Cybercriminals Use Man-in-the-Middle Attacks to Steal 6 Million Euros

Europol recently announced that a joint international operation had successfully dismantled a cybercriminal group active in Belgium, Georgia, Italy, Poland, Spain and the U.K., which had been responsible for international fraud totaling 6 million Euros over a very short period of time.

“The modus operandi used by this criminal group is the so-called man-in-the-middle and involved repeated computer intrusions against medium and large European companies through hacking (malware) and social engineering techniques,” Europol stated in a press release. “Once access to companies’ corporate email accounts was secured, the offenders monitored communications to detect payment requests.”

The cyber criminals then used their access to request that the companies’ customers send payments to bank accounts under the criminals’ control. “These payments were immediately cashed out through different means,” Europol stated. “The suspects, mainly from Nigeria, Cameroon and Spain, transferred the illicit profits to outside the European Union through a sophisticated network of money laundering transactions.”

The Europol operation resulted in the arrests of 49 suspected members of the cybercriminal gang, searches of 58 properties, and seizure of laptops, hard disks, telephones, tablets, credit cards, cash, SIM cards, memory sticks, forged documents, and bank account documents.

It was coordinated by Europol’s European Cybercrime Center (EC3) and Eurojust, led by the Italian Postal and Communications Police, the Spanish National Police and the Polish Police Central Bureau of Investigation, and supported by UK law enforcement.

“Eurojust played a pivotal role in promoting the best EU efforts against this type of criminality, which requires expertise, cooperation and coordination among all involved national and international actors,” Teresa-Angela Camelio, Eurojust Assistant to the National Member for Italy, said in a statement. “These joint operations send a strong message to cybercriminals, who will be subject to justice in any jurisdiction.”

Proficio CEO Brad Taylor told eSecurity Planet by email that there are many variations of these types of scams, all of them aimed at convincing targets to wire funds to bank accounts under the fraudsters’ control. “Some use similar domain names to trick targets into thinking they are receiving a legitimate email from their manager or a vendor with a request to transfer funds,” he said. “Organizations should educate their finance teams to be aware of such attacks and identify suspicious, lookalike email domains and block them.”

Still, a survey conducted last year by Enterprise Management Associates found that more than 56 percent of employees (excluding security and IT staff) at a wide variety of organizations are not provided with security awareness training.

“The potential cost of employees making poor security choices due to lack of awareness and understanding may go unrecognized until it becomes an actual cost of breach reparations,” the EMA report warned.

This eSecurity Planet article offers advice on how to offer security awareness training that works.