A group of cyber robbers has stolen hundreds of millions from several banks around the world using malware to infiltrate operations via email,
according to The New York Times, citing a report from Kaspersky Labs, a Russian cybersecurity firm.
A majority of the hackings occurred at Russian banks, but others have occurred in not only the U.S. but also in Japan, the Netherlands and Switzerland, the Times said. In total, about 100 banks and 300 financial institutions were victimized, with thefts limited at $10 million per transaction, although some were hit multiple times.
The attacks began with a series of emails sent out in 2013, the Times reported. They included a malware program called Carbanak, which recorded keystrokes, took screenshots and allowed hackers to understand the procedures in place at a specific bank.
The program then allowed hackers to mimic those procedures remotely, directing computers to perform tasks like transferring money into other bank accounts or to use e-payment to disburse funds to overseas accounts. In one instance, an ATM started spewing money without anyone touching it, with customers who passed by gleefully snapping up the cash.
Kaspersky Labs cannot release the names of the specific banks hit, and none have stepped forward to identify themselves, the Times said, noting that the American Banking Association also declined to comment.
"Our members are aware of this activity. We have disseminated intelligence on this attack to the members," and "some briefings were also provided by law enforcement entities," noted a statement from Financial Services Information Sharing and Analysis Center, the Times said.
The attack is one of the largest cyber-heists in history,
The Verge noted, adding that "one Kaspersky client reportedly lost $7.3 million from ATM transactions" alone.
The total of money stolen could come close to $1 billion,
the International Business Times said.