Modern bank robbers arrive by email

Modern bank robbers arrive by email

Reports from Spain recently announced the arrest of the ringleader of a gang of cyber bank robbers that had succeeded in bagging more than a billion Euros in virtual heists since 2013.

The arrest was the result of a truly concerted police effort – besides the Spanish state police, the investigation involved Europol, the US FBI as well as investigative agencies from Romania, the Republic of Moldova, Belarus and Taiwan, plus various IT security companies.

The robbers attempted to raid banks as well as payment and financial service providers in more than 40 countries and employed ever-improving malware with a name that kept changing from “Anunak” to “Carbanak” and finally “Cobalt”. With “Cobalt” alone, it was possible to plunder loot of up to 10 million Euros per robbery.

The modus operandi was always the same, according to a Europol press release: The cyber-criminals sent bank employees spear-phishing emails containing malicious attachments, which were purported to have originated from reputable senders. As soon as the attachments had been downloaded, the attackers took control of the victim‘s infected computer and from there they hacked into the internal bank network and the servers that controlled the ATMs. Following this, they siphoned off cash in various ways, which they then partly laundered by means of pre-paid credit cards for crypto-“currencies” and used thereafter to purchase luxury cars and real estate.

Retarus offers protection from these kinds of attacks on several different fronts with its E-Mail Security service. The phishing filter in combination with the CxO Fraud Detection function in our new ATP package safeguards you against spear phishing. The AntiVirus MultiScan with up to four scanning engines reliably intercepts infected attachments, while sandboxing also identifies malware for which signatures are not yet available. Last, but not least, our patent-pending Patient Zero Detection® even makes it possible to react to malware which has already landed in a recipient’s inbox (postdelivery protection).

Tags: //