A Russian-Ukrainian cyber crime ring that caused losses of over EUR 1 billion to over 100 financial institutions in 40 countries was dealt a major blow after its leader was arrested in a joint operation between Europol and the Spanish National Police yesterday.
The Spanish National Police was also aided by the FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies in identifying and arresting the leader of the cyber crime ring that used powerful malware variants such as Anunak, Carbanak and Cobalt to target banks across the world.
In a press release, Europol announced yesterday that between 2013 and 2016, the cyber crime ring used a combination of spear-phishing and malware operations to target banks and other financial institutions. Once employees at such financial institutions downloaded attachments from such malicious emails, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs.
This operation was first uncovered by security firm Trustwave in October last year after the firm observed how hackers from post-Soviet countries managed to swindle millions from European banks by employing a sophisticated operation.
“We believe that the attack described in this report represents a clear and imminent threat to financial institutions in European, North American, Asian and Australian regions within the next year. Currently the attacks are localized to the Eastern European and Russian regions. However, in cybercrime, this area is often the canary in the mineshaft for upcoming threats to other parts of the world,” said researchers at Trustwave.
“Our investigations have revealed victim losses currently around approximately USD$40 million. However, when taking into account the undiscovered or uninvestigated attacks along with investigations undertaken by internal groups or third parties, we estimate losses to be in the hundreds of millions in USD. All global financial institutions should consider this threat seriously and take steps to mitigate it,” they added.
According to Europol, a joint action in coordination with the Joint Cybercrime Action Taskforce helped it bring the perpetrators to justice, “with the mastermind, coders, mule networks, money launderers and victims all located in different geographical locations around the world”.
“Europol’s European Cybercrime Centre (EC3) facilitated the exchange of information, hosted operational meetings, provided digital forensic and malware analysis support and deployed experts on-the-spot in Spain during the action day. The close private-public partnership with the European Banking Federation (EBF), the banking industry as a whole and the private security companies was also paramount in the success of this complex investigation,” it added.
“This global operation is a significant success for international police cooperation against a top level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity,” said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3).
“This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality,” he added.