The Russian hacking industry brought in $2.5 billion between mid 2013 and mid 2014, thanks in large part to the Target breach, according to a report released by Group-IB.
ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data that’s 10 times more profitable than your average plaintext credit card number.
Also, while financial fraud is still a big earner — accounting for $426 million — it’s being surpassed by the simple buying and selling of credit card data. The carding business brought in $680 million.
All of this is evidence of the growing sophistication of the Russian cybercrime industry. (Group-IB defines this as “the market of computer crimes committed by Russian citizens, by citizens of the [countries in the Commonwealth of the Independent States, created when the Soviet Union was dissolved] and the Baltic states, as well as by citizens of other countries from the former Soviet Union.”) As the report describes it:
The market for stolen credit card data in the last 10 years has finally been structured and now features mass automated distribution channels in the form of electronic trading platforms.