Unknown Hacking Group Pulls $300 Million International Bank HeistWith threat concerns at an all-time high, a Russian cybersecurity firm's investigation uncovered a large scale financial hack attack.
ByNina Zipkin•
Fears of a cyberattack are chief amongfinancial institutions' concerns. And it's no wonder why.
In a troubling report released this week, global cybersecurity firmKaspersky Labfound that, since 2013, there has been an ongoing infiltration of over 100 banks and financial institutions in 30 different countries. The hacker group behind the attacks is still at large and largely unknown.
Related:创业公司需要做什么是网络安全201年5
The group -- which has beendubbedthe "Carbanak cybergang" because of the type of malware they used -- has stolen anywhere from $300 million to roughly three times that. The hackers planted the malware in bank computers via infected e-mails (posing as bank employees) targeting the main admin computer. They then recorded the computers for months as bank employees went about their business.
The hackers took money from banks in Japan, the Netherlands, Russia, Switzerland and the U.S and transferred it to fake accounts in other countries,reportsThe New York Times.The withdrawals were reportedly limited to $10 million to avoid tripping any precautions the banks had in place. They also used the stolen information to get into the e-banking systems and ATMs -- which ultimately led to the discovery of the large scale attack.
Related:The Next Place Hackers Will Find You? Your Car.
Kaspersky Lab began investigating the attack after an ATM in Kiev, Ukraine, started shooting out extra cash, completely unbidden at different times during the day.
The Russian firm's findings come at a fraught time, especially after the illuminating and frighteningfalloutfrom the Sony hack. Last week, President Obamaspokeat the Summit on Cybersecurity and Consumer Protection at Stanford University and signed anexecutiveorder urging the private sector to "share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible." These efforts follow the president's call for a30-day breach notification lawin January.
Related:Better Safe Than Sorry: How Startups are Staying Protected in Cyberspace