By:
In
what may be one of the biggest bank heists to date, hackers have
apparently siphoned hundreds of millions of dollars from over 100 banks
in 30 nations. And according to the upcoming Kaspersky Lab report, this could be "the most sophisticated attack the world has seen to date."
The analysis from Kaspersky Lab, which comes out Monday and was acquired by The New York Times, comes after the cybersecurity firm was called in to investigate a rogue, cash-spewing ATM in Ukraine a little over a year ago. But according to The Times, the ATM was just the beginning:
The bank's internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
Once they
had the necessary info, the hackers were able to impersonate bank
officers, leaving them free to transfer money from banks in the US,
Russia, Japan, and Switzerland (among others) to various international
dummy accounts. According to the report, the sheer size of this attack
could make it "one of the largest bank thefts ever." And while the
cybercriminals siphoned at least $300 million globally, Kaspersky Lab believes the total could be nearly three times that.
So far,
none of the banks have actually been named, but the majority of them are
apparently located in Russia, with Japan and the US also taking quite a
bit of the brunt. What's more, since the hackers only swiped $10
million at a time, the attacks likely didn't raise any eyebrows while
they were being carried out. Though the banks involved have been made
aware, they have yet to inform any customers. Which, while troubling in
its own right, is made worse by the fact that the hack is apparently still ongoing.
And according to the Kaspersky report, it all started the same way practically every other major hack starts: email. You can read more about the hack over at The New York Times here, and in the meantime, for god's sake—stop clicking sketchy emails. [The New York Times]
