IT Blogwatch Security

Is YOUR money safe? Banks lose $1B from Carbanak / Anunak hacks

30+ banks around the world lose about a billion dollars -- in Kaspersky's Russia, spear phishes YOU

carbanak

A 'cybergang' dubbed Carbanak or Anunak is being blamed for stealing as much as $1,000,000,000 from more than 30 banks around the world. Eugene Kaspersky's eponymous AV company revealed the problem this morning.

Is your money safe? Who knows, because nobody's saying which banks are affected.

In IT Blogwatch, bloggers panic and run to withdraw their hard-earned.

curated these bloggy bits for your entertainment.


David E. Sanger and Nicole Perlroth tag-team to talk thuswise:

In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day [but] the errant machine was the least of the bank’s problems.

The scope of this attackcould make it one of the largest bank thefts ever.Kasperskybelieves the total could be [$900 million].The majority of the targets were in Russia.  MORE


And Anne Dujmovic likes to movic, movic:

Kaspersky found that the hackers hit more than 100 institutions in 30 countries, dating back to 2013and the attacks may still be happening.

The hackers have been dubbed the "Carbanak cybergang" because of the name of the malware they used.They broke in to the banks' computer systems [via] infected emails to employees, some of whomunknowingly downloaded malicious software.  MORE


Kaspersky's Michael Mimoso raises el buck's fizo:

Hackers in Eastern Europe are bleeding banks dry.

The hackers lived on the bank networks for months after successfully gaining a network foothold [via] the backdoor named Carbanak.In sitting quietly on the network, the criminals study how the banks operate.ATMs were instructed to dispense cash [or the group] alter[ed] databases [to] pump up balances on existing accounts and pocket[ed] the difference.  MORE


So cale leaf tries not to be too cynical:

I wonder how many IT bods raised concerns about the state of security in these banks, and how many managers will take responsibility for ignoring those concerns.  MORE


Roger Golub ponders who these patient perps are:

They were very patient and methodical, leading up to the assertion that they were 'cybercriminals' rather than state actors. Of course, the last time this weird dichotomy came up, the attackers were state actors because they were so patient.

Sounds a bit clueless to me.  MORE


Here's Jay Dimm's memory: [You're fired -Ed.]

Also a good reminder about US’s idiotic push for backdoors and weaker securitybeing a stupid policy as US has the most to lose, if it creates a culture that companies should stay away from strong security.  MORE


Meanwhile, Iftach Ian Amit offers this angle, which Eugene might not enjoy:

TL;DR:Malware bypassed the AV.OMG.  MORE


Update: Thomas Fox-Brewster brings it closer to home:

Kaspersky didn’t mention it [but] the Carbanak hacker gang is the same as the Anunak crew...that breached Staples...Sheplers and Bebe...last year.

The Anunak gang was said to have brought about the “armageddon” of the Russian banking industry.  MORE


You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.