Content

Criminal behind $1 billion cyber bank robberies arrested in Spain

The leader of the crime gang behind the Carbanak and Cobalt malware attacks that targeted more than 100 financial institutions worldwide and stole more than €1 billion from banks, e-payment systems and financial institutions in more than 40 countries has been arrested in Alicante, Spain. In a press release today, Europol said the arrest followed a complex investigation conducted by the Spanish National Police, with the support of Europol; the U.S. FBI; the Romanian, Belarussian and Taiwanese authorities; and private cybersecurity companies. In 2013 the gang launched the Anunak malware campaign that targeted financial transfers and ATM networks of financial institutions around the world. A year later it had been improved, and as Carbanak, it was used in until 2016. Then an even more sophisticated wave of attacks was launched using tailor-made malware based on the Cobalt Strike penetration testing software. Cobalt malware alone was responsible for thefts of up to € 10 million per heist. In each of the attacks the criminals would spearphish bank employees with a n email containing a malicious attachment impersonating legitimate companies. Once downloaded, the malware allowed the criminals to remotely control the victims' infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money.

Cashing The money was cashed out in various ways:
  • ATMs were instructed remotely to dispense cash at a pre-determined time, with the money being collected by organised crime groups supporting the main crime syndicate: when the payment was due, one of the gang members was waiting beside the machine to collect the money being ‘voluntarily' spit out by the ATM;
  • The e-payment network was used to transfer money out of the organisation and into criminal accounts;
  • Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money.
The criminal profits were also laundered via cryptocurrencies using prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses. International police cooperation coordinated by Europol and the Joint Cybercrime Action Taskforce is reported to have been central in bringing the perpetrators to justice, with the mastermind, coders, mule networks, money launderers and victims all located in different geographical locations around the world. Europol's European Cybercrime Centre (EC3) facilitated the exchange of information, hosted operational meetings, provided digital forensic and malware analysis support and deployed experts on-the-spot in Spain during the action day. The close private-public partnership with the European Banking Federation (EBF), the banking industry as a whole and the private security companies was also paramount in the success of this complex investigation according to a Europol statement. Wim Mijs, chief executive officer of the European Banking Federation, said: "This is the first time that the EBF has actively cooperated with Europol on a specific investigation. It clearly goes beyond raising awareness on cyber-security and demonstrates the value of our partnership with the cyber-crime specialists at Europol. Public-private cooperation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang." Steven Wilson, head of Europol's European Cybercrime Centre (EC3), said: "This global operation is a significant success for international police cooperation against a top level cyber-criminal organisation. The arrest of the key figure in this crime group illustrates that cyber-criminals can no longer hide behind perceived international anonymity. This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cyber-criminality."

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds