The threat of cybercrime against organizations is snowballing each passing day. According to one McAfee estimate, cybercrime-related damage now stands at over $400 billion, up from $250 billion two years earlier, with business-related costs running in the billions, too. Organizations are steadily investing in ramping up their digital borders and security protocols in an attempt to stave off e-criminals. Many are still turned away by the costs or the bewildering range of available tools and services.
Nowadays, the potential of the internet has been embraced by organized cybercrime gangs. Their operations have become so sophisticated in recent years that they have conducted large-scale attacks on big companies and launched insidious cyber campaigns that have caused millions of dollars in damage.
Here are five of the most infamous cybercrime groups that have made headlines.
- Cobalt Cybercrime Gang
This gang is the mastermind behind the Carbanak and Cobalt malware attacks that targeted 100 financial institutions in more than 40 countries worldwide. Their complex cybercrime campaigns on numerous banks allowed more than $11 million per heist to be stolen by these criminals. And it caused more than a billion dollars in cumulative losses for the financial industry.
Mode of operation: A typical Cobalt attack infiltrated bank institutions by sending spear-phishing emails to bank employees with malicious attachments. After it’s download, criminals got access to the infected computer and entered the internal banking network. They spent months studying the bank’s operations and workflows inside the infected networks.
When they began infiltrating the servers that controlled the ATMs, it got even worse. ATMs were instructed during the final heist — called ‘jackpotting’—to dispense cash remotely at a specific time in planned spots where a money mule was waiting to collect the money.
In 2018, the alleged mastermind was arrested. However, experts now believe that after seeing similar attacks on numerous other banks shortly after his arrest, the remaining members picked up where he left off.
- Lazarus Gang
This group is connected to North Korea, and they made many treacherous attacks against institutions and organizations. The most infamous was the 2014 Sony Pictures breach and the sinister campaign affecting the NHS (National Health Service) of England through the cyberattack on WannaCry.
Sony Pictures Leak: Staffers were outraged to find their corporate network had been hacked during the infamous Sony Pictures leak. Hackers took terabytes of confidential data, deleted some files, and, if Sony refused the hackers’ demands, threatened to leak the information.
For days, networks were down, and the staff was compelled to use whiteboards. The hackers began leaking confidential information that they stole to the press a few days later.
WannaCry Ransomware Attack: It is also assumed that the Lazarus group was behind the WannaCry Ransomware attack in 2017 that affected nearly a quarter of a million computers in 150 countries. It crippled numerous businesses and organizations, including the NHS of the United Kingdom. It was the most massive attack ever experienced by the NHS.
For several days, WannaCry put the health system’s operations to a standstill, caused more than six thousand jobs to be cancelled, and cost the NHS an estimated $100 million.
- MageCart Syndicate
This large e-commerce hacking syndicate, made up of various groups under one big umbrella, became famous for stealing data from customers and credit cards. This, a form of software skimming, malware that hijacked payment systems on eCommerce sites, recording credit card details, was devised.
Over the years, thousands of e-commerce sites have been targeted by MageCart groups and other websites where users usually enter their credit card information. For example, British Airways suffered a massive information violation by a MageCart group in 2018. The attack compromised 380,000 clients’ personal and financial data. But just the tip of the iceberg was the attack on the airline.
A few days later, the British Airways attack, the massive MageCart digital card skimming campaign also targeted Newegg’s hardware distributor. MageCart is even thought to be behind the attack by Ticketmaster that compromised 40,000 customer data.
- Evil Corp
The group’s name leaves no doubt that they are out to cause trouble, trouble worth millions of dollars to be exact. To undertake all kinds of institutions, including a school district in Pennsylvania, this international cybercrime gang with members based in Russia uses different malware types.
Organizations in Europe and the US are most of their targets, and they have managed to evade arrest for years. The insidious Dridex banking Trojan, which enabled the cybercrime group to collect login data from numbers of banks and other financial institutions across 40 countries, has made Evil Corp famous.
Evil Corp managed to steal an estimated amount of $100 million during the Dridex heist’s height.
Videos of the alleged leaders flaunting their supercars and lavish lifestyle went viral last year. They are so brazen, and while the US government had already formally indicted them in December 2019, still many experts believe that it will be hard to make their founders face trial in the US.
Also, the indictment did not deter the group. A series of new attacks during 2020 on small to medium-sized US businesses have been linked to Evil Corp. This involves Symantec’s June 2020 discovery of a plan to attack dozens of US corporations. Using a new class of ransomware called WastedLocker, eight Fortune 500 companies were targeted.
- GozNym Gang
Behind the threatening GozNym malware, a robust Trojan hybrid created to avoid detection by security solutions is this international cybercrime network.
A hybrid of the Nymaim and Gozi malware is GozNym, considered a two-headed monster. The sinister fusion allowed the malware to sneak onto a customer’s computer through malicious email attachments or links. The malware remained virtually undiscoverable from there, waiting for the user to log in to a bank account.
From there, details were collected, funds were stolen and siphoned off to US and foreign banks, and then washed away by money mules. More than 41,000 computers were affected by the attack, and account holders were robbed of some $100 million in total.
Organized Cybercrime Gangs
After legitimate business organizations, these international cybercrime gangs model their operations and business models. So much so that safety analysts claim that they provide training for new members, use collaborative instruments, and even use service agreements between the ‘specialists’ they hire.
For example, most, like the GozNym group, have a CEO-like ringleader who hires project managers from the dark web. These project managers are experts who are responsible for each part of the attack.
Take the GozNym gang, which had coding ‘specialists’ that polished their malware’s ability to avoid security solutions, a separate distribution team, and another group of specialists took over the bank accounts control. They also recruited money mules or money launderers (‘drop masters’) who got the funds and redistributed them overseas to gang members.
These itself shows the structural and functional precision that has allowed even the most established organizations to infiltrate these groups, cause massive havoc, and steal millions of dollars.
One of the critical actions towards winning the fight against such sophisticated cyber-attackers is understanding how they operate and prevent their every step. Only seasoned cybersecurity company and a team of experts can thwart these attacks before they take place.
To know more about cyber threats and suitable cybersecurity measures, contact us [Cybernetic Global Intelligence (CGI), an Aussie cybersecurity company]. You may either make a call at 1300 292 376 or leave a mail to Contact@cybernetic-gi.com for help at, anytime.