The IT security product company Kaspersky Lab reports that its Computer Incidents Investigation Department (CIID) has spent the last three and a half years investigating more than 330 cybersecurity incidents affecting government and private-sector organisations. They say that more than 95 per cent of these incidents used malicious software, often successfully, to steal funds. Details of this discovery and other key findings have now been compiled into a report, “The Russian cybercrime underground: How it works.”
The report estimates the damage caused to businesses by Russian-speaking cybercriminals who have been arrested in the last few years. It also includes an overview of products and services offered on the Russian underground market, and explains the structure of a typical Russian cybercrime gang and the main roles of its participants. The main findings of the report are:
Between 2012 and 2015, law enforcement agencies in different countries arrested more than 160 people from Russia and its neighbouring countries, all suspected of conducting financial cybercrime around the world.
The estimated damage caused by their activity exceeds $790 million dollars. If this is combined with the damage caused by the infamous Carbanak gang (which has not yet been arrested), the amount of stolen money would be more than $1.7 billon dollars.
More than $500 million of this was stolen from countries that were not formerly part of the USSR. Kaspersky Lab estimates that during the last three and a half years, nearly 1,000 people from Russia and neighbouring countries were involved in cybercriminal activity. Evidence suggests that there are fewer than 20 gang “leaders” and most of them have yet to be caught.
Kaspersky Lab is actively investigating five large cybercriminal groups involved in stealing money using malicious software.
All five of these groups are still active, and were discovered by Kaspersky Lab researchers in 2012 and 2013. Each numbers between ten and 40 people, depending on the group. At least two of the groups are actively targeting organisations in Russia and neighbouring countries but also in the USA, Great Britain, Australia, France, Italy and Germany.
Ruslan Stoyanov, Director of Computer Incidents Investigation Department at Kaspersky Lab, said: “Unlike other local cyber-undergrounds – for example, in Brazil – enterprising Russian-speaking cybercriminals don’t just focus on local targets. They are an international problem and we think that the scale of the threat will only continue to grow. With the recent devaluation of the rouble, Russian cybercriminals have a greater incentive to shift their attention away from local targets towards foreign ones where they see an opportunity for greater illicit gains. We expect to see a rise in attacks against organisations located far away from Russia. The only way to fight cybercrime effectively is for law enforcement agencies, IT security experts, and representatives from the financial sector to join forces. Kaspersky Lab’s experience in tracking and combating the Russian cyber-underground is unparalleled. Our experts detect emerging malicious trends long before they become widespread and we are leveraging this experience to combat the spread of Russian cybercrime worldwide.”
The full report is available at Securelist.com.
