Experts working in Kaspersky Lab’s Computer Incidents Investigation Department (CIID) have spent the last three and a half years investigating more than 330 cybersecurity incidents affecting government and private-sector organisations. Their findings reveal that more than 95% of these incidents used malicious software, often successfully, to steal funds.
Details of this discovery and other key findings have now been compiled into a Kaspersky Lab report, “The Russian cybercrime underground: How it works.”
The report estimates the damage caused to businesses by Russian-speaking cybercriminals who have been arrested in the last few years. It also includes an overview of products and services offered on the Russian underground market, and explains the structure of a typical Russian cybercrime gang and the main roles of its participants.
The report shows that between 2012 and 2015, law enforcement agencies in different countries arrested more than 160 people from Russia and its neighbouring countries, all suspected of conducting financial cybercrime around the world. The estimated damage caused by their activity exceeds $790 million dollars. If this is combined with the damage caused by the infamous Carbanak gang (which has not yet been arrested), the amount of stolen money would be more than $1,7-billion dollars. More than $500-million of this was stolen from countries that were not formerly part of the USSR.
Kaspersky Lab experts estimate that during the last three and a half years, nearly 1 000 people from Russia and neighbouring countries were involved in cybercriminal activity. Evidence suggests that there are fewer than 20 gang “leaders”, and most of them have yet to be caught.
Currently, Kaspersky Lab is actively investigating five large cybercriminal groups involved in stealing money using malicious software. All five of these groups are still active, and were discovered by Kaspersky Lab researchers in 2012 and 2013. Each numbers between 10 and 40 people, depending on the group. At least two of the groups are actively targeting organisations in Russia and neighbouring countries but also in the US, UK, Australia, France, Italy and Germany.
“Unlike other local cyber-undergrounds – for example, in Brazil – enterprising Russian-speaking cybercriminals don’t just focus on local targets,” says Ruslan Stoyanov, director of computer incidents investigation department at Kaspersky Lab. “They are an international problem and we think that the scale of the threat will only continue to grow.
“With the recent devaluation of the ruble, Russian cybercriminals have a greater incentive to shift their attention away from local targets towards foreign ones where they see an opportunity for greater illicit gains. We expect to see a rise in attacks against organisations located far away from Russia. The only way to fight cybercrime effectively is for law enforcement agencies, IT security experts, and representatives from the financial sector to join forces.
“Kaspersky Lab’s experience tracking and combating the Russian cyber-underground is unparalleled,” he adds. “Our experts detect emerging malicious trends long before they become widespread and we are leveraging this experience to combat the spread of Russian cybercrime worldwide.”