Cyber Crime - Carbanak Bank Hacker Arrested

Spanish Police has arrested the alleged leader of an organized Russian cybercrime gang behind the Carbanak and Cobalt malware attacks, which stole over a billion euros from banks worldwide since 2013.

Leader   of Hacking Group Who Stole $1 Billion From Banks Arrested In Spain

Leader of Hacking Group Who Stole $1 Billion From Banks Arrested In Spain

In a coordinated operation with law enforcement agencies across the globe, including the FBI and Europol, Police detained the suspected leader of Carbanak hacking group in Alicante, Spain.

Carbanak hacking group started its activities almost five years ago by launching a series of malware attack campaigns such as Anunak and Carbanak to compromise banks and ATM networks, from which they swiped millions of credit card details from US-based retailers.

According to the Europol, the group later developed a sophisticated heist-ready banking malware known as Cobalt, based on the Cobalt Strike penetration testing software, which was in use until 2016.

"The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist," Europol said.

In order to compromise bank networks, the group sent malicious spear-phishing emails to hundreds of employees at different banks, which if opened, infected computers with Carbanak malware, allowing hackers to transfer money from the banks to fake accounts or ATMs monitored by criminals.

According to the authorities, the criminal profits were also laundered via cryptocurrencies, through prepaid cards linked to the cryptocurrency wallets, which were used to buy goods such as luxury cars and houses.

In early 2017, the gang of financially-motivated cybercriminals was found abusing various Google services to issue command and control (C&C) communications for monitoring and controlling the machines of its victims.

In separate news, Ukraine Police announced today the arrest of another member of Cobalt group in Kiev, for developing malware and selling personal data from citizens worldwide.

The suspect was working with Cobalt group since 2016 and also involved in cyber-espionage activities. He allegedly sold a variety of malicious software in underground markets that allows anyone to access and control victims' computers remotely.

"This global operation is a significant success for international police cooperation against a top-level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity," said Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3).
"This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top-level cyber criminality."

BitCoin Crashing, what is going on? Cybercriminals ditched Bitcoin

Cybercriminals are increasingly moving away from bitcoin as their preferred digital currency in favor of lesser-known cryptocurrencies because of prolonged transaction delays, surging transaction costs and general market volatility, experts tell CyberScoop.

Although cybercriminals have been slowly moving away from bitcoin for months, researchers say a noticeable shift towards alternative coins — such as Monero, Dash and ZCash — occurred when bitcoin’s value skyrocketed over $19,000 for one bitcoin in mid-December. The price has drastically fluctuated between $12,000 and roughly $19,000 since then.

“Many cybercriminals emulate the operational best practices of legitimate businesses in order to minimize their overhead costs and maximize returns, and in the case of high transaction costs with bitcoin, it makes perfect sense to look at other coins with smaller overheads,” said Richard Henderson, a global security strategist with endpoint cybersecurity firm Absolute.

Experts say this shift does not necessarily mean that hackers have abandoned bitcoin altogether, but instead current conditions in the criminal underground may be forcing them to change their behavior.

“We’ve seen [dark web] sites pop up in recent months that market themselves on only accepting alternative cryptocurrencies —“Monero Only” in the case of currently-down Libertas Market,” said Emily Wilson, director of analysis at Maryland-based dark web intelligence firm Terbium Labs. “Markets being able to operate and advertise based on alternative cryptocurrencies speaks to a slow but visible change in the system … Slow is key here, though. Market admins aren’t adjusting or reacting at the same pace as avid traders.”

The first sign of dissatisfaction from cybercrime syndicates with bitcoin’s performance began around mid-2017, according to Andrei Barysevich, director of advanced collection with Recorded Future.

“Ease of exchange into cash around the world, anonymity and almost instantaneous speed of transactions of even the smallest amounts led to bitcoin’s acceptance as a de-facto currency for the entire criminal underworld,” said Barysevich, but things have changed, challenging these same strengths.

The current situation, Barysevich explained, is different from just six months ago, when far less people were paying attention to bitcoin, pushing transactions through the blockchain and therefore filling up the market with demand.

The emergence of newer, privacy-focused technologies associated with Monero, Dash and ZCash, which make the funds extremely difficult to track has further attracted use by some cybercriminals. One digital payment option, known as Ether, for example, gained popularity recently for its obfuscation capabilities, experts said.

“We are starting to see Ether as a preferred payment option of some members primarily because of service support, which allows entirely anonymous registration, as well as the mixing infrastructure that helps criminals to further obfuscate transactions,” Barysevich told CyberScoop. “This said, we see Dash, ZCash and to some extent Monero as bitcoin’s likely successor [for cybercriminals], because several high-profile vendors of compromised credit cards have already migrated or will do so in the next few weeks.”

Recorded Future and Terbium Labs are far from the only firms to notice Monero’s rise.

“[We’ve noticed that] Monero is becoming increasingly prevalent,” Vitali Kremez, director of research with Flashpoint, told CyberScoop.

The rapid adoption of Monero by hackers is perhaps most evident through its implementation in various online, illegal marketplaces, said Kremez.

“Flashpoint’s has been closely tracking the shift in leveraging Monero as one of the leading currency for trading on various deep and dark web communities due to its advanced payment origin obfuscation algorithms,” Kremez said.

In July, international law enforcement partners including the FBI shut down AlphaBay, the largest dark web marketplace. AlphaBay allowed people to sell drugs, weapons, malware and other illegal material in exchange for cryptocurrency.

As part of the AlphaBay take down, police collaborated with various bitcoin exchange platforms to identify payments relating to illegal activity. While bitcoin was fundamentally designed to be anonymous, certain exchange platforms store data about users and their transactions.

Some say that working relationship may provide another reason for criminals to shy away using bitcoin.

“The lack of cybercriminal trust in bitcoin exchanges also leads to cybercriminals utilizing bitcoin less as a preferred currency,” said Kremez. “In 2017, the collaboration between bitcoin exchanges and law enforcement contributed largely to the major law enforcement wins – from the AlphaBay takedown arrests and the Dream administrator arrest.”