many times over.
They would then withdraw the amount they had increased it by and the person would never suspect because their original balance remained the same.
Sergey Golovanov of Kaspersky Lab said: “These bank heists were surprising because it made no difference to the criminals what software the banks were using.
“So even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services. Once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery.”