Typically bank heists are conducted with men wearing all
black, ski masks and someone sitting in a van outside ready for a quick
getaway. Perhaps that is too old school for a sophisticated group of hackers
who just pulled of the biggest bank heist in history, pulling in a billion (yes
that is billion with a ‘b’) dollar haul. They carried out this robbery in quite
the opposite fashion of the aforementioned style of heist, working remotely and
using computers to steal the money.
This week Kaspersky
announced in a report that the believed same hackers that carried out the
high profile Staples hack from 2014 also carried out a much larger and slower
moving bank caper. According to the report this elaborate scheme was deployed
to roughly 100 financial institutions in the way of malware that infiltrated
the bank, but did not make its move on the accounts until a period of time
after.
This malware would embed itself on the bank’s network, allowing
the hackers to observe transactions and notice patterns in the movement of
money in accounts. Once enough information was collected the hackers would
strike moving relatively small amounts of money out of the accounts and placing
them in other accounts.
In the report Kaspersky made note that these thieves were so
camouflaged into the banks’ networks and had studied the movement of money in a
way that allowed them to transfer “made-up” funds into accounts without being
noticed. For example, if an account was found to contain $1,000, the hackers
change the numbers to $10,000 and transfer or withdraw $9,000. Since the account holder did not deposit the
extra $9,000 into their account it would likely remain unnoticed and therefore
not reported to the bank.
The Gang
The suspected group of hackers that carried out is attack go
by the name “Anunak” or “Carbanak,” a believed to be Russian, Eastern European,
and Chinese based group of intuitive hackers that have figured out how to go
unnoticed at some of these banks for almost a year.
“The Anunak gang was said to have brought about the
“armageddon” of the Russian banking industry and is deemed one of the most
sophisticated cybercriminal groups ever seen, having earned as much as $18
million in 2014 alone.” According to an article by Forbes.com.
At the time this article was written, there was no signs of
any activity from this group in 2015. This could mean that the group has
disbanded or perhaps has developed a new scheme that has yet to go noticed.
The Hacker Attacker
As a Hacker Attacker you identify the importance of
protecting yourself and even your company against hacking attacks. Making sure
that you have the latest updates to your malware protection is a strong step in
the right direction, but you should look even at your individual accounts. How
secure are they?
Using a stronger
password is a great way to protect yourself beyond the basics of malware
protection. A strong password can be your final barrier of protection between
you and an online predator.
Some authentication experts claim that a two-factor
authentication solution is the ultimate protection when paired with a good
firewall and anti-virus program. I challenge this belief though. A stronger
password than “password123” or “123456,” I believe can be just as strong of a
barrier in most situations. Two-factor certainly has its place, but it can be a
roadblock for the end user trying to access their account as well.
How strong is your password? Could it be a stronger password
if you just added a special character? You bet!
No comments:
Post a Comment