This report is drawn from recent open source reporting.
Russian government reaction to cyber criminals
This week Russia revealed it had arrested a cyber crime gang in November last year for a campaign that raised nearly USD900, 000. The gang was nicknamed ‘Cron’ after the malware it used, which infected over a million Android mobile devices of Russian bank customers. Users unwittingly downloaded the malware via fake mobile banking apps, pornography and e-commerce programmes. The ‘Cron’ gang exploited a Russian bank service which allows users to move small amounts of money to other accounts by sending an SMS message. The criminals sent SMS messages from infected devices instructing banks to transfer funds to their own accounts. According to Group-IB, the Russian cyber security company that worked with Russian law enforcement on the investigation, the ‘Cron’ gang were planning to rent a further piece of malware adapted to target banks in France, Germany, the UK and the US amongst other unnamed countries.
Fake applications that impersonate a brand or organisation are not new. Purchasing from legitimate sources can reduce the risk of acquiring bogus applications.
Fake malware fixes
WannaCry ransomware may not have generated the wealth the scammers responsible were hoping for but since the attack enterprising criminals have been attempting to cash in on the heightened public awareness of WannaCry. Targeting concerned users, scammers have been offering a range of fake ‘fixes’ and ‘support services’.
This type of social engineering is a common methodology for cybercriminals. Whether viral social media posts, malicious pop-ups or well-crafted phishing campaigns, high profile events such as the WannaCry attack offer cyber criminals a hook to spread malware or to solicit funds.
It’s not only online incidents that criminals seek to take advantage of. Following news of high profile disasters such as hurricane Catrina in 2005, the 2014 Ebola outbreak and the 2015 Nepal earthquake, scammers set up fake charity websites and sent phishing emails in attempts to steal funds donated to the victims.
Recent examples of scams piggybacking on the WannaCry incident include:
- Alerts circulating of social media directing users to fake WannaCry patches which deliver malware;
- A phishing email posing as a BT customer service email which informs the user they are locked out of their BT account and directs them to a malicious link to obtain a ‘security upgrade’ to re-establish full access;
- Third party app stores offering ‘patches’ for mobile users - despite the fact no mobile operating systems are believed to be vulnerable to WannaCry.
The recent UK Action Fraud alert has more information on specific fraud attempts.
The NCSC guidance page has further information on how to protect against phishing attempts as well as our recent blog on social engineering.
Europol arrest 27 individuals involved in black box ATM attacks
An international law enforcement effort has resulted in the arrest of 27 individuals in connection with a string of successful black box attacks against ATMs across Europe. These attacks are thought to have generated up to EUR 0.5 million for the criminals responsible. Black Box attacks are cyber-enabled and involve physically penetrating an ATM’s casing to obtain access to exposed cables and ports. A laptop can then be connected and used to issue instructions to an ATM to cash out its bank notes. These attacks are less sophisticated and more common than cyber-dependant attacks that deploy malware to ATMs remotely, over a financial institution’s network. For more information on the cyber threat to UK ATMS, please see our recent assessment on CiSP.