No American banks were affected by a worldwide cyber ring that reportedly stole up to $1 billion from banks in 30 countries, U.S. officials and banking executives say.
Earlier this week, a report shed light on a complex, multinational cyber crime group that had been infiltrating banks for two years, making off with millions of dollars from financial firms, including some in the U.S. Hackers spent months monitoring bank employees to learn their patterns and evade detection when transferring money out of the bank.
{mosads}The malware used in the attack was dubbed “Carbanak.”
In a confidential memo blasted to private companies, the FBI and U.S. Secret Service said they had not seen any evidence that U.S. banks had been infiltrated, Reuters reported.
“The FBI and USSS (U.S. Secret Service) have received no reports that Carbanak malware has affected the U.S. financial sector,” the two agencies said. “But we continue to analyze investigative information as well as technical indicators released by private industry.”
Two executives backed up the investigators’ assessment, telling financial news outlet American Banker that the Carbanak threat is “old news” and that no one had reported a breach.
U.S. banks have known about the Carbanak threat “for months,” said William Nelson, CEO of the FS-ISAC, the financial sector organization that monitors cyber threats and shares information with firms.
The organization’s members include all major U.S. banks and the majority of financial institutions nationwide.
“We had shared the threat indicators and briefed our members,” Nelson said.
The American Bankers Association (ABA) backed up Nelson’s comments, saying it had not received any notices of breaches related to the Carbanak.
“I have a high degree of confidence that these institutions aren’t somehow denying an impact,” said Doug Johnson, ABA senior vice president of payments and cybersecurity policy.
Kaspersky Lab, which published the report, said it had seen three dozen U.S. banks targeted in the scheme and knew of at least one that had been infiltrated.
“We saw a number of U.S. bank targets, and we know definitively that at least one major U.S. bank was used as part of the Carbanak operation,” Chris Doggett, managing director of Kaspersky Lab North America, told American Banker. “Even if you got a statement that they’re clear, that doesn’t necessarily mean they’re clear.”