Organized Cybercrime Groups and Drug Cartels Come Together to Target Latin Americans

  • This new method has been adopted widely across Latin America to stealthily move the stolen money between countries.
  • For this, attackers used popular messaging services like WhatsApp, Facebook Messenger, and Telegram to coordinate attacks.

Cybercriminals are always on the run to expand their malicious activities. Over the years, they have come up with numerous clever tactics and techniques to infect more organizations across the globe.

One of the latest tactics used by cybercriminals is partnering with criminal networks like drug cartels to effectively execute their attack campaigns. According to a new report from cybersecurity firm IntSights, this new method has been adopted widely across Latin America to attack financial institutions and governments and stealthily move the stolen money between countries.

What is the impact?
Researchers took a deep dive into attack campaigns carried throughout 2019 and found that multiple organizations in Colombia and Brazil were hit with financially devastating breaches. In some cases, people also reported widespread scams aimed at siphoning of funds from their bank accounts.

New cybercrime cartels
In recent times, Mexican law enforcement authorities have nabbed members of organized crime groups like the "Bandidos Revolution Team," whose leader Héctor Ortiz Solares--also known as "El H-1" or "Bandido Boss"--was arrested in 2019. He reportedly recruited highly skilled hackers to create malware for the gang. The gang used a malware that was designed to exploit ATMs and attack Latin American banks. As per media reports, the gang stole millions of dollars through fraudulent transfers affecting several Mexican financial institutions.

"The marriage of violent drug gangs and the underground hacking community is a significant emerging threat as we move into 2020. The two worlds are combining their influence, skills, and experience to achieve common goals, primarily of the financial variety," the report read.

What are the channels leveraged?
Apart from dark web forums, attackers used popular messaging services like WhatsApp, Facebook Messenger, and Telegram to coordinate attacks. This simplified the jobs of threat actors while tricking victims into transferring funds to their accounts.

A new ‘carding’ technique also gains popularity
Besides the increase in phishing attacks, cybercriminals also took advantage of a new type of attack called ‘Carding’. This practice involves the use of stolen credit cards to make fraudulent purchases like to cover hotel bills, airfare bookings, and buying expensive cars.

The criminals advertise that they will pay a bill for customers at a discounted rate. However, once the money is deposited by the victim into the criminals’ accounts at a convenience store, the criminals use stolen cards to pay their own bills.

BINero is another fraud tactic
Another widely discussed method on Spanish-language dark web sites is BINero fraud. The fraud involves cybercriminals using misconfigured bank identification numbers to make fraudulent online purchases through retail sites like MercadoLibre, Amazon, B2W Digital, and Alibaba.