sb-au logo
Story image

Mastermind of EUR 1 BILLION global cybercrime gang arrested

27 Mar 2018

Europol has announced the suspected leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions around the world has been arrested in Spain.

It was no small effort, requiring a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies.

The cybercrime gang has been prominent since 2013, attacking banks, e-payment systems and financial institutions using the aforementioned malware that they designed.

According to Europol, the gang has assaulted banks in more than 40 countries resulting in cumulative losses of more than EUR 1 billion – the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.

The criminals would send spear phishing emails impersonating legitimate companies to bank employees with malicious attachments. Once downloaded the software would allow the cybercriminals free access to remotely control the victim’s machines and then infect the servers controlling the ATMs.

The money was then cashed out by one of the following means:

  • ATMs were commanded to spit out cash at a pre-determined time where one of the gang members was waiting to collect
  • The e-payment network was used to transfer money out of the organisation and into criminal accounts
  • Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money

Head of Europol’s European Cybercrime Centre (EC3) Steven Wilson says cooperation was central to this operation as the mastermind, coders, mule networks, money launderers and victims were all located in different geographical locations around the world.

“The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity,” says Wilson.

“This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality."

We spoke with two cybersecurity experts about the arrest, and they both remain ‘cautiously optimistic.’

Cybereason senior director intelligence services Ross Rustici says it’s positive news for cybersecurity around the world.

“The manner in which this individual was caught continues to demonstrate the importance of public-private partnerships and the global nature of cybercrime,” says Rustici.

“The inclusion of police agencies in at least five different countries demonstrate how difficult it can be to track a single actor through all of their online activity and the jurisdictional challenges law enforcement faces while pursuing these criminals.”

Rustici says the ultimate downfall was spurred on by what ends up bringing down most organised crime groups – accounting. This reinforces the need for law enforcement to continue focusing on traditional ‘follow the money’ angles as much as cyber forensic capabilities.

“Pinching these types of actors from both a prevention of movement in cyberspace and a reduced ability to enjoy their illicit gains often results in the largest successes for law enforcement,” says Rustici.

“What remains to be seen is whether this arrest will result in a serious degradation of Carbanak’s capabilities or merely a short-term hindrance while the group refocuses its activity."

High-Tech Bridge CEO Ilia Kolochenko says there are several reasons to be apprehensive about the news, the first being that it’s not yet crystal clear how law enforcement managed to identify and apprehend the perpetrator.

“Unfortunately, this arrest may not lead to mass arrests. Many cybercriminals use various methods to cover their identity in a reliable and technically untraceable manner, even among each other, so even the best investigators may not find them,” says Kolochenko.

“Other cybercriminals, however, start exposing themselves in a pretty stupid manner, for example, by purchasing conspicuous luxury cars, boasting out loud about their criminal business in bars and casinos. Many of these hackers were caught mainly because of their imprudence and, unfortunately, not thanks to the technical capacity of our law enforcement agencies.”

Kolochenko says thus far this case is rather an isolated arrest so far with many professional cybercriminals enjoying impunity and freedom to continue their illicit activities.

“Law enforcement agencies need more financial support from governments to conduct their investigatory and prosecution activities with more effectiveness and stronger results,” says Kolochenko. “Last, but not least, the remaining cyber gangs will likely take additional precautionary measures to hinder and impede any pending investigations against them."

Story image
Online retailers lose millions as 1/3 of customers forget password at checkout
Recently released research has found about one in three of online purchases are abandoned at checkout because people cannot remember their password to access their account and confirm their purchase.More
Link image
Why employees have never been more vulnerable to cyber attack
COVID-19 is presenting the perfect opportunity to cyber attackers to mount potentially devastating spear-phishing campaigns against organisations via their remote workers. Learn how to fight back.More
Story image
All the winners from Microsoft's 20/20 security awards
Security partners across 16 categories were recognised at the inaugural 20/20 partner awards.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Download image
How to make authentication as painless as possible
Multi-factor authentication seems to be the standard in top-end security authentication systems. But even MFA has its drawbacks. Find out how RSA SecurID provides the best authentication out there. More
Story image
DDLS offers all courses remotely during COVID-19 lockdowns
“With Virtual Instructor-led Training, DDLS can provide training in the skills organisations require immediately, in order to maintain business momentum in these very troubled and demanding times.”More