A new report by computer security firm Kaspersky Lab has said that as many as 100 banks and financial institutions have been attacked by a cyber-criminal gang and £1bn has been stolen.
The attacks, which the report says started in 201, are still active and are under investigation. According to Kaspersky, which worked with Europol and Interpol on the investigation, the attacks took place in 30 countries including firms in US, Russia, Germany and China.
In a statement on Sunday, Kaspersky said that the massive potential losses stem from a number of attacks over the past two years. “These attacks again underline the fact that criminals will exploit any vulnerability in any system,” said Sanjay Virmani, director of Interpol’s digital crime centre.
The gang, which is referred to as Carbanak by investigators, has members from Russia, Ukraine and China, and reportedly used computer viruses to infect company networks and targeted individual employees with emails containing malware. This enabled the cyber gang to record everything that happened on staff’s screens and meant they could even transfer money from the bank’s accounts to their own accounts and command cash machines to dispense cash at a certain time of day.
The FT reports that Vincente Diaz, principal security researcher, Kaspersky said that after identifying the most senior administrators inside banks and embedding their surveillance tools, the attackers spent months learning how the officials operated before replicating their actions to steal money. “It was a very slick and professional cyber robbery,” said another security researcher at Kaspersky Lab.
The Financial Services Information Sharing and Analysis Center, an organisation that alerts banks about cyber security threats, said that its members had been briefed about the Kaspersky report in January.
In a statement the group said, “We have disseminated intelligence on this attack to members. We cannot comment on individual actions our members have taken, but on balance we believe our members are taking appropriate actions to prevent and detect these kinds of attacks and minimise any effects on their customers.”