Russian Financial Cybercrime

Uploaded on 2015-12-04 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial, INTELLIGENCE-Hot Spots-Russia, NEWS-News Analysis

Many Shapes & Forms of Cybercrime Facilitated by Highly Developed Skills and Connectivity

The Russian-language cybercrime market is known all over the world. By ‘Russian-language market’ we mean cybercriminals who are citizens of the Russian Federation and some former USSR countries, predominantly Ukraine and the Baltic states. 

Russian Cyber Crime's Top Flight 'Stole $790m'
 
A 20-strong group of Russian cyber criminals have made $790m (£520m) over three years by emptying bank accounts around the world, it has been claimed.

Security firm Kaspersky said the gangs primarily target businesses and individuals in the US and Western Europe, however people in former Soviet Union states have also lost cash.

Kaspersky investigation unit boss Ruslan Stoyanov said that the Russian criminal underground is thriving and has, 1,000 new cyber-gang recruits in the last three years.

He pointed out that the new sign-ups vastly outnumber those arrested - which he puts at around 160, based on official crime figures.

But Mr Stoyanov - who used to work for the Kremlin's cyber crime unit - said that while thousands are involved in cyber crime there is a small group of 20 who represent the top flight of professional hacking.

This elite group of criminals is making hundreds of millions of dollars by running their crime operations with the sophistication of a legitimate business.

He said: "Cybercriminal system administrators configure management servers, buy abuse-resistant hosting for servers, ensure the availability of tools for anonymous connection to the servers (VPN) and resolve other technical challenges, including the interaction with remote system administrators hired to perform small tasks."

He said the staff were sometimes recruited using public advertisements in underprivileged areas like war-torn Ukraine.

Mr Stoyanov pointed out that his analysis of the size of Russia's cybercrime problem could be conservative. He said: "This estimate is based both on the analysis of public information about the arrests of people suspected of committing financial cybercrime in the period between 2012 and 2015 and on Kaspersky Lab’s own data.

"Of course, this figure only includes confirmed losses, the details of which were obtained by law enforcement authorities during the investigation. In reality, cybercriminals could have stolen a much larger amount."

Why is this market known worldwide?

There are two main factors why this is now known globally: the first of these is frequent global media coverage of the activity of Russian-language cybercriminals. The second is the open accessibility of online platforms used by the cybercriminal community for communications, promoting a variety of “services” and “products” and discussing their quality and methods of application, if not for making actual deals.

Over time, the range of “products” and “services” available through this underground market has evolved, becoming more focused on financial attacks, and with an ever-increasing level of sophistication. One of the most common types of cybercrime was (and still is) the turnover of stolen payment card data. With the emergence of online stores and other services involving e-payment transactions, DDoS-attacks and financial cybercrime have become especially popular with the fraudsters whose main targets are users’ payment data or the theft of money directly from user accounts or companies.

Attacks on users’ and companies’ e-wallets were initiated by the Trojan ibank in 2006; then came ZeuS (2007) and SpyEye (2009) followed by the groups Carberp (2010) and Carbanak (2013). And this list is incomplete; there are more Trojans out there, used by criminals to steal users’ money and data.

With online financial transactions becoming more common, the organizations supporting such operations are becoming more attractive to cybercriminals. Over the last few years, cybercriminals have been increasingly attacking not just the customers of banks and online stores, but the enabling banks and payments systems directly. 

According to Kaspersky Lab, between 2012 and 2015, law enforcement agencies from a number of different countries, including the United States, Russia, Belarus, Ukraine and the EU arrested over 160 Russian-speaking cybercriminals who were members of small, medium-sized and large criminal groups. They were all suspected of being engaged in stealing money using malware. The total damage resulting from their worldwide activity exceeded $790 million dollars. 

Of this sum, about $509 million dollars was stolen outside the borders of the former USSR. Of course, this figure only includes confirmed losses, the details of which were obtained by law enforcement authorities during the investigation. In reality, cybercriminals could have stolen a much larger amount.

The exact number of groups operating across Russia and its neighboring countries is unknown: many of those involved in criminal activities participate in several thefts and then, for various reasons cease their activity. Some participants of known but apparently disbanded groups continue their criminal activities as part of new groups.

Unlike the real world, a robbery in cyberspace usually goes unnoticed and there is a very small window for collecting digital evidence after the crime. Further, criminals have no need to stay in the country where the crime is committed.

Unfortunately, for Russian-speaking cybercriminals current conditions are more than favorable: the risk of prosecution is low while the potential rewards are high. As a result, the number of crimes and the damage caused by them is growing, and the market for cybercriminal services is increasing momentum.

Security Affairs: http://bit.ly/1lTGhS2
Sky: http://bit.ly/1PLwjys
Securelist: http://bit.ly/1XamtFf

 

« Cyber Threat From Within
Cyber Security Firm Tanium Raises New Capital At $2.5billion Valuation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.