The Shocking State of Cybercrime in Russia
INFOSEC Institute: The highest numbers of cybercrime victims are located in Russia, China and South Africa.
Stolen Credit and Debit card constitute over $680 million in Russia Cybercrime market according to Group IB – a leading company in fraud prevention, cybercrime and hi-tech investigation. The Group released their annual report on Wednesday detailing the state of the Russian High-tech crime market in 2014.
Generally, the annual report gives a comprehensive assessment of “what, where and how of high-tech crime, naming which individuals and criminal groups are behind what crimes, where they originate and who they target.” Says Group IB. “It also details how specific cybercrime practices function, including fraud, banking information theft and malware infections.”
“With recent cybersecurity events such as the leaks at JPMorgan, Home Depot, Target and others, it pays to know which threats matter and where to best allocate security resources,” says Ilya Sachkov, CEO at Group-IB. “Having solid information on the exact nature of cybercrime attacks, and knowing the vulnerabilities that criminal target and exploit, is invaluable to protecting personal and corporate data. Our report provides readers with the knowledge to make smart security decisions”.
It is not a surprise that security analysts think “Russian-speaking hackers are still one of the most important origins of global high-tech crime trends.” A look at Russian market for stolen card in reveals a well-structured illegal market, complete with wholesalers and fully functional trading platforms. That implies that criminals shop for stolen credit and debit card information as if they were purchasing goods on eBay or Amazon. Group IB’s report revealed that illegal trading platform know as SWIPED has uploaded details of over five million stolen cards. Majority of the card were reportedly stolen form Target – a retail chain breached last year and supplied by a notorious criminal known as REscator.s
Apparently hackers in Russia use bitcoins for illegal payments. The report points out that over 80% of payments on SWIPED are made using bitcoins with other crypto currencies slowly catching up. Crypto currencies are also popularly used in shadow internet shops to purchase goods such as drugs, weapons and stolen information.
Group IB also reported the use “malware-based botnets to mine bitcoins” was on an upward trend. Botnet renting services such as SkyShare are gaining wide popularity in the Russian market. Stealing from cryptocurrency wallets using Trojans has also become more sophisticated and common.
Threats related to mobile banking were on a rising trend. Group IB pin pointed five criminal gangs that were using Trojan horses to infect android phones and steal banking information using SMS banking and phishing websites. Hackers were also using malware to read texts, eavesdrop on conversations and track victims’ location using GPS Locators. “The scale of these thefts is limited only by the manual nature of the activity,” according to security experts.
A look at the banking fraud revealed , that hackers in Russia were making a kill by reprogramming ATM machines either physically or by infecting the network with malicious scripts that corrupts the machines to pay larger values notes than they should. In other cases the malicious scripts collects PIN numbers and card numbers used on the compromised machines. The details are later used to withdraw from the accounts. The Group IB report reveals that one group stole over $1.2 million using the method.
Meanwhile, Online banking fraud has reduced significantly from $615million last to a record $425 million .The report shows that the number of Russian Speaking groups involved in online fraud a had reduced from 8 to 5 in one years’ time. Two of the group’s allegedly moved to foreign targets while one was disbanded by law enforcement agencies.
More worrisome is the rise in spam fraud. Group IB reported over 10,000 new online stores selling pharmaceuticals, fake products and software. Majority of spam shops were selling fake unlicensed pharmaceuticals. The stores collude with legitimate sellers to circumvent international payments rules prohibiting payment of unlicensed medical supplies. The spam Fraud is worth a whopping $841 million according to the report.
The reports revealed Russian hackers were skimming past botnets in favor of more sophisticated DNS/NTP amplification attacks, which provide powerful attacks at a lower cost. Group IB recorded lower DDos attacks on government websites compared to the same period last year. DDoS attacks on banks and payment systems were on the rise.
The Group IB report clearly shows, cybercrime in Russia is on its own level, with an estimated annual turnover of more than $2billion a year. Other reports have pinpointed Russia as the source of at least a third of the world most deadly virus, Trojan and Malicious malwares. “In terms of sophisticated types of malware, Russia leads the way,” says Kyle Wilhoit, an American cyber-security expert.
The Russian government is partly to blame for the booming cybercrime industry. Wilhoits says Russia has an unlimited number of organized cybercrime gang who enjoy some level of protection when it comes to cybercrime. “Hackers only really get prosecuted when they attack targets inside Russia,” concludes Wilhoit.
