In recent months, there has been increased concern about whether the cybersecurity measures taken by financial institutions are sufficient to protect against cyber threats. Much of the concern focuses on whether the end user (i.e., the average individual using a bank or making a purchase with credit cards over the internet) is protected. But what about the banks and financial institutions themselves? Are they sufficiently protected from cyber attacks?
Cybercriminals Steal $300 Million From Banks
It has recently been discovered that a group of cybercriminals, identified as being from China, Europe and Russia, have banded together in an enormous effort to steal money from more than 100 banks in the United States, Japan, Russia, Switzerland, the Netherlands along with various other countries, amassing more than $300 million dollars in stolen money. The heist began more than two years ago, and is still underway today; so far, the criminals have not been caught. Due to the ongoing investigation, and the continued operation of the group, it is estimated that the total amassed by the heist so far could be upwards of $1 billion.
The group responsible for the theft is referred to as “Carbanak.” Authorities from INTERPOL, Europol and a Russian cybersecurity firm called Kaspersky Lab have been investigating the cybercrime group’s activities. These authorities have found evidence cyberattacks on roughly 300 IP addresses globally, with banks in Russia and the United States being the most frequently targeted.
It appears that the group utilized infected email attachments containing malicious code that enabled the cybercriminals to create a backdoor into the victim bank’s network to gain access to the bank systems. Once the victim bank’s system was compromised, the hackers took time, anywhere from between two months to four months, to monitor how bank clerks worked in each victim bank and then modeled their fraudulent banking activities after legitimate actions that banking staff normally took in the course of doing their jobs in order to make off with the stolen funds.
The money was stolen in three distinct ways.
- Inflating accounts and then withdrawing the inflated amount. Cybercriminals were able to hack directly into the accounting systems of some of the victim banks. After gaining access, the criminals would increase the value of an account, and then withdraw the amount by which the account was inflated. Doing this avoided detection since the true account holder never lost any funds, i.e., the account holder’s balance was always available and was never taken, and only the inflated amount was transferred out of the account.
- International and electronic bank transfers. By utilizing various online banking tools and international electronic payment applications, the criminals were able to transfer funds from a victim bank to accounts created to collect the stolen money. The transfers were predominantly made to Chinese and American banks.
- Direct control of ATMs. The cybercriminals were able to gain access to many banks’ ATM networks. Once inside the ATM networks, the criminals were able to remotely control when an ATM would dispense money. By designating a pick up time, the criminals would make pickups of the unauthorized dispenses of cash at vulnerable machines.
Banks Need To Bulk Up Cybersecurity Measures
While it is important that banks and other financial institutions take steps to protect their end user customers, these entities also need to take measures to better protect themselves from cyber threats. Utilizing proprietary cyber infrastructure, monitoring for suspicious activity within bank networks, employing prudent cyber practices in the workplace and staying updated on cybersecurity developments are all crucial for identifying a threat before it becomes a serious problem.