“The most sophisticated attack the world has seen to date” is how Kaspersky Lab’s North American managing director Chris Doggett describes the massive Carbanak electronic bank fraud that could have cost victims up to a billion dollars.
Using a range of techniques, the Carbanak gang cracked their targets’ networks, right down to monitoring financial firm officers through their computers, and stole money through through the banks’ own ATM networks.
“That’s where the money is.” Was 1930s bank robber Willie Sutton’s response to being asked why he robbed banks and that is what’s driving the Carbanak gang.
For every Willie Sutton or Carbanak gang there’s a million opportunistic street muggers and script kiddies looking for stealing a few dollars from weak targets though and this is what the average small business or individual needs to be careful about.
Last week Kaspersky reported that nearly a quarter of all phishing attacks targeted financial data. The amounts being stolen are minuscule compared to Carbank’s ill gotten gains but far less work is required to crack a home or small business account.
For any large organisation that hasn’t learned from the Sony or Target hacks, the Carbank heist should be warning that information security is now a responsibility of executives and boards. All of us though have to take care with our data and systems.