Banks in Russia, Japan, the US, and Europe have fallen victim to a massive, sophisticated malware hack, allowing the perpetrators to steal hundreds of millions of dollars since 2013. According to a Kaspersky Labs report provided to the New York Times, more than 100 banks in 30 nations have been affected by the breach, with upwards of $300 million stolen in the process.
While no banks have come forward to acknowledge the theft, experts are calling the attack potentially one of the largest bank heists ever. “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Chris Doggett, manager of Kaspersky’s North American office in Boston, told the Times.
Pulling off an attack of this scale took time, and Kaspersky says the hackers were patient in its execution. In order to steal as much as $10 million from some victims, the criminals reportedly had to infect bank computers and remotely install surveillance software to observe everyday behavior. Then, by mimicking employee actions, the hackers could make large transactions look like business as usual. To cash out, the money would be siphoned off into dummy accounts made in advance. One Kaspersky client reportedly lost $7.3 million from ATM transactions.
The Times reports that the majority of the affected banks are in Russia, but the hack is widespread and apparently ongoing. Banks have been silent on the issue to date, though the Financial Services Information Sharing and Analysis Center states that the industry has been alerted to the breach. Customers, however, have not been alerted about the breach.