The bank's internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
Once they had the necessary info, the hackers were able to impersonate bank officers, leaving them free to transfer money from banks in the US, Russia, Japan, and Switzerland (among others) to various international dummy accounts. According to the report, the sheer size of this attack could make it "one of the largest bank thefts ever." And while the cybercriminals siphoned at least $300 million globally, Kaspersky Lab believes the total could be nearly three times that.
So far, none of the banks have actually been named, but the majority of them are apparently located in Russia, with Japan and the US also taking quite a bit of the brunt. What's more, since the hackers only swiped $10 million at a time, the attacks likely didn't raise any eyebrows while they were being carried out. Though the banks involved have been made aware, they have yet to inform any customers. Which, while troubling in its own right, is made worse by the fact that the hack is apparently still ongoing.
And according to the Kaspersky report, it all started the same way practically every other major hack starts: email. You can read more about the hack over at The New York Times here, and in the meantime, for god's sake—stop clicking sketchy emails. [The New York Times]
source: gizmodo.com by Ashley Feinberg