The Russian-language cyber-crime market is growing at an alarming rate, according to a new report released by Kaspersky Labs.
According to the report, Russian Financial Cyber-Crime: How It Works, by Kaspersky’s chief investigator, Ruslan Stoyanov, law enforcement teams from around the world have arrested over 160 Russian-speaking cyber-criminals since 2012. However, “Russian-language market” cyber-crime groups—citizens of the Russian Federation and some former USSR countries, predominantly Ukraine and the Baltic states—have recruited up to 1,000 new ‘employees’ over that same time period. Although the exact number of cyber-crime gangs working across the region is unknown, Kaspersky Lab revealed that these groups involve around 20 people on average. This includes those involved in the creation of infrastructure, those writing and distributing malware code, as well as those involved in related criminal activity.
The cyber-crime underground is flourishing and primarily motivated by making money, with approximately 95% of the incidents involving the theft of money or financial information. The report claims that these Russian-language market cyber-crime groups have been responsible for attacks that have claimed more than $790 million over the past three years—most of which ($509m) was stolen from outside the former USSR. Unfortunately, this figure could be merely the tip of the iceberg. The dollar totals only include confirmed losses, and the details of actual cyber-attacks may amount to much larger dollar amounts.
Over time, the range of “products” and “services” available through this underground market has evolved, and with an ever-increasing level of sophistication. One of the most common types of cyber-crime is the turnover of stolen credit card data. Online financial transactions are more common, and as a result retailers and other organizations are becoming more attractive and more vulnerable to cyber-attacks. With the emergence of online retail stores and other e-commerce transactions, cyber-attacks have become especially popular with the fraudsters whose primary targets are users’ payment data or the theft of funds directly from user accounts.
According to the study, the cyber-crime market is typically comprised of a set of “products” and “services” used for various illegal activities in cyber-space.
The “products” would include:
• Software designed to gain unauthorized access computers or mobile devices in order to steal data
• Software designed to take advantage of vulnerabilities in the software installed on a victim’s computer
• Databases of stolen credit card data and other valuable information
• Internet traffic (a certain number of visits to a customer-selected site by users with a specific profile.)
The “services” would include:
• Spam distribution;
• Organization of DDoS attacks that overload sites with requests to make them unavailable to legitimate users
• Testing malware for antivirus detection;
• “Packing” of malware (changing malicious software with the help of special software (packers) so that it is not detected by antivirus software);
• VPN (providing anonymous access to web resources, protection of the data exchange);
• Evaluation of stolen credit card data;
• Services to validate the data (fake calls, fake document scans)
• Promotion of malicious and advertising sites in search results
• …and many other services
All of these “products” and “services” are bought and sold in various combinations in order to enable five primary types of cyber-crimes. These types can also be combined in various ways depending on the criminal group:
• DDoS attacks (ordered or carried out for the purpose of extortion);
• Theft of personal information and data to access e-money (for the purpose of resale or money theft);
• Theft of money from the accounts of banks or other organizations;
• Domestic or corporate espionage;
• Blocking access to data on the infected computer for the purpose of extortion;
As we head into the holiday season, retailers must be diligent and focused in their data security efforts, and all employees must follow established policies and protocol to protect this critical information. Retailers aren’t the only ones gearing up for the holidays, and it is essential that we take the necessary steps to protect our customers and our business.
This article was published in 2015 and updated in May 2016.