Imagine an ATM that was dispensing cash – even though no one had entered their card or had touched the keypad. To the cameras monitoring the ATMs, it simply looked like lucky pedestrians happened to be in the right place at the right time to sweep up the cash. Most of us would think that sounds too good to be true – and it was.
This wayward ATM was the catalyst prompting investigation that would uncover one of the most sophisticated and costly cyber attacks to take place yet.
What Happened?
A hacking gang is suspected of infiltrating the networks of approximately 100 banks in 30 countries to steal an estimated $1 billion over two years.
How did they do it? Unlike most cyber attacks, this group named Carbanak or Anuak managed to compromise the systems of the banks but instead of immediately stealing data or cash and potentially alerting security, they observed the inner workings of the systems to monitor how exactly the transactions took place.
The hackers were able to gain access to their systems through the relatively common method of phishing. They sent emails to employees containing information that looked to be from a trusted source containing a Windows or Office document attachment.
When the employees opened the attachment, this then injected malware into the targets computer – allowing complete access to their network.
With this access, the hackers then monitored the internal daily workings of the banking systems through recording keystrokes and taking screenshots every 20 seconds. This gave them a thorough understanding of how they could manipulate the internal systems rather than targeting the customers directly, as they are more closely monitored for fraud.
Armed with this information, the cyber criminals were able to mimic internal processes so accurately that they were able to conduct transfers to fake accounts they had setup without being detected, as they looked like an everyday transaction the bank would normally make.
This is also takes us back to the ATMs. The hackers were also able to target and control the remote access to the ATMs to instruct them to dispense sums of money, only to have one of their ‘money mules’ walk past at just the right time to collect the funds.
This more calculated approach to the theft allowed the hackers to go undetected for a substancial amount of time, which is a real concern for online security.
The Real Concern
As far as cyber attacks go, this one has been considered as one of the most sophisticated to take place.
Some banks were targeted multiple times while each individual compromise was estimated to rake in $10 million – all undetected for a considerable period of time.
To think this hack began from the tried and true method of phishing is a real concern and highlights the need for companies to increase their data security through ensuring that all of their software is current and up to date with all ‘patches’ and ‘fixes’, as well as implementing greater measures for scanning all incoming emails for such threats.
Secondly, and perhaps a more complicated issue to address is the need for more stringent internal auditing measures. In this case, there was no alert raised that indicated that these transactions were not being performed by bank employees, but rather external hackers posing as employees.
With this ever-changing online landscape, many experts believe it is better to assume your network has already been compromised and to continually monitor for unwanted manipulation rather than to simply rely on your to online security measures to successfully do their job – as we have seen in this case that something so simple as phishing to tear that all down.
Furthermore, it is possible to beat hackers at their own game by setting up fake internal honeypots and numerous other baiting techniques which will assist institutions in detecting an unwanted presence in their systems.
What we can take away from this case is the reminder that hackers are becoming more calculated and sophisticated in the orchestration of their attacks. Gone are the days of simply taking what they can, as fast as they can. These cyber criminals are more than willing to place hours and hours of time and energy into perfecting their plan to ensure they go undetected for a long as possible while subtly stealing millions.
