The suspected leader of the criminal gang behind the Cobalt and Carbanak malware campaigns that targeted banks and netted £870m has been arrested in Spain.
The Carbanak & Cobalt Malware Attacks
Cobalt and Carbanak are names of the different generations of malware, increasing in sophistication – 3 were used in all – which the cyber-criminal gang were able to introduce to 100 banks and other financial networks in 40 countries.
Anunak was the first malware campaign to be used by the gang in late 2013. This was followed the same year by Arbanak, which was used in until 2016. Finally, the gang used more sophisticated attacks involving tailor-made malware based on the Cobalt Strike penetration testing software.
EUR 10 Million Per Heist
Cumulative losses to the gang from financial institutions are believed to be in the region of EUR 1 billion, and the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.
Sent To Key Staff Members In Emails
The malware was sent to key staff members in booby-trapped phishing emails. When the computers of key staff members became infected with the malware e.g. by being tricked into opening the booby-trapped emails from the criminals, the gang was able to gain remote access to the banking networks to steal money.
Money was stolen by using remote access to order ATMs to dispense money at specific times (collected by gang members), and by altering databases to increase account balances so that more mules could be used to collect even more money from inflated accounts via chosen ATMs.
Stolen money was also laundered via crypto-currencies and payment cards which enabled the purchase of luxury goods and houses.
Carbanak was claimed to have been discovered in 2014 by the Russian/UK Cyber Crime Company Kaspersky Lab.
The person (as yet un-named by authorities) believed to have masterminded the crimes was arrested in Alicante, Spain. The arrest was the result of a complex investigation by the Spanish National Police, supported by Europol, the US FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies.
What Does This Mean For Your Business?
It’s all-too-often that we hear of major hacks and security breaches of businesses and organisations but it is rare to hear about the culprits being caught. The remote and often invisible nature of the crimes, coupled with the anonymity and complexity of the methods of attack and money collection tends to make cyber criminals difficult to apprehend. A combined and expert effort is needed, which is what has happened in this case, and it can only be good news for businesses worldwide that one key player appears to have been caught.
More cynical commentators may say that it was the large sums of money involved, and the facts that banks and financial institutions were victims that prompted such and effort to catch the perpetrators, something that, perhaps, smaller businesses may not expect when they are targeted, even though the results of an attack may be more devastating.
This story is also a reminder that not only are many attacks sophisticated, but human error by staff members is still an important element in allowing successful cyber attacks to take place. Cyber security is the responsibility of all of us, and companies and organisations should make sure that all staff receive training about likely cyber threats and what procedures to follow when dealing with e.g. emails or requests to transfer money. Making it a rule to never open unknown emails is one basic way of counteracting the serious threat posed by malware.