A group of hackers from several countries have carried out one of the sophisticated and largest attacks in the world and managed to steal between $300 to $900 million from more than 100 banks around the world.
How did they do it?
2014 “excelled” in a large number of cyber-attacks that made a lot of noise. Starting with Walmart and Home Depot, through Apple and Microsoft and Sony to course.
Now, we’ve only started 2015 and immediately we are hit with one of the most serious attacks in history.
The hackers have conducted a deliberate attack from 30 countries in Russia, Japan, the United States and Europe.
The attack was complex and involved several steps:
In the first stage, the hacker sent infected emails to employees of various banks, including links. This method is called: Phishing
Bank officials who clicked on the links were immediately infected by a RAT (Remote Access Tool), which is a tool that allows full control over the victim’s computer, including screenshots, camera viewing, browse files and desktop, implantation of processes and tasks, browser and hardware devices control, and more.
In the next stage the attackers identified the relevant bank officials responsible for money transfers and ATM bank withdrawals.
The final step was the theft itself, carried out by a transferring money from the victim’s accounts to a pre-opened dedicated straw accounts or simply withdrawing through ATM or the bank.
Up until the ‘ATM incident’, the attackers demonstrated great patience: they learned the methods of operation of the bank’s officials and the owners of the various accounts, then they imitated these modes of operation. That is, they transferred specific amounts and at specific times that do not to arouse suspicion. As a result, one bank lost $7.3 million by ATM withdrawals and other bank lost $10 million transferred from the accounts of victims. In some cases the attackers also used in the Swift code – the international code of funds transfer between banks.
In fact, the suspicion began to arise when a bank security cameras in Kiev, Ukraine, have shown how the bank’s ATM emit bills of money, without a customer asking to withdraw money. Very quick passersby began to gather the free emitted bills.
So how could the attackers transfer such huge sums without being detected?
The secret is, first and foremost, in the method.
Instead of attacking the system using the conventional “Take the money and run” method, the attackers chose to emulate the various modes of the accounts and operate under the radar. This way they could even fool security software that study “customer habits” and trigger an alert when operations do not suit the customers’ usage patterns.