Kaspersky Lab today revealed that cybercrime organizations are increasingly stealing funds from banks by employing many of same Advanced Persistent Threat tools and tactics that previously were only attributable to nation-states.

In a press release, Kaspersky detailed three separate, highly coordinated schemes — all of which employ different mixtures of malware, legitimate programs and pentesting tools to achieve their goals.

The cybercriminal group Metel has found a way to compromise banking systems in order to surreptitiously “roll back” ATM transactions, as if they never happened. This way, a debit card's balance always appears to stays the same, despite multiple withdrawals.

Another criminal operation, GCMAN, has discovered a way to infiltrate banking systems using only legitimate tools such as Putty, VNC and Meterpreter utilities, in order to transfer money to e-currency services without detection.

The APT known as Carbanak has returned as Carbanak 2.0, targeting not only banks, but also the budgeting and accounting departments of various organizations.