The Russian cybercrime underground has evolved to a new level of sophistication and professionalism, with enhanced features such as automation to accelerate sales, as well as translation and anti-spam proof services.
That’s according to Trend Micro’s third report on the country, Russian Underground 2.0, which tracked and analyzed 78 forums – each with as many as 20,000 unique members.
It claimed that traffic-related products and services – like traffic direction systems (TDSs) and pay-per-install (PPI) services – are “the cornerstone of the entire Russian malware industry” because they provide both an increased number of victims and useful C&C information for targeted attacks.
Most recently there have been enhancements in this area, it explained:
“In the carding business, we observe automation in the process of checking cards, seeing their balance, or checking their validity. Everything can be done with one click. Money-laundering schemes are now being offered as well. Criminals offer peers the option to launder money in various ways (buying flight tickets, booking hotels, or renting expensive villas).”
Other new and optimized services include automated shell-script uploading and selling services; professional translation to ensure targeted attacks are successful; anti-spam proofing to bypass filters; and corporate accounts for money laundering, which can start at as much as $50,000.
Trend Micro also spotted parties offering to receive proof-of-identity calls made by banks in the required language; drop-as-a-service offerings which speed the process of cashing stolen credit cards; and the sale of log files from compromised computers in 1GB+ increments.
Prices have also continued to fall on the underground markets, in part because of greater competition, according to the report.
It added:
“Cheaper prices in the Russian underground are in no way a sign of a malfunctioning of the economy. It would even indicate that there’s a lot of business due to low prices. If we compare the Russian underground market with new sales platforms in the Deep Web, it’s still flourishing because entry into other Deep Web locations is very expensive and not every criminal requires the level of anonymity and invisibility it offers. The price of 'buying' access to Deep Web cybercollaboration can cost US$1,000 or more.”
As an example, generic spamming services have dropped from $13 in 2011 to $1-3 in 2014.