Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next.
Criminals stole nearly $44 million directly from Russian banks in the last half of 2015 and the first half of 2016, according to Dmitiry Volkov, co-founder and head of threat intelligence at Moscow-based Group-IB.
That was up 292 percent from the same period a year earlier. Direct, targeted attacks against banks now account for 45 percent of all bank-related cybercrime in Russia.
Meanwhile, thefts from individual online banking accounts went down 83 percent, to $0.1 million, and thefts from business bank accounts fell 50 percent to $17 million.
According to Volkov, criminals first develop their malware for the market they know best, then a combination of factors drives them to expand overseas.
Those factors include increased government prosecution and better banking security.
"And, since 2014, we have had a financial crisis in Russia," he added. "The ruble isn't worth as much as it did three or five years ago, and hackers earn less money from their activity in Russian territory. They want to get dollars or euros, not rubles -- the financial crisis helped protect Russian citizens."
Russian criminals began going after bank accounts in the U.S., Canada, Europe, and other countries.
Meanwhile, back in Russia, they began working on the next generation of attacks, directly targeting internal bank operations such as Swift and ATM management systems.
These kinds of attacks started showing up in 2013, and this year, they've gone global.
For example, this summer, a Ukrainian bank was hit for $10 million via its Swift network, according to the Information Systems Audit and Control Association, part of a broader attack against several banks in both Ukraine and Russia that netted hundreds of millions of dollars.
Another attack targeted the ATM networks of Alfa Bank in Belarus. And last spring's $81 million Bangladesh central bank heist, which used similar techniques, may also have been carried out by a Russian group.
"It is very hard to do attribution," Volkov said. In the case of the Bangladesh bank, original reports put the blame on North Korea, but later reports suggested that Russian-speaking hackers were also involved in the attacks.
Banks aren't sharing detailed information about how the attacks actually took place, he said, so it's hard to tell who exactly did what.
"The most recent wave of attacks against foreign banks happened just last week," he said, though he added that he could not share more information about the Russian cybercriminals involved.
Sign up for Computerworld eNewsletters.