March 18, 2016 - Russian banks have lost $25.7 million in the past six months to a new form of malware that infects IT networks and can only be eradicated by a complete infrastructure shut-down.
The "Buhtrap" group delivers its deadly payload from a simple phishing scam that masquerades as a communication from the Central Bank of Russia.
Group IB, which has been tracking the malware, says Buhtrap is the first hacker group using a network worm to infect the overall bank infrastructure, significantly increases the difficulty of removing all malicious functions from the network.
"As a result, banks have to shut down the whole infrastructure which provokes delay in servicing customers and additional losses," says the company.
The worm, which has looted infected banks to the tune of $25.7 million in 13 successful attacks, is now also available from off-the-shelf exploit kits following the publication of the source code on dark Web forums in February.
Group IB says Russian banks' reliance on basic anti-virus security precautions, make them sitting ducks for criminal cyber gangs.
"This group's activity has led to the current situation where attacks against Russian banks causing direct losses in the hundreds of millions of rubles are no longer taken as something unusual," says the firm. "Absolutely all incidents could have been easily prevented. Annual expenditures for effective prevention tools are 28 times lower than the average direct loss from one targeted attack."