A leading security company says it has uncovered an “unprecedented” cyber-attack on up to 100 banks, which could result in $1bn of losses.
But security experts are split over the severity of the alleged breaches, and on how much cash was stolen.
[ad id=”1838″]Russian company Kaspersky Lab said the hackers had accessed the banks’ networks by sending spoof emails to staff.
It added that the criminals manipulated cash machines to dispense stolen money.
The majority of banks that allegedly fell victim to the scheme are based in Russia, with a handful of others spread across China, Ukraine, and Uzbekistan, and other countries.
One bank is said to be based in the UK, although it is not believed to be a well-known brand.
Kaspersky said it had worked with Interpol and Europol on the investigation.
Europol director Rob Wainwright told the BBC the agency had “issued warnings and intelligence to national law enforcement authorities and European banks through the European Banking Federation”.
He added: “Reported infections in the EU are unconfirmed at this stage, although we are continuing to work actively on the matter.”
Kaspersky said it believed that the group was still active.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” one of its directors told the New York Times.
Kaspersky’s revelations build on a report released by another cyber-security company, Fox-IT, last year.
Commenting on the Kaspersky release, Fox-IT said that since it had published its findings in December, “the group has decreased their activities and might now have even stopped entirely”.
Some security experts have also called into question the $1bn figure.
“A lot of the money will be got back,” said Dr Steven Murdoch, from University College London’s Information Security Research Group, adding that while there were undoubtedly “large numbers” involved, the amount had been overestimated.
But he added that the report’s findings should be “useful for banks”.
Cyber-security expert Prof Alan Woodward, of Surrey University, told the BBC that “nobody knows the real figure” but it was evident that the attackers had “a lot of patience and a lot of planning”.
He said that the companies affected would now be working to “close the stable door, and then work out how many horses bolted”.