In what is being called the
Ocean’s Eleven of cyber crime, a syndicate of international hackers have stolen over an estimated $1 billion from more than 100 banks across the world.
The sophisticated attack has been running for over two years, and poses a continued threat for the financial services industry, and is said to usher in a “new and disturbing trend” in cyber crime and risk.
Kaspersky Lab, a global cyber security firm, detected the hack and produced a detailed report on the cyber activity of the hackers.
In a report produced by the company, they noted that while cyber attacks on banks are nothing new, they are “almost always” directed at customers, such as credit card fraud, never the institutions themselves.
“This time attackers are targeting financial entities directly in an unprecedented, determined, highly professional and coordinated attack, and using any means from the target to cash as much money out as possible, up to an apparently auto-imposed limit,” states the Kaspersky Lab report.
The recent cyber breach at Anthem, the second-largest health insurer in the U.S., exposed an estimated 80 million Social Security numbers. Although Anthem has an estimated $150 million in cyber insurance, experts say the company could quickly burn through that amount.
The cost of notifying consumers and offering remediation could cost $40 million, not including civil litigation and other costs.
Emma Osgood, senior underwriter of financial lines with
AIG Australia said the latest attacks serve as another reminder that cyber risk is real and it is here to stay.
“I think this serves to reinforce the fact that cyber risk is not going away any time soon and businesses need to turn their minds towards managing this exposure,” she said. “As Insurers, this creates opportunities but we need to ensure our offering is kept relevant in light of the ever evolving threat landscape." (continued.)
#pb#
Losses per attacked bank “range from $2.5 million to approximately $10 million.,” according to the Kaspersky Lab report which noted that “total financial losses could be as a high as $1 billion, making this by far the most successful criminal cyber campaign we have ever seen.”
The group would access bank networks with their software and wait for four months at a time until they could learn the bank transfer system and then transfer money to their own accounts without arousing suspicion.
The state-of-the-art attacks also incorporated a method of hacking into an ATM so it dispenses money at a certain time voluntarily, allowing the hackers to simply stand at the ATM and wait.
The report stresses that this threat has not yet been dealt with and the attackers, thought to be based in China, Russia and across Europe, are looking for more victims.
