DUSHANBE, February 17, 2015, Asia-Plus – Forbes reported on February 16 that the hacker crew that breached Staples SPLS -1.26% last year and made off with data on as many as 1.16 million payment cards appears to have robbed banks of far more than initially thought.
The cybercriminal gang, known as Anunak or Carbanak, may have made up to $1 billion in their exploits, which are ongoing, according to Russian security firm Kaspersky.
Though Kaspersky didn’t mention it in its research released on February 15 or in its comments to media, the Carbanak hacker gang is the same as the Anunak crew that broke down the digital doors of a range of high-profile retailers in the last two years. A Kaspersky spokesperson told Forbes the two groups were the same, but didn’t say why the original research on Anunak from security firms Fox -IT and Group-IB were not referenced.
The hackers reportedly stole reams of data from Staples, Sheplers and Bebe. The Anunak gang was said to have brought about the “armageddon” of the Russian banking industry and is deemed one of the most sophisticated cybercriminal groups ever seen, having earned as much as $18 million in 2014 alone. Kaspersky believes the thefts have made the hackers far richer; they may have made as much as $1 billion in total.
They made that money by attacking up to 100 banks, online payment systems and other financial institutions in around 30 countries. Kaspersky, which has been working closely with Europol’s European Cyber Crime Centre on the investigation, also believes the hackers hail from Russia, Ukraine and other parts of Europe, as well as from China. According to Kaspersky, they were so embedded in the banks’ networks they were able to increase the amount of money in customer accounts so they could transfer the made-up funds to their own coffers. If they found an account with $1,000, for instance, they would boost it up to $10,000 and transfer $9,000. The account holder would likely remain clueless and therefore wouldn’t report it to the bank.
The Anunak crew breached systems with some smart spear phishing, tricking users into clicking on malicious downloads via email. Once the attackers were on the network, they filmed the activity of system admins and learned how best to steal money surreptitiously.
Fox-IT told Forbes there had been no major events this year involving Anunak. It may have even ceased activity altogether despite Kaspersky’s claims. The Fox-IT spokesperson said that so far in 2015 the financial industry has been kept busy with “more innovative” criminal groups such as Dyre and Dridex. Earlier this month, researchers at Proofpoint said the Dyre malware had “a sudden and rapid evolution” that made the group’s attacks much more likely to succeed, with smarter email lures and more dynamic infrastructure. As for Dridex, its controllers have started pushing vast amounts of spam across the web to get their malicious tools on people’s systems to steal login data.
Wherever the attacks are coming from, banks continue to be bombarded by ever-smarter, increasingly wily criminals.
