(Bloomberg) -- A hacker group has stolen as much as $1 billionfrom banks and other financial companies worldwide since 2013 in an“unprecedented cyber-robbery,” according to computer security firmKaspersky Lab.

|

The gang targeted as many as 100 banks, e-payment systems andother financial institutions in 30 countries including the U.S,China and European nations, stealing as much as $10 million in eachraid, Kaspersky Lab, Russia’s largest maker of antivirus software,said in a report. The Carbanak gang members came from Russia,China, Ukraine and other parts of Europe, and they are stillactive, it said.

|

“These bank heists were surprising because it made no differenceto the criminals what software the banks were using,” said SergeyGolovanov, principal security researcher at Kaspersky Lab’s globalresearch and analysis team. “It was a very slick and professionalcyber-robbery.”

|

The details of the hacking follows news of other attacks onhigh-profile companies in recent months, including JPMorgan Chase& Co., the biggest U.S. bank; Anthem Inc., the second-biggestU.S. health insurer by market value, and Home Depot Inc., thelargest home-improvement chain. In those cases, data rather thanmoney was stolen.

|

The criminals detected by Kaspersky infected bank employees’computers with Carbanak malware, which then spread to internalnetworks and enabled video surveillance of staff. That letfraudsters mimic employee activity to transfer and steal money,according to Kaspersky, which said it has been working withInterpol, Europol and other authorities to uncover the plot.

|

Paul Bresson, a spokesman for the U.S. Federal Bureau ofInvestigation in Washington, declined to comment on the report.

|

Cash Dispensers

|

The Carbanak gang also used access to banks’ networks to seizecontrol of ATMs and order them to dispense cash at certain times tohenchmen, Kaspersky said. In some cases the gang inflated thebalance of certain accounts and pocketed the extra funds withoutarousing immediate suspicion, according to the report.

|

Kaspersky was alerted to the hacking of cash dispensers when thesecurity service of an Eastern European bank showed a video of itsATM dispensing cash to a thief “who wasn’t pushing any button anddidn’t even have a banking card,” said Sergey Lozhkin, a seniorsecurity researcher at the company, said by phone from Cancun,Mexico.

|

British Police

|

The antivirus company at first thought the ATM was infected, butthen found that hackers controlled it using the bank’s internalnetwork. Several other global and regional banks addressedKaspersky Lab on the matter, which helped it to unearth the entirecriminal scheme, according to Lozhkin.

|

Kaspersky won’t disclose the identity of financial institutionshurt by the attack because of a confidentiality agreement, Lozhkinsaid.

|

The main conclusion is that large banks should know they are nowtargets for hackers, and should tighten their information-securitypolicies, update software and increase antivirus protection,Lozhkin said.

|

“Cybercriminals have got the infection-to-cash cycle down to afine art, proving crime does pay when the victim’s perimeter can bebypassed and systems manipulated at will,” said Mark Bower, vicepresident of product management at Voltage Security Inc., aCupertino, California-based security services company.

|

‘Unrelenting Wave’

|

Details of the Carbanak gang come as companies are switchingfocus from keeping hackers out to minimizing the effect of attacks,the most sophisticated of which are increasingly seen asinevitable.

|

British police made arrests last year after more than 50 cashmachines in the country were infected with malware that allowedcrooks to steal 1.6 million pounds ($2.5 million). Online theftfrom accounts of Japanese savers increased to a total $16 millionin the first six months of 2014. And in 2013, eight New Yorkerswere charged with stealing $45 million from banks based in theUnited Arab Emirates and Oman by electronically stealing card dataand eliminating withdrawal limits.

|

U.S. President Barack Obama convened a national summit on Fridayto encourage cooperation between federal and private securityspecialists to combat hackers and data breaches. The event includedexecutives and security officials from companies such as MicrosoftCorp., Google Inc., Yahoo! Inc. and Facebook Inc.

|

“The level of collaboration between public and private sectorshas to be at a much deeper level to put even a slight dent in thisunrelenting wave of successful cyberattacks,” said Igor Baikalov,chief scientist at Securonix Inc., a Los Angeles-based provider ofthreat-detection services.

|

--With assistance from Chris Strohm and Jeff Kearns inWashington.

|

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

  • All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.