According to a new paper from researchers Group IB, the Russian ‘Buhtrap' hacking group, which specialises in attacking financial institutions, have earned at least £17.8 million ($25.7 million) in raids against banks in Russia.
Using emails that were made to look like they were from the Central Bank of Russia and offered employment to their recipients, the emails were an attempt to deliver Trojan.Ratopak onto the target's computer. Symantec says that targeted emails using finely crafted social-engineering tricks have become commonplace, with an increasing number targeted at employees of financial institutions.
According to Group IB, Buhtrap has been known to use simple but effective attacks since 2014, where they were the first to use a worm to infect large parts of banking infrastructure which makes the attacks noisy but hard to completely disinfect.
In Group IB's report, researchers stated that direct successful malware attacks against banks are no longer rare - with criminals stealing £17.9 Million ($25.7) between August and February in 13 attacks against Russian banks - and the attacks are now spreading to financial institutions in the Ukraine.
Group IB says each bank which suffered an attack could have prevented the attacks if they were more security savvy, adding that a single attack would outweigh the cost of having proper security procedures in 28 times over. This is perhaps in response to the fact that Buhtrap initially compromised users by distributing legitimate software that was modified to contain malicious code.