USA TODAY reported that an international hacking ring has stolen as much as $1 billion from more than 100 banks in 30 countries in what may be the biggest banking breach ever, a news report shows. The scheme, which goes back as far as 2013, uses malware so sophisticated that hackers have used it to dispense cash from ATMs without any physical contact with the machines, according to the report by Moscow-based security firm Kaspersky Labs. The hackers then sent mules to pick up the cash, according to the shocking report released Monday.

The malware used in the hacks, dubbed Carbanak, targets employees of banking institutions, rather than customers, and suggests a “new era in cybercrime” in which criminals go after institutions’ internal operations, the report said .”The ‘Carbanak cybergang’ operation reported by Kaspersky is no doubt the most daring, most sophisticated, and potentially the most damaging cybercrime directly against banks up to date,” said Fengmin Gong, chief strategy officer at Cyphort.

The Kaspersky report declined to name the banks that have been compromised, but said the victims were mostly “Russian-speaking financial institutions,” and the malware was largely downloaded from Russian.

Still, the problem is global and has targeted banks in China, Ukraine, the U.S., India, Sweden and Great Britain, the report said. The attackers, who also hailed from China and Europe, appear to be “trying to expand operations to other Baltic and Central Europe countries, the Middle East, Asia and Africa,” the report said. Also, the malware may be used to target other institutions, not just banks, the report said.

Mashable said that the hackers seemed to limit their theft to about $10 million before moving on to another bank, part of the reason why the fraud was not detected earlier, Kaspersky principal security researcher Vicente Diaz said in a telephone interview with The Associated Press.  ”In this case they are not interested in information. They’re only interested in the money,” he said. “They’re flexible and quite aggressive and use any tool they find useful for doing whatever they want to do.”

Kaspersky is still working with law-enforcement agencies to investigate the attacks, which the company says are ongoing, and no bank has publicly acknowledged the theft yet. So far, Kaspersky has seen evidence of $300 million stolen, but the company believes the total amount is at least thrice as big.

Article originally from usatoday.com and mashable.com

Thumbnail image courtesy of securelist.com