Hundreds of millions of dollars were stolen from 100 banks in 30 countries by hackers who, in turn, were hacked by Russian cybersecurity firm Kaspersky.
A CNN Money story on Monday says that hackers in Russia, China, and Eastern Europe over the past several years used botnets to send out malware-laced emails to bank employees, often impersonating colleagues. After bank staff inadvertently opened the emails, the hackers were able to get into the banks’ systems and eventually take control, learning how to best steal money.
The FBI is denying that U.S. banks’ systems were compromised.
According to CNN, the hackers used the interbank network called SWIFT (Society for Worldwide Interbank Financial Telecommunication) to quickly move money around.Sometimes the hackers would instruct a certain automated teller machine to automatically spew cash onto the sidewalk, with a colleague standing by to collect it, according to a New York Times story. The Times received an advanced copy of the Kaspersky report.
Other times the hackers would inflate the dollar amount of a customer’s checking account, from say, $1,000 to $10,000, and then immediately transfer $9,000 outside the bank so the customer would likely not suspect and report the transfer — and hours before the bank would review transfer activity.
The reason why this could continue to happen over a multi-year period? The hackers typically limited their theft at any single bank to $10 million, to avoid triggering a full-blown analysis, the Times wrote.
Email spoofing fraud, also called “spear phishing,” is one of the most preventable” kinds of cyber attacks, said Stu Sjouwerman, CEO of KnowBe4, which provides web-based security training.
“You would expect the finance industry to set the bar very high and have employees trained within an inch of their lives not to fall for such an attack,” Sjouwerman said.
Kevin Mitnick, KnowBe4’s chief hacking officer said, “Even after 20 years, social engineering is still the easiest way into a target’s network and systems.”
The Financial Services Information Sharing and Analysis Center, an industry consortium, told the Times that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”
“The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing,” the Times wrote.
Featured image: Thinkstock