As many as 100 banks and other financial institutions around the world have been hit by a sophisticated cyberattack, Russian security firm Kaspersky says in a report to be released Monday.
The firm estimates the losses that the banks have suffered at US$1 billion, the Financial Times reported.
“It’s not 100 per cent clear at this point whether all the targets were successful or not,” a Kaspersky representative said. “It’s still an attack that’s very much active.”
The massive losses stem from a series of attacks over the past two years, Kaspersky said in a statement Sunday, which it said was made with the backing of Interpol, Europol and agencies in several countries that were conducting investigations.
“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” said Sanjay Virmani, director of Interpol’s digital crime centre.
The attacks were all said to have been mounted by an international criminal gang referred to by the investigators as Carbanak, suspected to have representatives in Russia, Ukraine and other parts of Europe, as well as China.
Kaspersky said the gang penetrated banks’ systems using a technique called spear phishing, in which individual employees are sent emails that secretly release malware into a company’s system once they are opened.
The malicious code then identified officials with authority to transfer large amounts of cash. It examined their activities and used the knowledge to shift amounts of up to US$10 million to accounts in banks in China and the United States.
Sometimes, instructions were sent at specific times to automated teller machines to direct them to start dispensing money, Kaspersky said.
– Contact us at [email protected]