Russian security company Kaspersky Lab yesterday claimed that a hacking ring has affected more than 100 banks in 30 countries over the past two years. The report says that hackers have stolen as much as $1 billion from banks around the world. First reported by the New York Times, the report will be presented Monday at a security conference in Mexico.
Here's what they did.
The hackers gained access to the bank's computer systems through phishing methods and other confidence scams. They then lurked in the institutions’ systems, taking screen shots or even video of employees at work. Once they became familiar with the banks’ operations, the hackers could steal funds without raising alarms, programming ATMs to dispense money at specific times for instance or transferring funds to fraudulent accounts.
How did the Banking Hacks happen?
Hackers targeted the internal computers which were used by bank officials to process transfers and maintain customer records. To numerous bank employees, they sent phishing emails with a bundled malware program called Carbanak attached to it. If opened, the malware would install programs on the bank's administrative computers and take screenshots and record keystrokes. With the help of such malicious programs, hackers later used to learn standard bank procedures and also remotely control bank computers.
Where Banks Lack in Security?
While hackers are constantly updating themselves on the technological front, banks still rely on outdated software infrastructure. The legacy software packages used by banks lack the essential security parameters and are more vulnerable to the advanced tactics employed by hackers. Significant damage is also caused due to less aware employees who fall into the trap of phishing emails and often publish confidential data on other sources unknowingly.
Even though banking institutions have been known to be early adopters of technology, things like these are becoming frequent. There needs to be stronger focus on security as we move ahead from here.