Categories: Security

Hackers Rob Millions From Dozens Of Banks

More than two dozen large Russian banks were targeted by hacking gangs last year, with the loss of millions of pounds, according to a new study.

The report, presented by Moscow-based Kaspersky Lab’s Global Research and Analysis Team (GREAT) during the firm’s Security Analyst Summit in Tenerife this week, found that three distinct groups had successfully fleeced at least 29 unnamed banks.

“In 2015 we saw the rise of cybercriminals who rob banks directly,” Kaspersky said in a blog post.

A gang using malware called Metel, which first came to light in 2011, last year developed a scheme that allowed them to withdraw unlimited amounts of cash from ATMs, Kaspersky said.

The gang first targeted bank employees through targeted email-borne attacks exploiting browser vulnerabilities. Once inside a network, the hackers looked to take over PCs belonging to individuals with access to cash transactions.

They implanted malware on these systems that automatically erased records of ATM transactions, so that a cash withdrawal would not affect the account’s balance.

“The balance on the cards remained the same, allowing the cybercriminal to withdraw money limited only by the amount of cash in the ATM,” Kaspersky stated. “The criminals made similar cash-outs at different ATM machines.”

The gang, which remains active, consists of only about ten people and has only targeted Russian banks, Kaspersky said.

E-currency transfers

Another group, limited to only one or two members, similarly gained access to bank systems via email-borne attacks and looked to obtain system administrator login credentials. They used the credentials to gain access to systems with the ability to transfer funds to e-currency services.

The transfers were limited to small amounts of around £150 at a time, the upper limit for anonymous transactions in Russia, but wre carried out continuously, about once a minute, so that the total amount added up to a large sum, Kaspersky said.

“It’s noteworthy that the thieves were very careful. In one case they quietly stayed in the network for a year and half, stealthy hacking lots of devices and accounts,” the firm stated.

Carbanak gang broadens targets

Kaspersky’s investigations found that a group using the Carbanak malware, which has been known to researchers since 2013, returned late last year with a broader set of targets that included financial departments of a variety of companies, as well as banks.

The group gains access to a target organisation’s systems through means similar to the other gangs, and then looks for ways of transferring money from bank accounts of changing data about a company’s owner, according to Kaspersky.

The group is international, including dozens of members from Russia, China, Ukraine and European countries, Kaspersky said.

The gang used Carbanak to rob banks and financial institutions of nearly $1bn over a two-year period in 2013 and 2014, Kaspersky said in a report early last year. The group targeted up to 100 organisations in countries including Russia, the US, Germany, China, the Ukraine and Canada.

Kaspersky said at the time that the attacks marked a shift in hackers’ tactics, infiltrating banks directly rather than targeting end user accounts.

The company advised employees in the financial sector to be vigilant in guarding against such attacks, and noted that security software can detect and neutralise malware of the type used to attack banking systems.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago