Search the Community
Showing results for tags 'banks'.
Hackers stole from 100 banks and rigged ATMs to spew cash Hackers have stolen approximately $1 billion in what could be one of the largest bank heists ever, according to a new report from the Internet security firm Kaspersky Lab. Kaspersky said Sunday it has uncovered how hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft. More than 100 banks were hit, Kaspersky said, and based on the hackers' practice of stealing between $2.5 million and $10 million from each bank, it estimated "total financial losses could be as a high as $1 billion, making this by far the most successful criminal cyber campaign we have ever seen." Kaspersky did not name the banks but said they are institutions located in 25 countries, including the United States. It also said the "attacks remain active," and provided tips for bank officials to determine if their computers are vulnerable. The thieves were Russian, Ukranian, Chinese and European, Kaspersky said. The individual thefts involved no more than $10 million apiece. Related: Congress wants banks to admit they've been hacked Kaspersky called the malware "Carbanak" and said it provided the hackers the ability to watch bank employees conduct their business. "This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems," Kaspersky said. "In this way the fraudsters got to know every last detail of the bank clerks' work and were able to mimic staff activity in order to transfer money and cash out." After penetrating a bank's computer systems, the hackers lurked for "two to four months" before striking in one of several ways, like changing an account balance, then transferring the excess funds into their own accounts. They also spewed cash out of ATMs when "one of the gang's henchmen was waiting beside the machine" to collect the money. An industry cybersecurity group has "disseminated intelligence on this attack to the members," according to The New York Times, which first covered the report. The Financial Services Information Sharing and Analysis Center told the Times that "some briefings were also provided by law enforcement entities." Hackers stole from 100 banks and rigged ATMs to spew cash - Feb. 15, 2015
Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going “Operation Ababil.” As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website suddenly became a focal point of a rapidly -increasing number of security events, caused by numerous requests with encoded PHP code payload. Incapsula was able to intercept these requests and traced them back to a backdoor shell that was used to hijack the site. The backdoor was installed before the website on-boarded Incapsula, and yet the cause of security breach was clear. The administrative password was...you guessed it: admin / admin. After decoding the incoming PHP requests, the security team could clearly identify them as DDoS attack commands, originating from a Turkish web design company website which was used as a remote Botnet C&C. From the looks of it, the Turkish website was also compromised and used as an additional buffer between the real hacker and its U.S. based targets. Further investigation showed that the UK website was a part of a Botnet for Hire which was working in “shifts” to produce HTTP and UDP flood attacks. As Incapsula team continued to block and monitor incoming DDoS commands, they saw that the list of targets went beyond American banks, also including e-commerce and commercial websites from several other countries. Incapsula published the full description of the DDoS attack in the company blog, concluding it by saying that this was just another demonstration of how security on the Internet is always determined by the weakest link. Simple neglect in manage the administrative password of a small UK site, can very quickly be exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. Incapsula Security Analyst, Ronen Atias said: “This is a good example of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.” Via: Under the hood of recent DDoS Attack on U.S. Banks - Hacking News