The hacker network behind an unprecedented $1 billion attack on banks took control of financial systems by first sending out emails with malware Word files, RT found out from an expert at the Russian cybersecurity firm which revealed the crime.
While the majority of around 100 robbed banks are in Russia, financial institutions were also targeted in Japan, the Netherlands, Switzerland and the US.
The already-confirmed cases of hacking have cost banks some $300 million, according to Kaspersky Lab.
READ MORE: Hackers steal ‘$300 million in 100 banks’ in massive heist
“The overall damage could be near $1 billion,” Kapersky
Lab expert Sergey Lozhkin told RT over the phone. “Each of
the [attacked] organizations could have lost an estimated $10
million.”
Among various means of getting into banks’ systems, perpetrators
used fake emails from genuine financial institutions, including
the Central Bank, with Microsoft Word attachments.
“If a victim who received the letter, a bank employee, had
old software, then the system’s vulnerability allowed for the
malware to infect the computer,” Lozhkin said.
After that, a number of sophisticated means would let the hackers first learn how that particular employee was working with the bank’s internal programs, than move from one computer to another and eventually gain full access to the bank’s entire system.
“They were then remotely making the banks transfer money to
ATMs, so that certain people could then come up to those ATMs and
pick the money. Someone was waiting by an ATM for the money to be
spitted out [sic],” Lozhkin said.
Something went wrong with the scheme in Ukraine. No one would
come for the cash that was suddenly coming out of an ATM. That
was exactly when Kaspersky Lab was invited to look into the
matter. That little clue eventually gave away the whole of the
attack, which was first reported by the New York Times.
READ MORE:‘Many major states lack the expertise to prevent cyber-terror’ – security chief
The names of the banks affected have not been disclosed. Lozhkin
believes they are largely to blame for what happened.
“When it comes to cyber-infrastructure, then even the largest
banks are not always careful enough to merely update the software
their employees use,” he said. “Sometimes they just
forget about it or don’t think [its] important and so the malware
can use the system’s vulnerability to penetrate it. That’s the
way we see it.”
Kaspersky Lab is continuing its investigation of the attack.