A sophisticated cyber crime organisation is still active despite the arrest of their "mastermind" in Spain, security researchers have warned.
The Carbanak group, also known as the Cobalt gang, gained infamy after hacking into the computer networks of financial institutions and programming ATMs to dispense cash at pre-determined times to waiting mules.
Although a Ukrainian national – known as Denis K and described as the gang's "mastermind" – was arrested in Alicante by the Spanish national police earlier this year, the group is still active according to cyber security firm Secureworks.
Alex Tilley, a senior security researcher at Secureworks, told Sky News that criminal organisations such as the Carbanak group were conducting cyber operations in a similar manner to nation states, performing reconnaissance and developing custom malware.
"Criminals are moving from using basic phishing and malware kits to target retail and business banking accounts towards using custom malware and tactics, such as long periods of quiet reconnaissance inside a target network, the use of password dumpers and lateral movement tools, and custom tooling," he explained.
Another unnamed man connected to the Carbanak group was also arrested in Ukraine this year.
"The two arrests… represent tremendous police work by the agencies involved and will undoubtedly have significant intelligence and investigative value with more arrests hopefully to follow the arrest of Denis K," said Mr Tilley.
Secureworks has reported that this year it has detected a sophisticated new tool being used by the group, which is believed to have stolen more than £900m globally from banks since at least 2016.
Named "SpicyOmelette" the hacking tool uses "multiple defence evasion techniques" and is typically delivered through a phishing email containing a shortened link appearing to be a PDF attachment.
However, when clicked, the link redirects to a URL controlled by the hackers that attempts to automatically install a file which would give the group control over their victim's machine.
Despite the arrest in Spain, Mr Tilley said that Secureworks has continued to observe the group develop attacks since the arrest of Denis K.
Mr Tilley told Sky News: "The targeting of this group initially was observed almost exclusively to be eastern European banks and other financial services, however in the last 18 months, the geographic spread of targets has been expanding with institutions in western Europe and across Asia hit, as well as some US institutions as well.
"A UK bank or a UK subsidiary could be targeted at any point," Mr Tilley warned.
More from Cyberattacks
Groups like Carbanak "are well experienced, resourced, patient, skilled and effective – and the future of large scale cyber crime", he added.
"Financial institutions around the world are facing this threat and need to meet it with similar skills and resources."
[contf] [contfnew] 
Sky News
[contfnewc] [contfnewc]
