An interesting article recently written by IDG journalist Loek Essers explains that the Russian mob has taken control of the Russian-speaking cybercriminals syndicate. It is not clear how this number has been collected or considered, but it is crudely estimated that Russian cybercriminals earned $4.5 billion in 2011. So when clients wonder why machines get infected, this may be a glimpse into the reason why infections continue to occur.
It is important to understand that infecting machines have different values to different cybercriminals. The Russian-speaking mafia is very clear and defined in their goals and purpose. Other groups that try to attack American Corporations have been very open to their intent and often use computers to collectively attack websites. It is not clear if these groups utilize and rent use of Russian mafia infected and controlled machines, or not.
Russian cybercriminals earned $4.5 billion in 2011
Russian mafia took control and professionalized online crime in 2011, researchers say
By Loek Essers
April 24, 2012 12:07 AM ET
IDG News Service – Russian-speaking hackers earned an estimated $4.5 billion globally using various online criminal tactics and are thus responsible for 36% of the estimated total of $12.5 billion earned globally by cybercriminals in 2011, Russian security analyst firm Group-IB said in a report published on Tuesday.
In the report, Group-IB differentiates between cybercriminals living in Russia and Russian-speaking cybercriminals, who include citizens of the countries of the former Soviet Union and other countries. In the 28-page report the researchers estimate that the total share of the Russian cybercrime market alone doubled to $2.3 billion, while the whole Russian-speaking segment of the global cybercrime market also almost doubled, to $4.5 billion. The researchers noted that the Russian-speaking segment of the global cybercrime market traditionally encompasses twice the amount of the Russian segment.
The Group-IB analysts highlighted general trends in the development of online crimes in 2011. The market was embraced by traditional organized crime groups that are trying to control the entire theft process, which led to the merging of two criminal worlds and a refocusing of the Russian mafia’s traditional emphasis on crimes such as drug and arms trafficking to cybercrimes, according to the report. This could lead to “an explosive increase of attacks” on the financial sector, the researchers warned. Online banking fraud is one of the fastest growing segments of cybercrime, with a big increase in 2011, Group-IB said.
The cybercrime market has consolidated, with the rise of several major groups that operate on a consistent basis. These groups are also linking up and working together, sharing compromised data, botnets and financial scams, Group-IB noted. Also, more non-technical criminals tried their luck in cybercrime, leading to an increase of outsourcing services such as consulting, training, and the sale of malware and exploits, Group-IB said. All these trends lead the researchers to conclude that “the Russian cybercrime market is experiencing a period of dynamic transition from a quantitative state to a qualitative one, moving away from the chaotic model of the development of the cybercrime world.”
Online banking fraud, phishing attacks and the theft of stolen funds increased within Russia and was the largest area of cybercrime, amounting to an estimated $942 million, followed by spam at an estimated $830 million and $230 million estimated as the amount paid by cybercriminals for technical services. In Russia, there is also a trend in targeting individuals rather than financial institutions for online banking fraud, and criminals mainly used Web-inject technologies and Trojan programs to lead users to phishing sites.
Group-IB also noted a sharp increase in politically motivated Distributed Denial of Service (DDoS) attacks that were used to black out blogs, forums and media sites in Russia around the presidential elections, though the main targets of those types attacks were usually online stores. The researchers noted that the strength of DDoS attacks in Russia weakened in 2011 compared to 2010, with botnets used typically using no more than 10,000 nodes for attacks.
In order to fight the increase in cybercrime, Group-IB proposed to increase penalties and change existing law enforcement practices by educating law enforcement officials on cybercrime investigation techniques. According to the firm, Russian laws are critical in battling global Russian cybercrime. Although there has been progress, there is room for improvement, the group said.
Also suggested by the researchers is increasing international cooperation via the U.N. and clarifying terms as “botnet” in new laws to make them more applicable to the current online crime environment.
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org