A 'cybergang' dubbed Carbanak or Anunak is being blamed for stealing as much as $1,000,000,000 from more than 30 banks around the world. Eugene Kaspersky's eponymous AV company revealed the problem this morning.
Is your money safe? Who knows, because nobody's saying which banks are affected.
In IT Blogwatch, bloggers panic and run to withdraw their hard-earned.
Your humble blogwatcher curated these bloggy bits for your entertainment.
David E. Sanger and Nicole Perlroth tag-team to talk thuswise:
In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day [but] the errant machine was the least of the bank’s problems.
…
The scope of this attack…could make it one of the largest bank thefts ever. … Kaspersky…believes the total could be [$900 million]. … The majority of the targets were in Russia. MORE
And Anne Dujmovic likes to movic, movic:
Kaspersky found that the hackers hit more than 100 institutions in 30 countries, dating back to 2013…and the attacks may still be happening.
…
The hackers have been dubbed the "Carbanak cybergang" because of the name of the malware they used. … They broke in to the banks' computer systems [via] infected emails to employees, some of whom…unknowingly downloaded malicious software. MORE
Kaspersky's Michael Mimoso raises el buck's fizo:
Hackers in Eastern Europe are bleeding banks dry.
…
The hackers lived on the bank networks for months after successfully gaining a network foothold [via] the backdoor named Carbanak. … In sitting quietly on the network, the criminals study how the banks operate. … ATMs were instructed to dispense cash [or the group] alter[ed] databases [to] pump up balances on existing accounts and pocket[ed] the difference. MORE
So cale leaf tries not to be too cynical:
I wonder how many IT bods raised concerns about the state of security in these banks, and how many managers will take responsibility for ignoring those concerns. MORE
Roger Golub ponders who these patient perps are:
They were very patient and methodical, leading up to the assertion that they were 'cybercriminals' rather than state actors. Of course, the last time this weird dichotomy came up, the attackers were state actors because they were so patient.
…
Sounds a bit clueless to me. MORE
Here's Jay Dimm's memory: [You're fired -Ed.]
Also a good reminder about US’s idiotic push for backdoors and weaker security…being a stupid policy as US has the most to lose, if it creates a culture that companies should stay away from strong security. MORE
Meanwhile, Iftach Ian Amit offers this angle, which Eugene might not enjoy:
TL;DR:…Malware bypassed the AV. … OMG. MORE
Update: Thomas Fox-Brewster brings it closer to home:
Kaspersky didn’t mention it [but] the Carbanak hacker gang is the same as the Anunak crew...that breached Staples...Sheplers and Bebe...last year.
…
The Anunak gang was said to have brought about the “armageddon” of the Russian banking industry. MORE
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.
