Bank Hackers Steal More Than $900 Million – Via Infected Emails

Sergey Golovanov - Kapersky LabRussian cybersecurity firm, Kaspersky Lab, has recently uncovered what may be the biggest bank cyber theft in history. More than 100 banks in 30 countries appear to have been affected by the latest malware.

The source of all these infections? Forged emails with malware payloads. In almost all cases, the emails “appeared” to come from colleagues with a reference to a video or other attachment. When the bank employees clicked on the attachment, they became infected giving the criminals access to scores of computers throughout the bank’s networks.

Amazingly, not a single bank has come forward to announce the fact that they have been compromised. This “sweeping the theft under the rug” is dangerous as the general public has almost most no idea of the sheer magnitude of money being pilfered from these “secure financial institutions.”

According to the NY Times, that broke the story, Kapersky Lab believes that the total theft could be as much as $900 million.

Just imagine the public outcry and disillusionment if $900 million were taken from banks via the front door due to armed robbery?

According to the Federal Deposit Insurance Company (FDIC), there were 6,891 federally insured financial institutions as of 2013.  Let’s triple that number (likely over-estimating this) to get the total number of banks in the world: 20,673.

Digging a little deeper into banks and bank robbery, I discovered that, according to the FBI, the average bank robbery haul in the U.S. is a mere $7,500 (2010).

If you apply some basic math, to extract $900 million from banks via armed robbery would require 120,000 robberies.

If you divide the number of robberies needed by the total number of banks, you get 5.80 robberies per bank.

Put another way, every bank in the world would have to be robbed 6 times. Just imagine the news reels if that were to happen. We’d likely see some changes to how banks safeguard our money.

Circling back to email for a moment.  What if a solution existed to prevent social engineering attacks caused by vulnerabilities with the public email system?

Welcome to Sendside.