The mastermind behind the Carbanak and Cobalt malware attacks on over a 1000 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies.
In operation since 2013, the crime ring behind the malware struck banks in more than 40 countries resulting in cumulative losses of over EUR1 billion for the financial industry.
The magnitude of the losses is significant, says Europol: The Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.
The malware was typically infiltrated through spear phishing e-mails containing a malicious attachment impersonating legitimate companies. Once downloaded, the virus allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs.
The criminals could then order the machines to spit out money at a pre-determined time, or inflate account balances for money mules to cash in. Profits were laundered via prepaid cards linked to cryptocurrency wallets which were used to buy goods such as luxury cars and houses.
Europol credited the support offered by the Cybersecurity Working Group of the European Banking Federation, alongside international police forces, in contributing to the take-down.
Wim Mijs, EBF chief, says: "This is the first time that the EBF has actively cooperated with Europol on a specific investigation. It clearly goes beyond raising awareness on cybersecurity and demonstrates the value of our partnership with the cybercrime specialists at Europol. Public-private cooperation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang."