There is a Russian outfit called Group-IB. They released a report October 15th which goes into great detail on how Russian cybercrime makes its money. The picture is not pretty but very interesting.
Russian cybercrime raked in $2.5 billion between mid 2013 and mid 2014, and the biggest contributor to that revenue stream was the Target hack. Why? While financial fraud is still a big earner -- accounting for $426 million -- it's being surpassed by the simple buying and selling of credit card data. The carding business brought in a whopping $680 million. Here is a backgrounder on why all this Russian cybercrime.
A short summary of other bad news: ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data that's 10 times more profitable than your average plaintext credit card number.
Sara Peters, Senior Editor at Dark Reading, took apart the new IB-group report and has a good article about it: