When ATMs in Ukraine started spitting out cash at random times of day, it may have been a fluke as passersby gleefully swept it up, seemingly fortunate to be at the right place at the right time.
Kaspersky Lab, a Russia-based computer security firm, recently released its report on what could be the greatest computer controlled series of bank robberies ever. Up to $1 billion–a figure considered by some officials as exaggerated–was syphoned off by sophisticated cybercriminals from banks in Russia, the U.S. and Europe.
The attacks were unique in how they were so deliberately planned. The criminals managed to plant malware on employee computers, recording employee activities and learning their routines for months. When it came to moving money in roughly $10 million increments, nothing seemed abnormal. Of the over 100 institutions that were reportedly affected, many are only becoming aware of the attacks now.
Not helping matters were previously known holes in the Microsoft software, for which Microsoft had issued patches, which made the hackers’ jobs easier.
ACY Securities Supports ASIC’s Product Intervention OrderGo to article >>
Chris Doggett, Managing Director of the Kaspersky North America office in Boston, told the New York Times:
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”
An earlier data breach at Morgan Stanley late last year, also by suspected Russian cybercriminals, did not entail the loss of funds–or they at least have yet to be discovered.
We are more accustomed to hearing such stories in the world of cryptocurrencies, which are easy pickings if not secured by the right software. But the losses in this story may be greater than those from every crypto-related hacking combined. Indeed, cryptocurrency has one less target on its back now that hackers have become sophisticated enough to successfully penetrate fiat-based institutions.
Furthermore, cryptocurrency’s vulnerable nature has forced its practitioners to develop innovative security features like multisig. This can be a potential opportunity for the banking world to tap crypto industry expertise, or at least become inspired by the industry to develop its own.