Group-IB Threat Intelligence Report 2012–2013 H1, a must read

Pierluigi Paganini September 11, 2013

Group-IB Threat Intelligence Report 2012–2013 H1 is an excellent analysis on the state and dynamics of today’s market of computer crimes and cyber threats.

Group-IB has recently issued an interesting report titled “Group-IB Threat Intelligence Report 2012 – 2013 H1” on the state and dynamics of today’s market of computer crimes and current cyber threats for the year 2012 and first quarter of 2013. Group-IB is one of the leading international companies that specialize in preventing and investigating high-tech cyber crimes and fraud.

The security firm conducted the investigations supported by experts from computer incidents response center CERT-GIB.  This document examines current information security threats with a look to the trends in the cybercrime ecosystem and providing forecasts for near future (2014-2015).

The Group-IB Threat Intelligence Report starts with an impressive numerical estimation of various cybercrime segments where Russian-speaking criminal groups are actively present.

Russian MArket size Group-IB Threat Intelligence Report


According to Group-IB, there was an average of 44 thefts carried out from online banking systems in 2012.

“The Bank of Russia reports4 that 7870 incidents were recorded in banks in the second half of 2012 alone. Of these incidents, 43.1% were related to illegal transfer of funds via Internet banking. Having said that, the Bank of Russia claims that an average of 28 thefts are committed daily.” states the Group-IB Threat Intelligence Report.

The overall cybercrime market reduced by 6% in 2012, despite it’s texture is in continuous movement, mainly caused by a drop in online bank theft due:

  • Successful operations aimed at dismantling criminal groups
  • Deployment of antifraud solutions by banks
  • Information sharing
  • The emergence of new criminal groups was not able to cause significant growth in this market.

The investigation revealed that the average amount stolen from the bank account of a legal entity in 2012 was 2.5 million rubles, and it is a conservative estimate because real figure is nearly 1.64 million rubles (($54,700) .

During 2012 Group-IB systems recorded a daily average of 150 DDoS attacks in Russia, analyzing principal hacking forum that offers attacks as service the researchers estimated that the average price of DDoS attacks is $100 per day.

But Russian underground is very popular for rent and sale of exploiting packs, an activity that produces earns fro $51.84 million for to cybercrime market.

The Group-IB Threat Intelligence Report contains an entire section on attacks against financial institutions, the experts remarked that the principal problems for the banking are a very low level of security and the habits to hide some incidents where their systems have been compromised or data leakage.

The analysis on vulnerabilities of web applications obtained by Group-IB in the course of providing services on information security audit and penetration testing in the year 2012 revealed that no critical direct web application vulnerabilities were found in 28% of sites investigated, but in 47% of the cases the access to the application data was gained exploiting flaws in third-party software application.

Principal caused of incidents are:

meanwhile principal attach methods used by attackers are

  • Cross-site scripting (XSS);
  • SQL Injection;
  • Cross-site Request Forgery (CSRF);
  • Path Traversal Attack;
  • PHP (Code) injection.

Web App Flaws Group-IB Threat Intelligence Report

Attack vector Group-IB Threat Intelligence Report



The availability on the underground market of source code of malware such as Carberp and ready-to-use web inject packs to be used against hundreds of European, US and Russian banks expose financial institutions to serious risks if they will not implement proper countermeasures. The Group-IB Threat Intelligence Report is full of examples of code used in the attacks, a mine of information for specialists and passionate in the matter.

The study documents also other emerging activities of criminal landscape such as the hackers’ interest in trading systems and impairment of POS terminals.

The document also includes two dedicated sections to describe the activities in dismantling criminal groups and developing laws on combating computer crimes. I found this aspect very intriguing and useful to better understand how researches conducted by security firms are used for real crime persecution and which are the limits of actual law framework for cybercrime.

The Group-IB Threat Intelligence Report is one of the best document I have seen due to the information provided and the organization of the topics … it is a read not to be missed!

Pierluigi Paganini

(Security Affairs – Group-IB Threat Intelligence Report, cybercrime, Group-IB)

you might also like

leave a comment