Three people associated with the hacking group FIN7 — also known as Carbanak — were arrested in Europe and are facing charges in the United States. In a U.S. court filing, Fedir Hladyr, Dmytro Fedorov and Andrii Kolpakov were arrested between January and June of this year. Hladyr is already in U.S. custody, and American authorities are seeking extradition of the other two.
The trio was arrested in connection with computer hacks of more than 120 U.S. companies, in which they stole customer payment card data and other information, causing tens of millions of dollars in losses, according to the filing.
Earlier this year, the leader of the cybercriminal gang responsible for the Carbanak and Cobalt malware attacks was arrested by Spanish police. The group was able to steal $1.2 billion from banks by changing account balances and having ATMs dispense cash. Identified as “Denis K,” the person was arrested in the port city of Alicante in Spain after cooperation between law enforcement in the U.S., Asia and Europe.
Europol contended that the group has been operating since 2013 and has members in 40 countries around the globe. The attackers targeted around 100 financial institutions (FIs), sending malware-infected emails to bank employees to access their networks and servers to engage in the fraud.
These cyberattacks have a real impact on the U.S. economy. The White House Council of Economic Advisers (CEA) recently revealed that cyberattacks cost the U.S. anywhere from $57 billion to $109 billion. Outside the U.S., entities with malicious intent were based in Russia, China, Iran and North Korea.
The report out of the CEA follows another recent survey, which revealed that cybersecurity is the biggest worry for companies, especially since few of them feel prepared to handle an online attack.
“Cyber risk is an escalating management priority, as the use of technology in business increases and the threat environment gets more complex,” said John Drzik, president of Global Risk and Digital at Marsh. “It’s time for organizations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”