Ocean’s Eleven and the Changing Landscape of Cyber Crime

On February 16th, 2015, Kaspersky lab published a report titled “Carbanak APT – The Great Bank Robbery”, telling the story of a cyber attack campaign on numerous banks and financial institutions, spanning from late 2013, and resulting in an estimated cumulative losses of $1B. The attack has been dubbed by Media outlets such as CNN “the Ocean’s eleven of cyber strikes”.

As in many cases, the attack started with spear phishing, giving the attackers initial control of a bank employee computer. It followed by installation of a rather sophisticated modification of the Carberp backdoor, whose source code was for sale for $50k last year, and is now available for free at GitHub. The next phase included lateral movement through the victim’s network via discovery and exploit of internal servers through use of Windows and Linux tools including “legitimate” remote administration utility Ammyy and a Secure Shell (SSH) backdoor. These processes were accompanied by careful intelligence gathering, including collected video, audio and keyboard tracking from victim computers. This long process eventually enabled the attackers to penetrate money processing servers, financial accounts and ATM control, where they used tailor-made techniques to transfer funds and to dispense cash from ATMs into the hands of waiting money mules.

These long and careful attack processes and methods are similar to those used in state-sponsored cyber espionage APTs. What’s new here is that they are used by cyber-criminals to steal money directly from banks. The success of this campaign is likely a sign for more attacks to come. This is disturbing news; are financial institutions, or any corporations, ready for this?

Unfortunately, we are afraid the answer is largely no.


From Guardicore's
Resource Center

Consolidate your hybrid cloud into a single, secure view and protect it with Guardicore Centra’s software-defined segmentation.
Realize centralized application visibility and flexible security policy enforcement without the need for additional installations.
Reduce risk and simplify operations for your organization’s IT and security teams.

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs