Cyber Criminals attacking Nepali banks

Nepal’s banks and financial institutions are coming under attacks from international cyber criminals who have stolen over $1 billion (approximately Rs 100 billion) from around 100 banks worldwide, states the latest report.

The attacks have been continuing since late 2013 — albeit it is not known whether the criminals have been successful in sneaking away with cash parked at Nepali financial institutions.

These cybercriminals have attempted to attack up to 100 banks, e-payment systems and other financial institutions in around 30 countries, including Nepal, using a malware called Carbanak, states the report ‘Carbanak Apt: The Great Bank Robbery’ prepared by Russia-based computer security firm Kaspersky Lab. The attacks are continuing till date.

It is said ‘a multi-national gang of cybercriminals from Russia, Ukraine and other parts of Europe, and China’ are involved in these criminal activities. “Of the 100 banking entities that came under attack, at least half have suffered financial losses, with most of the victims located in Russia, the US, Germany, China and Ukraine,” adds the report. “The magnitude of the losses is significant.”

For instance, one victim lost approximately $7.3 million due to ATM fraud, another suffered a $10 million loss due to the exploitation of the online banking platform.

“Stolen funds are generally transferred out of the affected countries to bank accounts in the US and China.”

The cybercriminals are said to begin their operation by gaining entry into a bank employee’s computer through ‘spear phishing, infecting the computer with Carbanak malware’.

Such malware are spread using e-mail, containing attachments, which appear genuine and legitimate.

Once the bank’s computer or network is infected, the malware starts logging keystrokes and takes screenshots every 20 seconds. This means the criminals can see and record everything that is happening on the employee’s computer screens.

“In this way, fraudsters get to know every last detail of the bank employee’s work and are able to mimic staff activity to transfer money and (steal cash from ATMs),” states the report.

The fraudsters use online banking or international e-payment systems to transfer money from the banks’ accounts to their own. In other cases, cybercriminals inflate account balances by penetrating right into the heart of the accounting system.

For example, if an account has a balance of $1,000, criminals change its value to, say, $10,000 and then transfer $9,000 to their accounts and the account holder doesn’t suspect anything. Surprisingly, these cybercriminals also have the ability to seize control of banks’ ATMs and order them to dispense cash at a pre-determined time, says the report. Once such instruction is given, ‘one of the gang’s henchman waits beside the ATM to collect the payment’. –

Source: THT