Snippet: As if the nearly $44 million that Russian cybercriminals stole from banks in their own country between June 2015 and June 2016 weren’t enough, these fraudsters seem to be moving on to greener pastures abroad. Stealing directly from banks as well as from individual online accounts, Russians have started targeting the rest of Europe – and the rest of the world.

As if the nearly $44 million that Russian cybercriminals stole from banks in their own country between June 2015 and June 2016 weren’t enough, these fraudsters seem to be moving on to greener pastures abroad. Stealing directly from banks as well as from individual online accounts, Russians have started targeting the rest of Europe – and the rest of the world.

Crime and (no) punishment

Since January, for example, the malware Odinaff has been used in attacks on, among other countries, Hong Kong, Australia, and the United Kingdom. Experts suspect that the Eastern European Carbanak cybergang are behind the Odinaff assault, given both the gang’s modus operandi, to which Odinaff conforms, and the fact that Odinaff has been traced to specific command and control servers and IP addresses known to be used by Carbanak. Carbanak are most (in)famous for their two-year spree (2013–15) in which they stole up to $1 billion dollars from a hundred banks in 30 countries.

Meanwhile, the trojan named Qadars has been bypassing banking users’ two-factor authentication (2FA) mechanisms by attacking their mobile devices. Since its inception in 2013, the malware has targeted banks in France, the Netherlands, Australia, Canada, and the United States. According to IBM X-Force, Qadars was almost certainly developed in Russia.

Bearing the brunt

Banks are not the only institutions being targeted. In August of this year, the Russian hacktivist group Fancy Bear gained access to the databases of the World Anti-Doping Agency (WADA) and revealed the confidential drug test results of several Olympic athletes. The same Fancy Bear is believed to have been behind the attacks on the White House and NATO last year, and on the US Democratic National Committee and Clinton campaign staff members earlier this year.

Russia is also a popular source of hacking tools for small-scale cybercriminals. One of CheckPoint’s ten most prevalent malware for September 2016 was the Blackhole exploit kit, designed around 2010 by a Russian hacker named Dmitry “Paunch” Fedotov. Because Blackhole can be rented out to fraudsters as crimeware-as-a-service, it is still in active global use despite the fact that its owner has been in a corrective labor colony since his arrest in April of this year.

Subscribe to our blog.


Jolette Roodt

WRITER/ANALYST

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.