In October, I reported on an incident that involved a data breach at Hyatt hotels. The cybersecurity breach was spearheaded by malware, which has been linked to a group dubbed the “Carbanak malware gang” by media outlets. This group, based on the investigations into their activities, primarily target financial institutions and have for many years. All of this may change, however, as the purported “mastermind” of the operation has been taken into custody.
As reported by Europol’s press release on the arrest, a joint operation of “Spanish National Police, with the support of Europol, the U.S. FBI, the Romanian, Belarussian and Taiwanese authorities and private cybersecurity companies” took down the Ukrainian leader of the Carbanak gang in Alicante, Spain.
The two main malware strains that the gang was responsible for was Carbanak and Cobalt. Cobalt, in particular, was insanely powerful as it allowed EUR 10 million per heist to be stolen by cybercriminals. Europol summarized the damage and scope that the Carbanak gang had inflicted on the financial world as follows:
Since 2013, the cybercrime gang have attempted to attack banks, e-payment systems and financial institutions using pieces of malware they designed, known as Carbanak and Cobalt. The criminal operation has struck banks in more than 40 countries and has resulted in cumulative losses of over EUR 1 billion for the financial industry.
While the leader of the Carbanak malware gang has been arrested and will face prosecution, it is not known what comes next for the group as a whole. Will the leader roll over on the group’s members in order to lessen the prison time? Or, conversely, will the leader not snitch and instead pull the strings from behind bars while the higher-ups in the organization take control? These things cannot be answered yet, but what is certain is that the malware created by the group still remains a threat. Other criminals utilize the Carbanak and Cobalt malware, and until it proves ineffective, they will continue to do so.
This is a great turn of events for the security community, which has been dealing with this nonsense since 2013. But we mustn’t become complacent. Due diligence is required to stamp out any future effects that this criminal enterprise has set in motion.
Photo credit: Flickr / Connor Tarter