Spanish police have arrested a Ukrainian criminal hacker who is suspected of heading a gang that stole more than €1 billion from banks around the world.
The suspect, who hasn’t been named, used Anunak, Carbanak and Cobalt malware to hack into banks’ computers and manipulate money transfers. Twenty members of the suspect’s gang were also apprehended in a series of arrests across Romania and Italy.
How they operated
Attacks began with spear phishing emails sent to bank employees. The emails contained malware that would spread through banks’ networks, looking for computers with access to software that controlled ATMs, bank accounts and wire transfers.
The gang stole money by:
- Using malware that ordered ATMs to spew out money at specific times, with mules waiting to collect the cash;
- Withdrawing funds from targets’ accounts; and
- Modifying banks’ databases to inflate the balances of accounts belonging to the gang.
In each instance, the crooks would launder the money via cryptocurrencies or prepaid cards linked to cryptocurrency wallets. Europol, which headed the investigation, said that the gang bought luxury goods, cars and houses with the money, some of which they returned to again launder the money.
Europol worked alongside the FBI, the European Banking Federation and police in Spain, Romania, Belarus and Taiwan to catch the gang.
Steven Wilson, head of Europol’s European Cybercrime Centre, said: “This global operation is a significant success for international police cooperation against a top level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity.
“This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality.”
Prevention is better than a cure
Banks across Europe will be relieved to hear that the gang has finally been caught, but this isn’t mission accomplished. Other cyber criminal gangs are reportedly using the same techniques, and unless banks can find a way to mitigate the risk of malware vulnerabilities, the problem will continue.
There’s no way to completely eradicate the threat of malware. Technological vulnerabilities are unavoidable and cyber criminals are getting better at finding and exploiting them. They also exploit human error, as this gang did through spear phishing. Regular staff awareness courses can help employees get better at spotting risks, but they can, and will, still make mistakes.
This is why organisations need layered security. An essential layer should involve penetration testing to root out vulnerabilities before criminals have a chance to exploit them.
Penetration tests involve a professional tester, working on behalf of an organisation, looking for network and application vulnerabilities in the same way a criminal hacker would. By identifying and addressing vulnerabilities, ideally before releasing the product being tested, organisations can avoid having to patch software and, more importantly, prevent a cyber criminal from discovering the vulnerability.
IT Governance is a CREST-accredited provider of penetration tests. We offer a range of services to help organisations of all sizes manage their cyber security strategies.