The great cyber bank robbery of 2015 reached into twenty-nine top Russian banks and is now infamously known as the “Carbanak” criminal gang. The use of long standing APT tools, and the sophisticated computer entry with spear phishing emails into bank browsers allowed invasion of malicious malware.
Once the victims made a request, Kaspersky Lab went to work with Interpol in January 2015 to uncover the hackers. A multinational group of three separate cybercriminals was uncovered. They had performed the cyber bank heist and stole one billion American dollars over a period of two years. Their criminal plot was traced back to 2013 and discovered cyber theft of over one hundred banks in thirty countries around the world.
Arrests have led to the capture of cybercriminals from Russia, Ukraine and other parts of Europe, as well as from China. The Carbanak criminal gang responsible for the cyber robbery used several techniques drawn from the upgraded computer playbook for cyberattacks. This level of cybercrime marks a new era in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users.
Kaspersky Lab and its Global Research and Analysis Team investigation revealed three separate groups of hackers who inflicted multiple millions in terms of financial damage to the banks. At the Security Analyst Summit 2016, experts from Great presented an investigation report. For future security sake names of the victims have remained anonymous.
Here is a summary from Interpol Global Complex from actions taken in April 2015 when they simultaneously seized servers in the Netherlands and inactivated servers in US, Russia, Luxembourg and Poland.
This is expected to significantly disrupt the botnet’s operation. It will increase the cost and risk for cybercriminals intent on continuing their illegal business and will prevent victims’ computers from participating in malicious schemes.
Simda is a “pay-per-install” malware used to distribute illicit software and different types of malware, including those capable of stealing financial credentials. The pay-per-install model allows cybercriminals to earn money by selling access to infected PCs to other criminals who then install additional programs on it.
Simda is distributed by a number of infected websites redirecting to exploit kits. The attackers compromise legitimate web sites/servers so that the web pages served to visitors include malicious code. When users browse these pages, the malicious code silently loads content from the exploit site and infects a non-updated PC.
The Simda botnet has been seen in more than 190 countries, with the US, UK, Russia, Canada and Turkey being the worst affected.
The bot believed to have infected 770, 000 computers worldwide, with the vast majority of victims located in the US (more than 90,000 new infections since the start of 2015).
Active for years, Simda had been increasingly refined to exploit any vulnerability, with new, harder to detect versions being generated and distributed every few hours. At the moment, Kaspersky Lab’s virus collection contains more than 260,000 executable files belonging to different versions of Simda malware.
The unprecedented level and depth of the cyberattack was noted in February 2015 by Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team:
These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery.
The Carbanak team continued to surface throughout 2015.
Today, the update report from Kapersky and the experts from the Global Research and Analysis Team, GReAT, delivered an investigation report. For future security sake the victims’ identity has not been disclosed. The ATM is the end game play for the cybercriminals.
The team found a banking Trojan with the name of Metel, known also as Corkow, was a malware for hunting users of online banking systems. The bank criminals went into full attack in 2015 and yielded massive infiltration.
The clever attack upon a card infected the entire system and rolled back the transaction to display no change in balance. The ATM allowed the criminals to steal cash available in the ATM and they repeated the action at the next series of bank ATM locations.
Next step for the criminals led to transferring money to e-currency services. The criminal members infiltrated the devices of HR and related accounting personnel and waited until the system administrator logged into the system. If the criminals wanted to move faster on the theft, they crashed the Microsoft Word or 1C (program used in Russia). Once the system administrator called in the problem, the criminals stole the password and went on to more criminal cyber theft.
At the end of the investigation, Carbanak cybercriminals still lurk and reappear from time to time. Kaspersky Lab solutions insures the protection of all known malware through its detection and disarmament systems created by the known Cabanak, Metal and GCMAN criminal groups.
Featured image from Shutterstock.
The Pirate Bay is Hijacking PCs to Stealth-Mine Cryptocurrency
For the second time in as many months, The Pirate Bay has been caught mining cryptocurrency on your computer without consent. The torrent platform was actually test-driving cryptocurrency mining in your browser – no doubt a lucrative revenue stream.
The Pirates Are At It Again
The news was later confirmed by Bleeping Computer, which reported that,”The Pirate Bay, the internet’s largest torrent portal, is back at running a cryptocurrency miner after it previously ran a short test in mid-September.”
Estimates indicate that the scheme has earned the pirates a total of $43,000 over a three-week period.
Users had no way to opt their computers out of being test-driven by the torrent network. Back in September, The Pirate Bay got away by telling people it was just a test. The site’s owners cannot use the same excuse this time around.
CoinHive advises websites to let their visitors know their browser is being used to mine cryptocurrency.
“We’re a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what’s going on, let alone asking for their permission,” the company said.
The good news is most ad-blockers and antivirus programs will block CoinHive, given its recent abuses. That means not all visitors of The Pirate Pay were being used as a conduit for mining Monero.
Monero Joins Global Crypto Rally
The value of Monero (XMR) shot up nearly 8% on Friday, and was last seen trading at $94.17. With more than 15.2 million XMR tokens in circulation, the total market cap for Monero is $1.4 billion, according to CoinMarketCap. That’s enough for ninth on the global cryptocurrency list.
Twelve cryptos have now crossed the $1 billion valuation mark. A handful of others have made their way north of $500 million.
Ethereum Notches Two-Month High as Bitcoin Offspring Triggers Volatility
Digital currency Ethereum climbed to a two-month high on Monday, taking some of the heat off Bitcoin and Bitcoin Cash, which have slumped since the weekend.
Ethereum Forges Higher Path
Concerns over Bitcoin created a favourable tailwind for Ethereum (ETH/USD), which is the world’s No. 2 digital currency by total assets. Ether’s price topped $340.00 on Monday and later settled at $323.54. That was the highest since June 20.
At its peak, ether was up 10% on the day and 70% for the month of August.
The ETH/USD was last down 2.2% at $315.02, according to Bitfinex. Prices are due for a brisk recovery, based on the daily momentum indicators.
Fractured Bitcoin Community
Bitcoin and its offshoot, Bitcoin Cash, retreated on Monday following a volatile weekend. The BTC/USD slumped at the start of the week and was down more than 3% on Tuesday, with prices falling below $3,900.00. Just last week, Bitcoin was trading at new records near $4,500.00.
Bitcoin Cash, which emerged after the Aug. 1 hard fork, climbed to new records on Saturday, but has been in free-fall ever since. The BTH was down another 20% on Tuesday to $594.49, according to CoinMarketCap. Its total market value has dropped by several billion over the past two days.
Analysts say that a “fractured” Bitcoin community has made Ethereum a more attractive bet this week. The ether token has shown remarkable poise over the past seven days, despite trading well shy of a new record.
Other drivers behind Ethereum’s advance are steady demand from South Korean investors and growing confidence in a smooth upgrade for the the ETH network. The upgrade, which has been dubbed “Metropolis,” is expected in the next several weeks. Its key benefits include tighter transaction privacy and greater efficiency.
Ethereum Prices Unaffected by ICO Heist
Fin-tech developer Enigma was on the receiving end of a cyber-heist on Monday after hackers took over the company’s website, mailing list and instant messaging platforms. The hack occurred three weeks before Enigma’s planned Initial Coin Offering (ICO) for September 11.
In addition to defacing the company’s website, the hackers pushed a special “pre-sale” ahead of the ICO. While many users realized it was a scam, 1,492 ether tokens – valued at $495,000 – were directed into the hackers’ cryptocurrency wallet by unsuspecting backers.
The irony in all this is that Engima is a cryptography company that prides itself on top-notch security protocols. The company issued a statement that its servers had not been compromised.
Spotting a Well-Made Investment Scam
For every reasonably safe investment, there are 1000 scams and 10,000 reasonably toxic investments. Self-served advertising via social media and search engines exacerbates the problem – people sometimes click ads they think were search results, or, as humans are intended to, simply consumes the content on the screen instead of paying attention to where they’re being redirected to.
In this article we will review a recent example of a well-executed investment scam.
The intended victim, who did not actually get scammed but alerted this author to the hustle, was led to believe that the above image was redirecting to a CNN news article. This is the actual URL the link went to:
Now if you visit com-cat.press, all you see is a directory listing. This site’s entire purpose is to make people believe they are visiting legitimate .com websites, when in fact they are visiting others. It doesn’t always have to be a scam, sometimes it is simple an advertisement, but often enough it is a definite funnel to a scam. In this case, here’s where you wind up, at a place that looks an awful lot like CNN Money:
Again, this is not a real article on CNN. This is promotion for 10Markets.eu.
10Markets.eu is extremely professional looking. The platform looks to capture your details even just for demo trading. Most traders expect hurdles, so one can imagine tons of phone numbers and e-mail addresses entered:
The demo trading screen never loaded for this analyst, but the phone number is fake anyway. Took it from a coffee shop in Germany. Funnily, it appears the German exchange code is 030 in the first place, but you can’t edit that part. They also don’t allow you to visit the site at all if you’re in North America.
The tipster was clever enough to find out if 10Markets.eu was a registered broker or not. They’re not. According to ForexBrokerz.com:
10Markets is a forex and CFD broker that is headquartered in Scotland [sic] and supports the popular MetaTrader 4 platform. It is not licensed by any authority and there is not much information about the trading conditions on its website. What is worse, this broker is present in the warning lists of UK’s FCA, Australia’s ASIC and Cyprus’ CySEC, so we don’t recommend doing business with 10Markets.
There are review websites which help. Regarding 10Markets, we came up with this one.
The tipster happens to have been our own Jonas Borchgrevink. He is equipped with years of experience in website publishing, and this is why he quickly noticed that he was not reading a CNN article. The sad fact is that a high percentage of people who read that article believe it to be real, and a percentage of those people end up getting scammed. As such, here is a checklist for new trading outfits that you haven’t used or heard about before:
- Always try to get phone support right away. Before creating an account. If no one answers or there is anything suspicious, this is a scam.
- Always search for “[EXCHANGE NAME]” + “scam,” and read carefully any results that come up. Most scams could stop at one person if others listened to that one.
- In the US, you can use FINRA to check the legitimacy of an exchange or broker. In the UK, you have FCA. Many countries have sites like these, and it’s important to check the one from the country where the broker does business.
- Use ad blockers at least when legitimately searching for financial solutions.
- Check the URL! For every legitimate exchange website, there are a few fake ones designed to steal your account information.
In The Event That You Spot A Scam
Tattle! Spread the word far and wide, not just so others don’t get scammed, but also to give authorities the jump on the thieves. Otherwise, they may exit and get away with all the money before anyone stops them.
- We Have to Talk About Bitcoin Again October 21, 2017
- iComply ICO Adds Blockchain Thought Leader “ThePiachu” to Its Management Team October 21, 2017
- Trade Recommendation: Qtum October 21, 2017
- Long-Term Cryptocurrency Analysis: Bitcoin Outshines Altcoins Again October 21, 2017
- Trade Recommendation: Waves October 21, 2017
- Week In Review: Stocks Take-Off Along with Bitcoin and the Dollar October 21, 2017
- Bitcoin Hits $100 Billion as Record Rally Continues October 21, 2017
- Will Crude Oil Reach $68 a Barrel in 2018? October 21, 2017
- ICO Update: Polkadot October 20, 2017
- Daily Analysis: Stocks Shoot for the Moon as Senate Passes Budget October 20, 2017
A part of CCN
Analysis1 week ago
Analysis: Bitcoin Price at $5200, How Much is There Left in the Tank?
Analysis1 week ago
Technical Analysis: Ethereum, Monero, and Litecoin Jump as Bitcoin Goes Parabolic
Analysis6 days ago
5 Things to Watch Next Week: Byzantium, Bitcoin Stretched, Gold’s Strength, The Next Fed Chair, Kirkuk and Crude Oil
ICO1 week ago
ICO Analysis: UTRUST
ICO1 week ago
ICO Analysis: Request Network
Cryptocurrencies6 days ago
Trade Recommendation: Stellar
Analysis1 week ago
Technical Analysis: Litecoin Follows Bitcoin Higher as Market Tops $165 billion
Cryptocurrencies1 week ago
Trade Recommendation: Bitcoin