Nikolay Nikiforov, an official spokesperson at Russia’s Ministery of Communications, told SC that investment of crime proceeds in new attack methods is mainly due to a change of priorities by hackers seen in recent years whereby they are no longer solely interested in attacks on the private bank accounts of individuals, but mainly targeting the breach of correspondent accounts of banks.
This view is repeated by Sergey Semenov, deputy director of the Russian Ministry of Internal Affairs department tasked with fighting cyber-crimes, who says that hackers are constantly exploring and designing new technologies and techniques that will allow them to simplify their attacks to make them even more devastating.
For this reason, in recent years hackers have, according to Semenov, become active commissioners of different types of research dedicated to the problems of cyber-safety, usually ordered by them under the guise of legitimate startups or industry analysts.
This information has helped them to conduct massive attacks on the correspondent accounts of banks, as was in the case of the Russian Kuznetsky bank, one of Russia’s leading banks, which suffered from such attacks several weeks ago with losses amounting to 500 million rubles (US$ 20 million).
As Sergei Letevoy, deputy head of the Laboratory of Computer Forensics of IC Group, one of Russia’s leading analyst agencies in the field of cyber-defence told SC, a significant proportion of funds are invested by hackers in the development of high quality malicious codes, as well as further encryption of their programs with the aim of making them invulnerable to anti-virus software.
Among other priorities are the search for and purchase of exploits, expansion of their own botnets by infecting new computers, as well as the expansion of channels to launder stolen funds.
According to officials at the Russian Ministry of Internal Affairs, it is very important to arrest entire hacker groups, as experience has shown that any gang members that remain free will quickly withdraw the funds and take over the scams of the detained hackers.
As Artem Sychev, deputy director of the department of cyber-defence of the Russian Central Bank told SC, in terms of the distribution of profits, a coordinator of a cyber-attack receives about 40 percent of the amount of stolen. Another 30 to 40 percent goes directly to those who withdraw cash from ATMs and send it to the customer. Another 10 percent is paid to so-called «pourer», the person who distributes Trojans and other malicious software to break into banking accounts.
Finally, part of the funds are received by people who are finding ways of accessing stolen funds (withdrawing funds from the cards of victim banks, either legally or illegally). And the malicious software also costs a lot of money, up to US$ 50,000 (£37,000) per program.