“Banks have always been an attractive target for intruders but this robbery marks a new stage. Now, cybercriminals can steal money directly from banks, rather than from users,” Kaspersky Lab expert Sergei Lozhkin told RIA Novosti.
The Kaspersky Lab first learned about Carbanak in late 2013, when a Ukrainian bank asked it to help carry out a criminal investigation, Lozhkin said.
“Someone mysteriously stole money from ATMs. Back then, we considered this incident to be an ordinary malicious attack. However, several months later, a Russian bank came to us with a similar problem,” he explained, adding that the Russian bank’s systems issued warnings about data being sent to China.
An investigation uncovered a criminal chain involving several dozen people from China, Russia and Ukraine, as well as several other European countries, Lozhkin said.
“The banks’ security personnel were convinced that only insiders could steal money using banks’ internal networks. Nobody expected such an attack,” he said.
Cybercriminals used methods that enabled them to not be dependent on the bank’s software, the expert explained. “Hackers didn’t even need to break into the bank’s services. They just infiltrated the corporate network and learned how to disguise fraudulent actions as legitimate.”
The Carbanak group has managed to steal money from banks in nearly 30 countries, according to Kaspersky Lab.
