New research on money-stealing hackers shows they are expanding their reach — and looking more like an international mafia.
The cybersecurity experts at Dell SecureWorks track banking botnets, the massive networks of infected computers that steal victims’ bank logins and empty their checking accounts.
In 2015, the most vicious viruses expanded to also target warehouses and shipping companies, according to SecureWorks’ latest report.
The report, which CNNMoney got an exclusive look at this week, found banking botnet malware is targeting warehouses in New York, the United Kingdom, Romania and Latvia. They also found it aimed at shipping companies in Australia, the United Kingdom and the United States.
It could be a sign that hackers are creating a channel to launder their stolen money and goods. That’s the running theory by Pallav Khandhar, a senior threat researcher at SecureWorks.
“They want to buy expensive stuff using the money they already stole. But then they need to move that stuff from one location to another,” Khandhar said.
“You can say they’re turning into an international mafia,” Khandhar said. “They’re spreading their wings. They’re not just going after banks or bank users. These guys are going after everyone now.”
High-powered computer viruses with names like Dridex, Dyre and Gozi are typically found on unsuspecting computers at homes and businesses. They spy on users, waiting to grab online banking credentials and send them back to hacker mafias.
The hackers — typically based in Eastern Europe and Russia — wire funds out of hijacked banks accounts. With the stolen cash, they buy online electronics and luxury clothing, which are later resold for cash.
The vast majority of cybercriminals’ stolen goods — 85% to 91% — end up in Moscow, according to a recent study by University of California Santa Barbara professor Giovanni Vigna and others. Most of the rest is delivered to Ukraine or elsewhere in Russia, the study found.
It is an estimated $1.8 billion a year business.
Several cybersecurity researchers agreed with SecureWorks that the infiltration into warehouses and shipping companies is probably an intentionally smart move by criminals.
“Shipping firms make for excellent laundries for stolen goods,” said Dan Kaminsky, chief scientist of the botnet-detecting cybersecurity firm White Ops.
Others, however, say the hackers’ motives aren’t clear.
It’s possible that shipping firms and warehouses are just an easier target with corporate bank accounts to pilfer, said Brian McHenry, a cybersecurity expert with F5 Networks.
Another theory is that these hackers are just breaking into anything they can.
“Don’t overestimate the criminals. Nobody is sitting there with a master plan. It’s more likely just opportunistic,” said cybersecurity consultant Davi Ottenheimer.
Either way, it’s trouble. This shows hackers are infiltrating the global business supply chain — a place where hackers “can wreak a lot of havoc,” said FireEye(FEYE) analyst Meg Molloy.