Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Sunday, February 15, 2015 Wang Wei

Hackers Stole $300 Million from 100 Banks Using Malware
Despite increased online and mobile banking security, banks are more often being targeted by hackers. A hacker group has infiltrated a number of banks and financial institutions in several countries, stealing hundreds of Millions of dollars in possibly the biggest bank heist the world has ever seen.

According to a report published by the New York Times on Saturday, hackers have stolen as much as $1 Billion from more than 100 banks and other financial companies in almost 30 nations, making it "the most sophisticated attack the world has seen to date."

In late 2013, banks in Russia, Japan, Europe, the United States and other countries fell victim to a massive, sophisticated malware hack that allowed the hackers to spy on bank officials in order to mimic their behavior, according to an upcoming report by Kaspersky Labs received by the NY Times.

CARBANAK BANKING MALWARE IN THE WILD
In order to infect bank staffs, the hacker group sent malicious emails to hundreds of employees at different banks. Once open, the email downloads a malware program called Carbanak, that allegedly allowed perpetrators to transfer money from the banks to fake accounts or ATMs monitored by criminals.
CARBANAK BANKING MALWARE
The exact figure of the stolen amount is unclear, though, according to the cybersecurity firm, the total theft could be more than $300 Million. Because, the hackers only swiped $10 million at a time and some banks were targeted more than once.
"This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert," Chris Doggett, manager of Kaspersky's North American office in Boston, told the Times.
However, the cyber security firm does not name the banks and financial institutions involved in the massive theft operation in its report. But, the interesting part is that no banks have come forward to reveal that they have been hacked in this largest theft.
CARBANAK BANKING MALWARE
HISTORY OF CYBER HEIST
This is not first time when hackers have made banks and financial institutions as their target. In past, they had carried out a number of bank crimes. The list is given below:
  • In March, 2012 - A Russian hacker was sentenced to two years in US prison for his involvement in a global bank Million Dollar Fraud scheme that used hundreds of phony bank accounts to steal over $3 million from dozens of U.S.accounts. He was responsible for the Zeus banking malware that was used to carry out the fraud.
  • In October, 2012 - FBI arrested 14 people who used cash advance kiosks at casinos located in Southern California and Nevada and robbed over $1 million from Citibank.
  • In May, 2013 - A gang of cyber-criminals operating in 26 countries stole $45 Million by hacking into the database of prepaid debit cards, making it the biggest bank robbery in the history.
  • In July, 2013 - A hacker group allegedly broke into the computer networks of more than a dozen of major American and International corporations and stole 160 million credit card numbers over the course of 7 years, making it the largest data theft case ever prosecuted in the U.S.
  • In October, 2013 - The Dutch police arrested four people who used TorRat Malware to target two out of three major Banks in the Netherlands and stole over Millions of Dollars from Banking Accounts.

Thursday, February 20, 2014 Swati Khandelwal

salesforce bank account hacking
Zeus, a financially aimed Banking Trojan that comes in many different forms and flavors, is capable to steal users' online-banking credentials once installed. This time, an infamous Zeus Trojan has turned out to be a more sophisticated piece of malware that uses web-crawling action.

Instead of going after Banking credentials and performing malicious keystroke logging, a new variant of Zeus Trojan focuses on Software-as-a-service (SaaS) applications for the purpose of obtaining access to proprietary data or code.

The SaaS Security firm vendor Adallom, detected a targeted malware attack campaign against a Salesforce.com customer, which began as an attack on an employee's home computer. Adallom found that the new variant had web crawling capabilities that were used to grab sensitive business data from that customer's CRM instance.

The Security firm noticed the attack when they saw about 2GB of data been downloaded to the victim’s computer in less than 10 minutes. Furthermore, while Zeus usually hijacks the user session and performs wire transactions, this variant crawled the site and created a real time copy of the user’s Salesforce.com instance that contained all the information from the company account.
"This looks like a targeted attack against the company, cleverly targeting the employee home instead of the enterprise – thus bypassing the company controls. This was probably just the first step, using the Zeus Web inject capabilities they could have used the same tactics as in the banking sites attacks and ask the user to enter more information regarding his company credentials or send out messages in his name," says Ami Luttwak, co-founder and CTO of Adallom. 
Zeus Trojan is one of the most popular family of banking Trojan. Also in 2012, the FBI warned us about the ‘GameOver’ banking Trojan, a variant of Zeus financial malware that spreads via phishing emails.

GameOver makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site.

At the beginning of this year, Security researcher Gary Warner explains the behavior of the new variant of GameOver Zeus malware that uses Encryption to bypass perimeter security, in a blog post.

The attackers now bypassing traditional security measures and putting Zeus to use it against Salesforce.com and possibly other SaaS applications in a type of attack that Adallom refers to as "land-mining" and "rolladexing" to grab loads of business data and customer information.

The Adallom Labs team has yet to figure out exactly how these machines were infected and who are behind the cyber attack, so the matter is still being investigated by them.

Sunday, December 22, 2013 Swati Khandelwal

More than 1,400 Financial institutions targeted by Banking Trojan in 2013
As the year draws to a close, we have seen the number of emerging threats like advance phishing attacks from the Syrian Electronic Army, financial malware and exploit kits, Cryptolocker ransomware infections, massive Bitcoin theft, extensive privacy breach from NSA and many more.

The financial malware's were the most popular threat this year. Money is always a perfect motivation for attackers and cyber criminals who are continually targeting financial institutions.
On Tuesday, Antivirus firm Symantec has released a Threat report, called “The State of Financial Trojans: 2013”, which revealed that over 1,400 financial institutions have been targeted and compromised millions of computers around the globe and the most targeted banks are in the US with 71.5% of all analyzed Trojans.

Financial institutions have been fighting against malware for the last ten years to protect their customers and online transactions from threat. Over the time the attackers adapted to these countermeasures and sophisticated banking Trojans began to emerge.

According to the report, the number of infections of the most common financial Trojans grew to 337 percent in the first nine months of 2013. Nearly 1,500 institutions in 88 countries were potential targets during 2013.
The financial fraud marketplace is also increasingly organized and Cyber criminals are using advanced Trojans to commit large scale attacks.
Attackers of all skill levels can enter the arena of financial fraud, as the underground marketplace is a service industry that provides an abundance of resources. Those who lack expertise can simply purchase what they need. For as little as $100, an attacker can avail of a leaked Zeus or Spyeye equipped with Web-injects.
The modern financial Trojan is extremely flexible, supporting a range of functionality designed to facilitate fraudulent transactions across a variety of services.

Two dominant attack strategies are:
  • Focused attack: This approach suits attackers with limited resources but also scales well to larger operations. If the distribution is accurate and the target institution has a sizeable client base, a focused attack can provide an adequate supply of targets. Shylock, Bebloh and Tilon all use this approach exclusively.
  • Broad strokes: In this attack strategy, Trojans are set to target large numbers of institutions. Tilon, Cridex, and Gameover adopt these tactics and Zeus also uses this approach in its default configuration.
According to Symantec, the main reason for the surge is weak authentication practices:

Unfortunately, in many situations, security implementations adopted by financial institutions are inadequate to defend against the modern financial Trojan. Institutions are starting to adopt strong security measures like chipTAN, but the adoption rate is slow. Institutions that persist with weaker security measures will continue to be exploited by attackers.
They need to maintain constant vigilance, apply software updates, maintain an awareness of new threats and deploy complementary security solutions that can defend against evolving malware attacks.

Wednesday, April 17, 2013 Mohit Kumar

The Pirate Bay co-founder Gottfrid Svartholm Warg (Anakata) charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank.

Svartholm has been charged with several hacking related offenses including serious fraud, attempted aggravated fraud, and aiding attempted aggravated fraud. Three other defendants received similar charges.
He was arrested in Cambodia in September 2012 and deported to Sweden where he was arrested for his alleged involvement in the Logica hack.

28-year-old computer specialist Svartholm and other founders of The Pirate Bay were found guilty by the Swedish government in 2009 for facilitating the illegal downloading of copyrighted materials. He has served a one-year prison sentence in Sweden since September 2012, and will likely remain in prison while facing these new charges.

Swedish prosecutor Henrik Olin said in a statement, "A large amount of data from companies and agencies was taken during the hack, including a large amount of personal data, such as personal identity numbers (personnummer) of people with protected identities,"

"I would say that Svartholm Warg was the most important person and the mastermind behind the hacker attack."

Svartholm attempted to transfer a total of 5.7 million Swedish kronor ($896,976), but only one of the attempts to transfer money from eight Nordea bank accounts succeeded. In that case an amount in 24,200 Danish kroner (approximately $4,300) was transferred from a Danish Nordea bank account, according to Olin.

Evidence of the crimes was obtained through a seized computer and logs of chats between Svartholm and one of the other defendants. A trial is currently scheduled to take place late May.

The Pirate Bay was set up in 2003 and quickly became one of the most popular destinations for accessing free films and music. At its height the site claimed to have more than 30 million users worldwide.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!