Detectives from the Metropolitan Police Central e-Crime Unit have arrested 19 people under suspicion of using the Zeus Trojan to steal millions from online bank accounts.
A total of 15 men and four women arrested in dawn operation on Monday are aged between 23 and 47 and are being held at various police stations in London. They are alleged to be part of a gang that has stolen at least £6 million in the past three months, according to BBC News.
Detective chief inspector Terry Wilson of the Metropolitan Police said that this amount would ‘increase considerably' as the investigation goes on. He said: “We believe we have disrupted a highly organised criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent people's accounts, causing immense personal anxiety and significant financial harm - which of course banks have had to repay at considerable cost to the economy.
“Online banking customers must make sure their security systems are up-to-date and be alert to any unusual or additional security features requested which is at variance with their normal log-on experience. Greater public awareness and education will make it harder for personal details to be compromised and for this type of fraud to be carried out.”
Dave Jevans, CEO of IronKey, said: “Whilst it's a positive sign that the UK police have arrested 19 people, these organised cyber criminal gangs have been carrying out successful attacks across the globe for a number of years.
“Unfortunately, this is only the tip of the cyber crime iceberg as in the past 18 months, the bad guys in the US, Latin America and Europe have realised it is a lot easier to steal £500k from a corporate account in one go than it is to take £1k from 500 consumers. And unlike the consumer banking customers who been targeted by the cyber criminals, businesses that have funds stolen aren't insured.”
Dave Divitt, fraud and risk solutions consultant at ACI Worldwide, said: “This story shows the lengths to which criminals will go to commit fraud, and the PCeU must be congratulated on breaking this criminal gang.
“Despite criminals' ever advancing methods of attack, police can still disrupt and put an end to this activity, and as banks and police team up and pool their intelligence, these sorts of busts will hopefully become more and more commonplace.”
Mel Morris, CEO at Prevx, said: “Whilst this case is definitely good news, it really is a drop in the ocean when you consider the sheer number of criminals out there constantly launching a variety of attacks on banks. Malware has evolved thanks to a level of professionalism from malware writers now being more than equal to that of security vendors if not more innovative.
“These criminals' techniques are so advanced that they are able to quickly spot weaknesses in most defences by using centralised intelligence gathered from analysis of the anti-malware development models of traditional vendors to fly under the radar of malware detection. Subsequently, mainstream security technologies are reacting to threats instead of being one step ahead of the criminals.
“The Trojan is able to change before a security vendor gets a sniff of it. The problem is that for the unlucky few who are targeted, this malware is able to steal vast amounts of information right under the nose of the majority of security products on the market. If we fail to act now, criminals will continue to reap the rewards while the industry merely bites at their heels.”