Stealing in small amounts through “steal” attacks can lead to big money for the thieves and big losses for banks.

A hacking ring has stolen up to $1 billion from banks around the world in what would be one of the biggest banking breaches known, a cybersecurity firm says in a report issued Monday.

The hackers have been active since at least the end of 2013 and infiltrated more than 100 banks in 30 countries, according to Russian security company Kaspersky Lab.

After gaining access to banks’ computers through phishing schemes and other methods, they lurk for months to learn the banks’ systems, taking screen shots and even video of employees using their computers, the Associated Press reported, citing the company’s report.

The Analysis

 Mark Skilton, of Warwick Business School in the U.K., and a Professor of Practice and researches cyber security, offers this analysis:

“This sophisticated attack, targeting many banks and entry points using malware is, I fear, much more of a 21st century-style attack, in that it is incremental and hidden from view, living in the dark spaces between the internet and the massive ecosystem of data and websites.

“This was all done in small amounts in what I call a digital ‘stealth attack’ where unseen watchers can observe the daily movement and activity of organisations to sneak into it to take data and value from many sources. This is harder to define and needs a new kind of attack response to that highlighted in the recent Stanford University Cyber conference, chaired by President Barack Obama, which called for the need for industry, technology companies and government to share data and work together more.   

“The fundamental big concern this type of attack raises is that security monitoring cannot just test for vulnerabilities that are obvious and noticeable such as Distributed Denial of Service, where a website is shut down by two or more hackers, and data theft. This is a cyber-threat of massive proportions, on an industrial scale, where eavesdropping and small changes need to be detected. I suspect this is just the tip of the iceberg of what may have been stolen and we may never know the full extent of the theft.

“It is possible to do several things about this from coordinated cyber intelligence to specialised cyber-threat monitoring. It requires a much more rigorous monitoring and coordinated response system between banks and industry to combat the cyber threats that can move and work across, and between them, in a virtual world. This is also not just a banking issue as potentially any website and company is a target.”