An international police operation has taken down a gang that allegedly stole an estimated $100 million from more than 41,000 victims using malware, European police organization Europol announced this month. The gang allegedly infected computers with the GozNym malware, enabling its members to obtain online banking credentials and access to victims' bank accounts. They also used those accounts to launder the money they stole and transfer the funds to their own accounts, Europol alleges.
What sets the GozNym gang apart is its use of cloud and digital platforms to carry out its operations and recruit service providers, technical expertise, and other accomplices. A U.S. federal grand jury in Pittsburgh has indicted 10 gang members, while prosecutions are underway in Georgia, Moldova, and Ukraine. Law enforcement agencies in Bulgaria and Germany also were involved.
"The collaborative and simultaneous prosecution of the members of the GozNym criminal conspiracy in four countries represents a paradigm shift in how we investigate and prosecute cybercrime," says U.S. Attorney Scott Brady of the Western District of Pennsylvania.
But criminals are shifting the paradigm, too. A new wave of organized crime groups are using the tools of digital transformation to carry out crimes throughout the world.
"Digital transformation is making it easier not only for legitimate organizations to expand their reach, but also for fraudsters and other bad actors to expand theirs," notes the 2019 Current State of Cybercrime report from cybersecurity firm RSA. The RSA study spotlights trends spanning mobile, legitimate platforms, and digital crime.
Last year, mobile communications was the source of seven out of 10 fraudulent transactions, RSA notes. Such transactions via mobile apps have increased nearly seven-fold since 2015.
But it's not just fraud that has gone mobile. One in five cyberattacks could be attributed to rogue mobile apps. RSA reports that on average 82 rogue apps are identified each day. RSA expects that trend to continue this year, "especially as cybercriminals keep finding ways to introduce tactics and technologies such as phishing and malware to the mobile channel."
Leveraging Legitimate Platforms
Last year, RSA's report pointed out that criminals were using social media networks and messaging platforms such as Facebook, Instagram, and WhatsApp to communicate and to sell stolen credit card numbers and identities. That warning has been borne out by a 43% increase in social media fraud attacks, according to this year's report.
These platforms are attractive to criminals because they are free of charge and easy to use, the report notes. RSA predicts criminals will open more stores on social media platforms to trade in stolen identities and similar data.
Moreover, cybercriminals "are developing their own apps to increase their anonymity, avoid detection, and otherwise keep anti-fraud forces from tracking them down," RSA says. Another threat to watch is criminals exploiting on-demand service platforms such as Airbnb and Uber for money laundering and to commit fraud.
Criminals are turning to digital technologies to aid and abet their crimes, RSA reports. For example, they are automating the process of verifying stolen user names and passwords, using account-checking tools. They also are targeting ever-more-ubiquitous Internet of Things devices.
Moreover, RSA warns that criminals are exploiting cross-channel vulnerabilities by combining mobile, cloud, and other digital channels to launch attacks. An example would be using social engineering tactics to have an organization's call center change the password on a victim's online account so that the criminal would have access.
Crime as a Service
The GozNym case highlights another trend not mentioned in the RSA report: leveraging underground criminal networks to recruit accomplices. According to Europol, the gang came together as a "cybercrime as a service" operation. Its ringleaders used Russian-language online criminal forums to connect with people who acted as hosts, money "mules," encryption providers, spammers, computer coders, and technical support.
For example, the gang's leader obtained online hosting services for the attacks from the Avalanche network, which provided services to more than 200 cybercriminals and hosted more than 20 malware campaigns.
The Risk of Copycats
The U.S. Justice Department reports that five of the accused GozNym members are still at large — complete with a Federal Bureau of Investigation wanted poster. But as with many technology advances, other criminals are likely to copy the GozNym gang's tactics and add their own innovations.
To protect themselves, organizations need to combine vigilance and technology. "In this way, digital transformation becomes both a critical contributing factor in the problem of growing cyber risks today — and a critical resource for solving it," RSA says.