Today's bank robbers are trading in their guns and masks for keyboards and malware. Until recently, the goal of most bank cyberattacks was to obtain the personally identifiable information (PII) belonging to customers for sale on the black market. However, there's been a recent shift away from PII and toward the banks' internal money processing services and ATMs.
Last year, Kaspersky Labs uncovered a massive cyber criminal ring dubbed Carbanak, after the strain of malware used in the group's attacks. Forget Bonnie and Clyde; over two years, Carbanak infiltrated over 100 banks in 30 countries, making off with as much as $1 billion. New cyber criminal groups soon emerged, one of which stole nearly $100 million from the Bangladesh central bank account at the Federal Reserve Bank of New York. And just recently, another group stole an estimated $4 million after developing a new hybrid banking Trojan called GozNym.
While bank IT teams have made strides to protect customer data and limit credit card fraud, attacks against the banks' systems are becoming increasingly targeted and sophisticated, putting many at risk.
Ofer Or talks more about this trend and offers tips about what bank IT teams can do to better secure the vault in an article for Banking.com titled “From Vault to Vulnerability: Modern Day Bank Robbers Hit the Web.”