Hundreds of banks across 30 nations have been attacked by sophisticated malware that has allowed hackers to steal hundreds of millions of dollars. The heist, which first began in 2013, is thought to be one of the largest in history.
The malware was discovered by Russian cybersecurity firm Kaspersky Lab, which was called to Ukraine to investigate an issue with a local ATM in late 2013, which had mysteriously started dispensing cash at random throughout the day.
Kaspersky “discovered that the errant machine was the least of the bank’s problems,” The New York Times reports. “The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move.”
The malware had been sending video feeds and images back to hackers for months, allowing them to keep an eye on the infected banks. Once they had learned the behaviour of employees, they could process transactions that would look like everyday business.
They then used the malware to transfer millions of dollars from banks in Russia, Japan, Switzerland, the Netherlands, and the U.S. into “dummy” accounts in other countries.
Some of the transfers were for modest sums, likely to avoid triggering alarms. But many of the transactions were worth $10 million, and numerous banks were hit by these several times. One Kaspersky client reportedly lost $7.3 million in ATM transactions alone.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Chris Doggett, managing director of the Kaspersky North America office in Boston, told The Times.
Kaspersky has evidence that indicates around $300 million has been stolen to date, but the company says the actual total could be triple that. Most of the infected banks are said to be located in Russia, but the hack is widespread and still ongoing.
To date, no bank has acknowledged the attack, and Kaspersky cannot confirm which ones are affected due to a non-disclosure agreement.