Spanish Authorities Arrest Leader of Cybercriminal Gang Behind €1 Billion Heist

The Spanish National Police has arrested the suspected leader of a cybercriminal gang that stole more than  1 billion from financial institutions in more than 40 countries.

The gang has been operating since 2013 and has hit more than 100 financial institutions using several custom-made malware platforms known in the security industry as Anunak, Carbanak and Cobalt. The latter is based on Cobalt Strike, a legitimate penetration testing tool.

The criminals stole up to 10 million per heist by using a variety of techniques including instructing compromised ATMs to dispense cash at predetermined times, abusing the electronic payment networks to transfer money out of the financial organizations and modifying banks’ databases to inflate account balances.

All of this was possible because the gang’s modus operandi involved breaking into the private networks of the targeted institutions and gaining access to their internal systems and processes. The malware was typically distributed to bank employees via spear-phishing emails with malicious attachments and once it was installed on computers helped the attackers move laterally through the networks.

The gang’s suspected leader was arrested in Alicante, Spain, following an investigation conducted by the Spanish National Police with support from Europol; the FBI; the Romanian, Belarussian and Taiwanese authorities; and private cybersecurity companies. The European Banking Federation (EBF) also participated in the exchange of information.

“This global operation is a significant success for international police cooperation against a top-level cybercriminal organisation,” said Steven Wilson, the head of Europol’s European Cybercrime Centre (EC3). “The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity. This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top-level cybercriminality.”

It’s worth noting that Carbanak is not the only cybercriminal gang that’s focused on targeting financial institutions directly instead of going after their customers. This type of attacks has become increasingly common over the past few years and has even been adopted by state-sponsored actors, such as the Lazarus Group, which is believed to act on behalf of the North Korean government and has stolen money from central banks.

Drupal Users Should Prepare for Highly Critical Patch

Developers of the popular Drupal content management system are urging website administrators to be ready to deploy a patch for a highly critical vulnerability on Wednesday.

The patch will be released March 28 between 6 and 7:30 p.m. UTC and will be made available for Drupal 7.x, 8.3.x, 8.4.x and 8.5.x. The decision to release emergency updates for the 8.3.x and 8.4.x branches, which are no longer supported, is an indication of how severe the issue is.

“The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the Drupal team said in an announcement last week.

The administrators of websites running Drupal 8.3.x and 8.4.x should make plans to update them to the officially supported 8.5.x version as soon as possible. However, they should not delay deploying the backported patches for this particular vulnerability when they are made available these older versions on Wednesday.

None of the updates will require a database update, so there aren’t many reasons not to apply them as soon as possible. Drupal is an attractive target for hackers and is constantly targeted in attacks.

Drupal is the third most popular CMS after WordPress and Joomla in terms of market share and is used by many businesses, government agencies and universities. Some high-profile users include the U.S. Department of Energy, the French government, the Mayor of London and Oxford University.

Sponsored Content
Upcoming Webinar
The 4 Current Threats Enterprises Can’t Ignore

The 4 Current Threats Enterprises Can’t Ignore

The changing digital landscape of data and devices is creating a perfect storm of opportunity for cybercriminals. Enterprises today are prime targets, as more users access more data using more—and more varied—devices. In particular, enterprises today must contend with issues including ransomware, IoT security flaws, DDoS attacks and managing mobile ... Read More
July 17, 2018

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at lucian@constantinsecurity.com or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 170 posts and counting.See all posts by lucian-constantin

One thought on “Spanish Authorities Arrest Leader of Cybercriminal Gang Behind €1 Billion Heist

Comments are closed.