The world’s biggest cyberattack to date has been pulled off by the Carbanak hacking team. It resulted in $1 billion being obtained from more than 100 financial institutions around the world. Who says crime doesn’t pay!
This robbery is on an altogether different scale. The scam has been in operation for over two years according to a recent report by Kaspersky Labs, one of the providers of anti-virus protection present in SpamTitan and WebTitan security products.
The gang is a truly International network of hackers and online criminals, with members understood to be located in Ukraine, Russia, China and many European countries. The gang profits by making fraudulent transfers from corporate bank accounts. The money is transferred to the criminals’ accounts, withdrawn, and is never seen again.
The attacks are still being conducted and the gang has hit organizations all over the world. Their targets are numerous. Companies in the United States, United Kingdom, Germany, China, Hong Kong, Switzerland, Morocco, Ireland, Australia, Ukraine, Russia, India, Pakistan, Norway, Spain, France, Poland, Czech Republic, Bulgaria, Brazil, Canada, and Iceland have all been targeted and had their bank accounts plundered.
The criminal activities were uncovered recently and a global effort is underway to bring Carbanak down. INTERPOL, Europol, and other law enforcement agencies are joining forces with providers of anti-virus and IT security products to identify those responsible, break the crime ring, and bring the individuals to justice. The problem? The methods used to obtain the money had not been seen before, and the exact way the gang obtained funds remained a mystery until very recently. This was the most sophisticated attack method ever seen according to Kaspersky Labs. The bad news is it is still in operation. Knowing how it works does not make catching the criminals much easier.
How are they managing to get so much money, virtually undetected?
The scam starts with a single employee in an organization responding to a spear phishing email. The individual is targeted by gaining information about him or her. That information is then used to craft an email that is likely to elicit the desired response: The downloading of Carbanak malware onto the user’s computer.
The malware is then used to launch an attack that allows access to the internal network of the company to be gained. From there the criminals locate system administrators with access to the company’s surveillance systems. The CCTV systems used by the financial institution are then accessed and the video feeds and files viewed. The criminals look at what happens on the screens of the members of staff who service cash transfer systems. The necessary data is recorded and the actions of the staff copied. Money is moved out of company accounts the exact same way the staff would do it.
The scheme is bold, ingenious, and incredibly scary. By operating in this fashion it does not matter whether each bank has a different software system. It makes no difference. The criminals don’t even use hacks. All that is required is network access. Their activities can be easily hidden behind legitimate actions made by staff.
A virtually perfect crime that is meticulously planned
The criminals were able to operate and leave next to no clues as to how they obtained funds. The scheme shows that no system is perfectly safe and impervious to attack. However, the scam started with a spear phishing campaign and protections can be put in place to prevent phishing emails from being delivered.
In this case, the initial targets were meticulously researched. The spear phishing emails then designed to get malware installed. However, if phishing emails are blocked and phishing websites cannot be accessed, then it is possible to prevent access from being gained.
If users can be prevented from opening infected attachments, visiting malware-infected websites or installing malicious plugins, users can be prevented from infecting corporate networks.
Emails can be blocked with a powerful anti-Spam solution, malicious websites blocked with web filtering software, and employees can be trained about how to be more security conscious. This applies to personal use of the Internet at home as well as the office. It is personal online activity that allows cyber criminals to gain so much information about their targets and devise effective phishing campaigns. It is not an option to just provide IT security staff with training. This must be extended to all individuals within an organization to protect against attack.
There is no one single solution that can be employed to offer total protection. A layered approach is required with numerous different security solutions employed.
We recommend including some of the following components:
- Robust firewalls
- Anti-Virus protection for firewalls
- Separate Email Gateway Anti-Virus software
- Desktop and Server AV Protection (a different engine to those used on the firewalls)
- Anti-Spam solutions (SpamTitan includes Clam and Kaspersky AV protection)
- Web Filtering Technology (WebTitan also includes dual AV engines)
- Securing of Wi-Fi networks (no open networks)
- Regular Anti-Virus and Anti-Malware scans
- Full system security audits to check for vulnerabilities
- Good password management
- Regular staff training sessions on IT security
- Network activity monitoring
- Social media network controls