Russian threat intelligence organization Group-IB has warned that the Cobalt gang, which was responsible for stealing up to $1.2 billion from banks across the globe, has re-emerged.
The gang is known for its carefully orchestrated attacks that combine phishing scams and ‘jackpotting’, in which malware dispenses cash from ATMs at set times. Over the past two years, Cobalt has robbed banks across central and eastern Europe, the UK, Taiwan, and Malaysia. In March 2018, police arrested the gang’s leader and 20 accomplices, temporarily halting them, but it seems the crime syndicate is now back in business.
According to Group-IB, “[t]he most likely scenario is that remaining Cobalt members will join existing groups or a fresh ‘redistribution’ will result in a new cybercriminal organization – ‘Cobalt 2.0’ – continuing attacks on banks worldwide.”
How Cobalt operates
Attacks begin with spear phishing emails sent to bank employees. The emails contain malware that spread through banks’ networks, looking for computers with access to software that controls ATMs, bank accounts, and wire transfers.
The gang steals money by:
- Using malware that orders ATMs to spew out money at specific times, with mules waiting to collect the cash
- Withdrawing funds from targets’ accounts
- Modifying banks’ databases to inflate the balances of accounts belonging to the gang
The crooks have been known to launder the money via cryptocurrencies or prepaid cards linked to cryptocurrency wallets. Europol, which headed the investigation that led to the members’ arrests, said that the gang bought luxury goods, cars, and houses with the money, some of which they returned to again launder the money.
Banks aren’t the only institutions susceptible to phishing attacks. Whatever your line of business, phishing is a threat that you need to take seriously. If one of your employees falls for a malicious link or attachment, your entire corporate network is at risk.
IT Governance’s Phishing Staff Awareness Course educates staff on the risks of phishing emails, helping your team understand how phishing works, what tactics cyber criminals employ, and how to spot and avoid phishing campaigns.
You can combine this with our Simulated Phishing Attack to assess your employees’ awareness of phishing attacks and gain recommendations on improving your security.
We also recommend regular penetration testing to determine the vulnerabilities present in your network and applications. If a careless employee does click a malicious link or open an infected attachment, you want to make sure that your systems are as secure as possible.