Hackers Are Using New Tactics To Steal Money From Your Bank Account
Nowadays new tactics and techniques have been used by several cybercrime gangs that are common for Advance Persistent Threat (APT) groups for the purpose of stealing money from several banks, and these activities monitored by the Kaspersky researchers.
In the Security Analyst Summit (SAS) which happened in year 2015 in that summit, a report has been published by the Kaspersky that includes activities of a sophisticated cybercrime ring known as Carbanak and Anunak. They estimated that the attacker has breached more than 100 banks across 30 countries, and they steal up to $1 billion.
According to the Kaspersky researcher and experts investigation they revealed in the 2016 edition of SAS, which is taking place in Spain, that Carbanak is back. And apart from the cybercrime gang other similar groups like “Metel” and “GCMAN.” are also using the APT-style techniques to steal money. But now Kaspersky has spotted the attacks against the accounting and budgeting departments of various types of organizations too.
In one of the attack, even the experts were not able to find out the fraudsters intention for doing so. In that attack cyber-criminals just thoroughly changed the ownership details of a large company into one of their money mules (shareholder) which are called by the Kaspersky as "Carbanak 2.0".
What is Metel Attacks?
Metel attacks or Corkow attacks is an attack which involves a piece of malware. In this attack cyber criminals use the spear-phishing emails to achieved their targets.
An Example of Metel Attacks: The cyber robbers hit the Russian banks and withdraw millions of rubles only in one night from the ATMs. They made some changes to roll automatically. ATM transactions and gained access to the bank’s money processing systems by which they are able to withdraw money from many ATMs.
Kaspersky researchers said in a blog post:
Our investigations revealed that the attackers drove around several cities in Russia, stealing money from ATMs belonging to different banks. With the automated rollback in place the money was instantly returned to the account after the cash had been dispensed from the ATM. The group worked exclusively at night, emptying ATM cassettes at several locations.
The Metel group is still active and infected over 30 Russian financial organizations. The company advised organizations to scan their networks and managed to clean up the infections before any damage cause.
What are GCMAN attacks?
GCMAN is the another APT tactics and techniques which are using by the cyber criminals. It uses the GCC compiler that's why it is named as GCMAN. The attackers use this malware to deliver by simple Word document which attached to spear-phishing emails and after that to move laterally legitimate tools (putty, Meterpreter, and VNC). After doing so, they can easily transfer $200 in each and every minute.
. A time-based scheduler was invoking the script every minute to post new transactions directly to upstream payment processing system. This allowed the group to transfer money to multiple e-currency services without these transactions being reported to any system inside the bank.
Kaspersky Lab’s research team responded to three financial institutions in Russia that were infected with the GCMAN malware. It is likely that this threat is far more widespread and we urge banks to sweep their networks for signs of this cyber-criminal group.