14 DAY TRIAL // Max Goncharov, a member of Trend Micro’s Forward-Looking Threat Research team, has published a new whitepaper on the Russian cybercrime underground. This is Goncharov’s second paper on this topic, the first, “Russian Underground 101,” being published back in 2012.
The report reveals some interesting details about the Russian underground and the services it offers. When it first emerged in 2004, the underground market was a place where Russian cybercriminals exchanged information with one another.
However, it slowly evolved into a market where criminals sell and purchase everything that’s needed to carry out a malicious cyber operation. There is a wide range of services and products being offered, actors in the Russian underground being specialized in selling traffic direction systems (TDSs), and pay-per-install (PPI) services.
Since some services and products are not as good and reliable as they’re advertised, sellers and buyers increasingly rely on escrows or “garants.” These are third parties that get 2-15% of the sales price in return for ensuring the safety of both the seller and the buyer.
Underground websites can have tens of thousands of unique members. These members rely on various methods (Tor and VPNs) to stay anonymous. They’re only identified based on their nicknames and ICQ numbers.
The Russian underground is just like any other business. The prices for products and services vary depending on demand and supply. For instance, now that cybercriminals have come up with efficient ways of stealing payment card data, the price of credit and debit card records has been decreasing over the past years.
The situation is the same with stolen accounts. For example, the price of stolen Facebook accounts has halved between 2011 and 2013. On the other hand, there are some types of accounts for which experts haven’t observed any significant changes (e.g. Gmail, Hotmail and Odnoklassniki).
“Even though the prices of most products and services sold in the Russian underground market have been decreasing, that does not mean that business is not doing well for cybercriminals. It can even mean that the market is growing, as we see more and more product and service offerings as time passes,” Goncharov explained in his paper.
“Cybercriminals, like legitimate businesspeople, are also automating processes, resulting in lower product and service prices. Of course, ‘boutique’ products and services remain expensive because these involve specialized knowledge and skills to develop that only a few bad guys have.”
The complete “Russian Underground Revisited” paper is available on Trend Micro’s website.