South China Morning Post
Advertisement
Advertisement
A sophisticated gang of cyber criminals called Carbanak is believed to have stolen over US$1 billion from 2013-2015 by targeting more than 100 banks in 30 countries. Now it poses even more of a threat due to its use of newly evolved malware, Kaspersky warned. Photo: SCMP Pictures
TechScience & Research

Global alert on bank robbing hackers: Kaspersky Lab warns infamous Russian cyber-criminal gangs are back, more dangerous than ever

International experts issue world warning to banking industry of new trojans and malware targeting ATM machines, call centres and support computers

Liz Mak
Liz Mak
Why you can trust SCMP

Computer virus researcher Kaspersky Lab issued a warning to financial institutions this week that bank-robbing trojans and other malware launched by Russian hacking groups are making a comeback and may be deadlier than ever as they use more sophisticated malware to deploy APT-style attacks.

An APT - advanced persistent threat - attack represents a set of hacking processes that is typically very hard to detect due to its covert nature and lengthy running time.

The research lab has issued an alert for banks to watch out for newly evolved versions of trojans created by the cyber-criminal group Carbanak, which was first discovered this time last year when it used malware to steal millions of US dollars, and copycats including Metel and GCMAN.

READ MORE: Russia’s Kaspersky Labs signs deal with China Cyber Security Company as Beijing and Moscow call for end to US domination of internet

The malware was built by Russian gangs with the known involvement of mainland Chinese and Ukrainian criminals. Together, they infected hundreds of financial institutions in over 30 countries.

Metel, the latest addition to the list of cyber threats targeting banks, enables criminals to gain control of a bank’s system handling money transactions by hijacking its call centres and support computers, through which they can roll back ATM transactions using automated sequences.

This means the balance on clients’ debit cards remain unchanged regardless of the number of ATM transactions undertaken.

Kaspersky said local gangs drive around quiet Russian towns at night emptying the ATM machines of multiple banks using the same debit cards issued by a compromised bank, which the company declined to name.

A lead researcher at the company said cyber criminals have evolved the way in which they carry out their hacking attacks, and that these now appear to be more serious than previously thought.

“The active phase of a cyberattack is becoming shorter,” said Sergey Golovanov, principal security researcher at Kaspersky Lab’s global research & analysis team.

“When the attackers become skilled in a particular operation, it takes them just days or a week to take what they want and run,” he said.

“Attacks on financial institutions uncovered in 2015 indicate a worrying trend of cybercriminals aggressively embracing advanced persistent threat-style attacks,” he said.

“The Carbanak gang was just the first of many: cybercriminals now learn fast how to use new techniques in their operations, and we see more of them shifting from attacking users to attacking banks directly. Their logic is simple: that’s where the money is,” said Golovanov.

Kaspersky said it expects banks to be more vigilant about checking how web banking servers are protected. Databases that contain information about the account owners should be ring-fenced, on top of their balances, the company said.

Post