Hackers Stole Hundreds of Millions in Massive Malware Bank Heist

By Ashley Feinberg on at

In what may be one of the biggest bank heists to date, hackers have apparently siphoned hundreds of millions of pounds from over 100 banks in 30 nations. And according to the upcoming Kapersky Lab report, this could be "the most sophisticated attack the world has seen to date."

The analysis from Kapersky Lab, which comes out Monday and was acquired by The New York Times, comes after the cybersecurity firm was called in to investigate a rogue, cash-spewing ATM in Ukraine a little over a year ago. According to The New York Times, the ATM was just the beginning:

The bank's internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.

Once they had the necessary info, the hackers were able to impersonate bank officers, allowing them to transfer money from banks in the US, Russia, Japan, Switzerland, and the Netherlands to their various international dummy accounts. According to the report, the sheer size of this attack cold make it "one of the largest bank thefts ever." And while the cybercriminals siphoned at least £195 million globally, Kapersky Lab believes the total could be three times that.

None of the banks have yet been named, but the majority of them were located in Russisa, with Japan, and the US also taking quite a bit of the brunt. What's more, since the hackers only swiped £6.5 million at a time, the attacks likely didn't raise any eyebrows. The banks involved have been made aware, but they have yet to inform any customers. Which, while troubling in its own right, is made worse by the fact that the hack is still apparently ongoing.

And according to the Kapersky report, it all started the same way practically every other malware attack starts: Email. You can read more about the hack over at The New York Times here, and for god's sake—stop clicking sketchy emails. [The New York Times]

Image via Getty