CARBANAK MALWARE: HACKERS STEAL OVER $300 MILLION
Researchers at Kapersky recently published details of malware attacks that have affected banks in over 30 countries, resulting in a theft of over $300 million.
The malware, named Carbanak, has been distributed to various bank employees since late 2013 to banks all over the world. This allows keystrokes to be recorded as well as screen shots of the bank’s computers, so that hackers can learn bank procedures. They also enable hackers to control the banks’ computers remotely.
By mimicking the bank procedures they have learned, hackers direct the banks’ computers to steal money in a variety of ways:
Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened. The hackers’ success rate was impressive. OneKASPERSKY
client lost $7.3 million through A.T.M. withdrawals alone. Another lost $10 million from the exploitation of its accounting system.
This attack just goes to show that even some of the most protected institutions in the world can fall prey to somewhat simple attacks due to user error. It only takes 1 wrong move of 1 person in an organization to cause a vicious chain reaction.
The malware, named Carbanak, has been distributed to various bank employees since late 2013 to banks all over the world. This allows keystrokes to be recorded as well as screen shots of the bank’s computers, so that hackers can learn bank procedures. They also enable hackers to control the banks’ computers remotely.
By mimicking the bank procedures they have learned, hackers direct the banks’ computers to steal money in a variety of ways:
- Transferring money into hackers’ fraudulent bank accounts
- Using e-payment systems to send money to fraudulent accounts overseas
- Directing A.T.M.s to dispense money at set times and locations
Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened. The hackers’ success rate was impressive. OneKASPERSKY
client lost $7.3 million through A.T.M. withdrawals alone. Another lost $10 million from the exploitation of its accounting system. This attack just goes to show that even some of the most protected institutions in the world can fall prey to somewhat simple attacks due to user error. It only takes 1 wrong move of 1 person in an organization to cause a vicious chain reaction.
Comments
Post a Comment