A wave of cyberattacks has cost banks across the globe up to $1bn since 2013, according a report by Russian computer security firm Kaspersky Lab.
Up to 100 banks, e-payment systems and other financial institutions in about 30 countries have become the targets in these attacks.
Go deeper with GlobalData
The countries being targeted include Russia, US, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Spain, Norway, India, the UK, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria, and Australia.
The report estimates that the largest sums were stolen by hacking into banks, with up to ten million dollars stolen in each raid and each bank robbery taking two to four months.
Kaspersky Lab’s global research and analysis team principal security researcher Sergey Golovanov said, "These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery."
The cybercriminals gained entry into an employee’s computer with the help of spear phishing, infecting the victim with the Carbanak malware, and then penetrated the internal network and tracked down administrators’ computers for video surveillance.
For money transfer from the banks’ accounts to their own, the fraudsters used online banking or international e-payment systems.
Fraudsters also sometimes penetrated into the heart of the accounting systems, inflating account balances before getting the extra funds via a fraudulent transaction.
The report said that the attacks are still active.
