The Spanish authorities today arrested a suspect who is the alleged leader of a gang of cyber criminals that stole more than 1 billion Euro ($1.24 billion) from 100 banks worldwide. The gang used malware such as Carbanak and Cobaltto gain access to banks and other financial organisations.
The banks could be hacked because they either hadn’t installed Microsoft Word updates for years, or because employees opened malcious RAR files with CPL files. Sometimes infections also took place because employees enabled malcious macros in Word documents. Last year the gang changed its methods and it started to sent out Word documents with embedded LNK files. Users had to take several steps before their computers were actually infected by the malware.
As soon as the criminals gained access to the network of the bank, the servers that controlled the ATMs were infected. Once infected, the criminals could retrieve money from the machines remotely. The criminals also wired money to accounts under their control. Also the databases of the banks were changed, the criminals raised the balances of several accounts. Straw men then took the money from the accounts. The criminals bought expensive cars and houses with the money they stole.
In the investigation of the gang, the Spanish police, Europol, the FBI and the Romanian, Belarus and Taiwanese authorities were involved. The gang was able to steal more than 1 billion Euro ($1.24 billion) from 100 financial organisations in 40 different countries. Sometimes the criminals succeeded to steal 10 million Euro ($12.4 million) in a single attack.