Carbanak

Carbanak is an APT-style campaign targeting (but not limited to) financial institutions[1] that was claimed to have been discovered in 2015 by the Russian/UK Cyber Crime company Kaspersky Lab who said that it had been used to steal money from banks.[2] The malware was said to have been introduced to its targets via phishing emails.[2][3] The hacker group was said to have stolen over 500 million dollars, or 1BN dollars in other reports, not only from the banks but from more than a thousand private customers.

The criminals were able to manipulate their access to the respective banking networks in order to steal the money in a variety of ways. In some instances, ATMs were instructed to dispense cash without having to locally interact with the terminal. Money mules would collect the money and transfer it over the SWIFT network to the criminals’ accounts, Kaspersky said. The Carbanak group went so far as to alter databases and pump up balances on existing accounts and pocketing the difference unbeknownst to the user whose original balance is still intact.[4]

Their intended targets were primarily in Russia, followed by the United States, Germany, China and Ukraine, according to Kaspersky Lab. One bank lost $7.3 million when its ATMs were programmed to spew cash at certain times that henchmen would then collect, while a separate firm had $10 million taken via its online platform.

Kaspersky Lab is helping to assist in investigations and countermeasures that disrupt malware operations and cybercriminal activity. During the investigations they provide technical expertise such as analyzing infection vectors, malicious programs, supported Command & Control infrastructure and exploitation methods.[5]

Controversy

Some controversy exists around the Carbanak attacks, as they were seemingly described several months earlier in a report by the Internet security companies Group-IB (Russia) and Fox-IT (The Netherlands) that dubbed the attack Anunak.[6] The Anunak report shows also a greatly reduced amount of financial losses and according to a statement issued by Fox-IT after the release of the NY Times article, the compromise of banks outside Russia did not match their research.[7] Also in an interview conducted by Russian news paper Kommersant the controversy between the claims of Kaspersky Lab and Group-IB come to light where Group-IB claims no banks outside of Russia and Ukraine were hit, and the activity outside of that region was focussed on Point of Sale systems.[8]

Reuters issued a statement referencing a Private Industry Notification issued by the FBI and USSS (United States Secret Service) claiming they have not received any reports that Carbanak has affected the financial sector.[9] Two representative groups of the US banking industry FS-ISAC and ABA (American Bankers Association) in an interview with Bank Technology News say no US banks have been affected.[10]

References

  1. Kaspersky Labs' Global Research & Analysis Team (GReAT) (February 16, 2015). "The Great Bank Robbery: the Carbanak APT.". Securelist. Archived from the original on February 17, 2015.
  2. 1 2 David E. Sanger and Nicole Perlroth (14 February 2015). "Bank Hackers Steal Millions via Malware". The New York Times.
  3. Fingas, Jon (February 14, 2015). "Subtle malware lets hackers swipe over $300 million from banks". engadget. Archived from the original on February 15, 2015.
  4. "Carbanak Ring Steals $1 Billion from Banks". Threatpost. 15 February 2015.
  5. "The Great Bank Robbery: the Carbanak APT". Securelist. 16 February 2015.
  6. "Anunak APT against Financial institutions" (PDF). Fox-IT. 22 December 2014.
  7. "Anunak aka Carbanak update". Fox-IT. 16 February 2015.
  8. "Group-IB and Kaspersky have conflicting views". Kommersant. 23 February 2015.
  9. "FBI, Secret service, no signs of Carbanak". Reuters. 18 February 2015.
  10. "Carbanak overhyped, no US banks hit". BankTechnologyNews. 19 February 2015.
This article is issued from Wikipedia - version of the Tuesday, January 12, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.