Online malware attacks on major Finnish banks in recent weeks have originated in Russia, says Mikko HyppÃ¶nen, Chief Research Officer at the data security company F-Secure. Nordea, OP-Pohjola and Sampo Bank have been hit by a trojan that has caused financial losses to hundreds of customers.
OP-Pohjola says that more than 10,000 euros have been illegally transferred from its customers’ accounts since the beginning of the year.
According to police, the malware is still functioning and may stealthily transfer funds from customersâ€™ accounts into the accounts of criminal elements.
Inspector Timo Piiroinen of the National Bureau of Investigation told YLE that losses have occurred, but was unwilling to name any specific sums. Also, he was unable to say if banks will pay for losses, or if customers themselves will have to suffer from the effects of the malware.
According to Piiroinen the malware on an infected computer is activated when a customer establishes an online connection to his or her bank. It exploits the connection and the user security information provided by the customer, making account transfers during the session. The user does not necessarily even realize that the transfers are being made.
“The attack is still going on. This malware is still on people’s computers. This situation is not over. The situation is ongoing,” Piiroinen told YLE on Friday.
The National Bureau of Investigation has confirmed that the targets are customers of Nordea, OP-Pohjola and Sampo Bank.
Finnish banks have been hit by various online attacks, starting last summer. Piiroinen was unable to say if the perpetrators have been the same.
OP-Pohjola reports that the malware has been responsible for transfers of over 10,000 euros from customers’ accounts since the start of the year. The bank has not yet decided whether or not customers will be reimbursed for their losses. The liability of banks for funds stolen through online transactions is dependent on how responsible the customer has been in using the service.
According to OP-Pohjola, some of the transfers from customers’ accounts were stopped, but some went through to the criminals involved in the scheme. Fewer than 20 customers have been victims of the scam.
Nordea Risk Management Director Kari Oksanen says that he is unaware of a single instance in which a Nordea customer’s money had been lost. However, he conceded that attempts have been made, but the funds have successfully traced
“The sums involved in these attempts have been very small, less than a thousand euros. These have affected only a few customers,” Oksanen explains.
Oksanen added that all of the attempts took place on Monday, January 16th.
If needed, Nordea is to decide on possible reimbursement on a case-by-case basis.