IT Blogwatch Security

Is YOUR money safe? Banks lose $1B from Carbanak / Anunak hacks

30+ banks around the world lose about a billion dollars -- in Kaspersky's Russia, spear phishes YOU

IT Blogwatch Security

Show More

A 'cybergang' dubbed Carbanak or Anunak is being blamed for stealing as much as $1,000,000,000 from more than 30 banks around the world. Eugene Kaspersky's eponymous AV company revealed the problem this morning.

Is your money safe? Who knows, because nobody's saying which banks are affected.

In IT Blogwatch, bloggers panic and run to withdraw their hard-earned.

Your humble blogwatcher curated these bloggy bits for your entertainment.

David E. Sanger and Nicole Perlroth tag-team to talk thuswise:

In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day [but] the errant machine was the least of the bank’s problems.

The scope of this attackcould make it one of the largest bank thefts ever.Kasperskybelieves the total could be [$900 million].The majority of the targets were in Russia.  MORE

And Anne Dujmovic likes to movic, movic:

Kaspersky found that the hackers hit more than 100 institutions in 30 countries, dating back to 2013and the attacks may still be happening.

The hackers have been dubbed the "Carbanak cybergang" because of the name of the malware they used.They broke in to the banks' computer systems [via] infected emails to employees, some of whomunknowingly downloaded malicious software.  MORE

Kaspersky's Michael Mimoso raises el buck's fizo:

Hackers in Eastern Europe are bleeding banks dry.

The hackers lived on the bank networks for months after successfully gaining a network foothold [via] the backdoor named Carbanak.In sitting quietly on the network, the criminals study how the banks operate.ATMs were instructed to dispense cash [or the group] alter[ed] databases [to] pump up balances on existing accounts and pocket[ed] the difference.  MORE

So cale leaf tries not to be too cynical:

I wonder how many IT bods raised concerns about the state of security in these banks, and how many managers will take responsibility for ignoring those concerns.  MORE

Roger Golub ponders who these patient perps are:

They were very patient and methodical, leading up to the assertion that they were 'cybercriminals' rather than state actors. Of course, the last time this weird dichotomy came up, the attackers were state actors because they were so patient.

Sounds a bit clueless to me.  MORE

Here's Jay Dimm's memory: [You're fired -Ed.]

Also a good reminder about US’s idiotic push for backdoors and weaker securitybeing a stupid policy as US has the most to lose, if it creates a culture that companies should stay away from strong security.  MORE

Meanwhile, Iftach Ian Amit offers this angle, which Eugene might not enjoy:

TL;DR:Malware bypassed the AV.OMG.  MORE

Update: Thomas Fox-Brewster brings it closer to home:

Kaspersky didn’t mention it [but] the Carbanak hacker gang is the same as the Anunak crew...that breached Staples...Sheplers and Bebe...last year.

The Anunak gang was said to have brought about the “armageddon” of the Russian banking industry.  MORE

You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Copyright © 2015 IDG Communications, Inc.

Shop Tech Products at Amazon