Carbanak Arrest Shows the Way Forward for Banking Industry


Ted McKendall

The recent arrest of the mastermind behind the Carbanak malware and Cobalt malware shows the benefits of industry collaboration, but also indicates the sustained and varied threats that banks and other financial institutions face on a daily basis. 


The Ukrainian national known only as ‘Denis K’ was arrested in Spain and is accused of leading a group that stole around $1 billion from more than 100 banks through cyber-attacks that go back as far as 2013. Authorities seized computer equipment, jewelry valued at almost $700,000, “various documents” and two luxury cars in the raid at Denis K’s large home in Alicante, Spain. Three accomplices were also taken into custody. 


In terms of attack methods, the group got their malware onto bank networks by sending key personnel spear phishing emails, with these appearing to be from international banking organizations or ATM vendors. These emails included links to websites that, when visited, would begin to download malware onto the victim’s machine. 


Once the malware was downloaded into banks’ systems, it allowed the group to manipulate their computers, including those controlling ATM networks. In some cases, the group was able to change the withdrawal limits on accounts and then take out large amounts of cash. 


The criminals used three separate generations of malware to penetrate and then lurked on financial networks. They would distribute the money in a variety of ways, from siphoning off cash through bank transfers to laundering money through payment cards and cryptocurrencies. 


Banks Will Always be Key Cyber-crime Targets 

The concern for banking institutions isn’t solely that they are the number one target – after all, that’s where the money is – but also that they face the widest range of attacks, from the sophisticated to the so-called ‘script kiddies’, and the new to the old. 


Just this week, Swiss watchdog FINMA warned that cyber-attacks now pose the biggest risk facing banks in Switzerland, a notable statement given that Swiss banks are largely viewed as being the most secure in the world. 


This is perhaps an indication that banks should foster their own sense of communication and collaboration if they are to mitigate future attacks and keep their customers safe. 


Collaboration is a Requirement for Defense 

The Carbanak arrest, described by Cyber-Crime Centre (EC3) boss Steven Wilson as a “significant success”, is a sign once again that fostering closer industry collaboration can pay huge dividends in the global battle against cyber-crime.  


In particular, the combination of public and private sector, with the expertise of the security vendor industry and the facilitation of authorities like EC3 and the FBI, means criminal infrastructure can be disrupted much faster than ever before. And that means preventing attacks and bringing criminals to justice quicker too. 


This operation is a fine example of this cross-discipline collaboration as it is said that Europol, the FBI, cyber-security firms and police forces in Spain, Romania, Belarus and Taiwan worked together to track down the gang.  


And it is here there may be a lesson for banks who have been historically poor at inter-industry information sharing when it comes to security. To date, perhaps owing to a highly competitive industry that is increasingly more crowded, there has been little appetite for sharing relevant information. The UK’s Waking the Shark cyber simulation exercise a few years ago is a perfect example – opposing banks would not inform their rivals when they had been breached, even though it was just a simulated exercise.  


That said, perhaps times are changing in this regard too, a sign of the increasingly global cyber-crime landscape. For example, in a recent report from PwC, Canadian banks said they were looking to innovate and incorporate emerging technologies into their business models, and to do this they were looking to invest in enhancing their cybersecurity models to balance risks and opportunities.  


Crucially, these same banks said they were looking to collaborate within industry to undertake cybersecurity assessments of joint initiatives, making sure those risks are understood and mitigated. 


Collaboration is Futile Unless Combined with a New Technology Approach 

Trusted Knight technology is used by banks all over the world to protect the full transaction stack when conducting sensitive transactions online. We prevent malware from accessing and exfiltrating data, and from interfering with transactions at all. This approach can also be used across the broader financial services sector, and across mobile and web. If the banking industry is fully collaborative but supports that partnership with traditional tools, the effort to thwart cyber-crime will always fall short. Success in today’s threat landscape requires new thinking on collaboration as well as new technological approaches.