Anunak and Carbanak: A Billion Dollar Story

Next story

image

A series of cyber bank heists have netted a massive $1billion (£648m) from up to 100 banks and financial institutions since 2013, a report from Kaspersky Lab claims.

It’s a staggering number, made even more staggering by the fact that this news isn’t plastered all over every newspaper from here to Timbuctoo, as it would be if this was a bank heist in a style oft seen in Hollywood thrillers.

But it’s not, it’s a bunch of very clever people who have subtly made off with $1bn. As Mark James, ESET security specialist, puts it we won’t see or hear the “flashing lights and loud sirens” of a traditional robbery.


Sneaking in unnoticed


“This is very serious, these figures are massive and with that amount funding criminals it will continue to get bigger and they will invest more time and effort into this criminal behaviour,” Mark explains.

“Sadly the perception of cyber bank fraud is very different to high street bank fraud and until this changes we will continue to see more and more funds extracted in this way.”

The BBC report quoted Kaspersky Labs as saying that “these attacks again underline the fact that criminals will exploit any vulnerability in any system” and that “it was a very slick and professional cyber robbery.”

Perhaps the scariest thing is that the crime has gone unreported for almost two years. Or has it?


What’s in a name?


“Quite often the true extent of cyber-crime goes unnoticed for quite some time, although it was reported a while ago that something was going on.”

The something in question, as reported by Graham Cluley, was first uncovered by researchers at Group-IB and Fox-IT. They named the gang Anunak, sometime later in its recent report Kaspersky named them Carbanak, Cluley believes that they could be one and the same.

“Yes they are definitely the same gang, just named from different sources – Anunak is the name of the malware itself from the author; Carbanak is the name given by the AV industry, which is a combination of Carberp and Anunak (the Anunak malware has used code from Carberp).”

It’s just that simple, or not. It seems in this case that Kaspersky’s PR won the day and grabbed the attention of the media. The true nature of the gang is still something of a mystery but now that a spotlight has been shined upon them more “truth” may yet emerge.


For more on this story and other, join our LinkedIn Group.

What do you think this means for the future of internet security?