Carbanak is a name given to a criminal organization that news services report stole approximately $1.2 billion from various financial institutes. Over 100 different banks in 40 different countries have now reported that they’ve suffered an attack from the group, and some security experts think that the problem may still not be completely solved.
Bloomberg Businessweek and Europol reported on the fact that the suspected 34-year-old computer cracker behind the organization is now under arrest. Representatives from Kaspersky Lab stated that they found evidence of the software as early as four years ago.
Nevertheless, the $1.2 billion in digital money that was stolen still remains missing. This kind of Internet security problem serves to highlight the dangers that malware poses when deployed on mission-critical servers or even just regular machines used by private consumers.
Perhaps it would be more proper to refer to the malware itself as Carbanak, though security experts have used the term to refer to both the organization as well as the software itself. The name is derived from a combination of the word bank and a monicker associated with a prominent cracking tool.
Unlike WannaCry and other recent large cyberattacks focused on relatively consumer-grade equipment, the Carbanak software doesn’t outright demand ransom money. It’s instead an APT-style campaign that attempts to introduce malware to targets via phishing emails.
Criminals who got information in this manner were able to ultimately manipulate the way they access banking networks so they could withdraw money from large accounts as well as those of individual customers. The worst cases saw criminals able to dispense cash from ATMs without even having to interact with the terminal itself.
Money mules would collect money and transfer it over SWIFT network connections to accounts associated with members of the organization, according to reports filed by Kaspersky’s investigators.
The Russian-base laboratory has been helping with the crackdown on the organization’s malware tools, but it seems like some of them might still be in the wild. There’s also the risk that other groups are launching some type of copycat attack, though some recent mitigations should help to prevent these problems.
Naturally, it’s important for users to keep their credentials private and not give them out to anyone who asks for them in an email.