Kaspersky Investigation Unit (KIU) has shown that more than 160 Russian hackers from small to large criminal gangs accused of stealing cash using Trojan.
"This estimate is based both on the analysis of public information about the arrests of people suspected of committing financial cybercrime in the period between 2012 and 2015 and on Kaspersky Lab’s own data," Ruslan Stoyanov, chief of the KIU, said.
"Of course, this figure only includes confirmed losses, the details of which were obtained by law enforcement authorities during the investigation. In reality, cybercriminals could have stolen a much larger amount," Stoyanov added.
The security firm has said to have investigated more than 300 online financial attacks since 2013.
Recently, Stoyanov, has said that a hacking group stole US $790 million in three years from the World Bank’s account.
According to Stoyanov, a Russian cyber-crooks group, which includes 20 professional hackers, has stolen $509 million from the individuals and businesses from the U.S., and across the European Union since 2012.
The security experts’ research have suggested that these 20 people play leading roles in criminal activities that involve the online theft of money and information.
Similarly, the hackers have skill sets that mirror legit tech shops, including web designers, programmers, and BOFHs, along with cryptors who obfuscate malware in ways that help it to evade security software.
"Cybercriminal system administrators configure management servers, buy abuse-resistant hosting for servers, ensure the availability of tools for anonymous connection to the servers (VPN) and resolve other technical challenges, including the interaction with remote system administrators hired to perform small tasks," he said.
According to him, employees can be paid as freelancers or permanent staff, and are recruited through forums or in brazen public advertisements that often target underprivileged techs in areas like war-torn Ukraine.
It is said that the small group would buy crime kit like exploit kits and traffic services, while large criminal outfits with a dozen or more heads would do it themselves and target businesses, not just individuals.