The mastermind behind a massive malware campaign which saw the cumulative theft of at least $1.2 billion from banking institutions has been arrested in Spain.
This was accomplished through a coordinated operation by law enforcement agencies in different countries to bring down the Carbanak cybercrime gang.
The main suspect was identified as Denis K. by Spain’s interior ministry during a press briefing on the arrest. According to the police report, Denis K. was a Ukrainian who led the organized crime group in their malicious acts.
The group of hackers is said to have stolen more than $1 billion cumulatively from the financial institutions they duped. This was as a result of increasing attacks on several bank ATM systems which coughed out a significant amount of money that was later siphoned into their accounts.
According to a report released to the public by Europol, the group of hackers started their criminal activities back in 2013. How they were able to survive takedowns by law enforcement for years’ time.
Since the Carbanak cybercrime campaign began operations, over 100 financial institutions fell victim to the attacks. According to cybersecurity experts, the operation was a well-calculated move to penetrate the banks’ security systems without trails.
It was after the cybercrime members started living largely by buying expensive cars and living in luxurious suburbs that law enforcement started getting suspicious of their activity. What mainly raised the suspicion was the use of Bitcoins to buy the houses, which is a rare occurrence that is sometimes done by dark web criminals.
More than 40 countries had fallen victim to the malware campaign, which resulted in the collaboration of different law enforcement agencies to orchestrate a takedown. Among the involved agencies included the Federal Bureau of Investigations, Europol and the Spanish police. Authorities in Romanian, Belarus and Taiwan also took part in the investigation.
According to the police, an unidentified 30-year-old man who was linked to the group’s operation was cooperating with law enforcement. This greatly helped the arrest of the other cybercrime members, including the ringleader.
Among those arrested by the Spanish authorities included three suspects said to be from Russia and Ukraine. They assisted Denis K. in running his attacks smoothly and laundering more money for higher profits.
The Attack as It Happened
The attack took place in stages.
After developing the malware, the cybercrime group calculated the best ways to infiltrate the bank systems without raising alarm.
In the second stage, Denis K. led his group in sending phishing links to unsuspecting bank workers from different institutions all over the world. The link gave the cybercriminals entry into the ATM systems, their primary target.
Once the computers and the internal bank networks were infected with the malware, the time for action was all set.
In the third stage, the group’s members began siphoning of the cash from the infected banking ATMs. Cashing out of the account balances occurred in three steps:
First, the criminals would transfer the money into their own accounts (or in foreign bank accounts) directly from the victims’ bank accounts.
Secondly, the criminals would raise the bank account balances by inflating them, then the money mules would assist them to withdraw the money at the ATMs.
Thirdly, the cybercriminals would control the ATM by sending a command to different specific bank networks. The command would make the ATM withdraw significant amounts of cash per session, after which the money mules would collect the money.
In the fourth stage of the attack, the Carbanak cybercrime group would launder the money stolen by converting them directly to cryptocurrencies. Mostly, they preferred converting the stolen cash into Bitcoins, owing to its market value and its popularity.
Level of Attack
According to Spain’s Interior Ministry, Denis K., who mostly operated from Spain, had accumulated about 15,000 Bitcoins in his wallet. This showed the level of his capabilities.
The cyberattacks, which are suspected to have begun way back in 2013, have mostly affected Russian banks.
In Spain, another country significantly affected by the attacks, members of the Carbanak cybercrime group orchestrated their operations in Madrid. This mostly happened at the beginning of 2017, which saw the loss of about 500,000 Euros.
According to the Spanish authorities, each cyberattack in the Carbanak campaign resulted in the theft of almost 10 million Euros from the financial institutions. This gave the group a significant profit margin which saw them able to propagate and plan for their next attack with the required resources.
It is said that the gang first used a Trojan dubbed Anunak to penetrate into the banking networks, which was later upgraded to the Carbanak malware. The Carbanak attacks were responsible for the loss of over $300 million within a short span of time.
Recently, the cybercriminals also used the Cobalt malware in their attacks in at least 14 countries. The Cobalt malware enabled ATM theft by giving the cybercriminals the access needed to control the systems remotely.
Proposed Security Measures
Now that the law enforcement agencies have caught up with the group members responsible for the $1.2 billion loss, bank customers and employees have been advised to avoid opening any link sent by an unknown sender. This will assist in mitigating any form of spear phishing attack directed to them by hackers intending to steal their funds online.
Using Two-Factor Authentication (2FA) during online transactions is also greatly advised to bank customers. The use of mobile phone notifications at any time a transaction is requested will significantly reduce the level of attacks by hackers such as the Carbanak cybercrime group.
The banks are also advised to advance their security systems to cope with the growing menace of cybercriminal attacks. The use of anti-malware software and anti-virus software will also help in keeping at bay many cyberattacks.
Latest posts by Steve (see all)
- Darknet Buyer Arrested After Posting Selfie & Signature Linked to Weapons Deal - July 25, 2018
- Israeli Security Programmer Arrested for Breach Attempt - July 24, 2018
- Darknet Hacker Who Breached 100+ Companies Is Jailed for 10 Years - June 15, 2018