Evolution of the Russian underground offer

TrendMicro has published an excellent study on the evolution of the Russian underground, detailing products, services and related prices.

Max Goncharov has published a new interesting study on the Russian Underground, titled Russian Underground Revisited, one year after the previous report “Russian Underground 101”. Trend Micro report continues its analysis of the services and products offered by cyber criminals in the most prolific black market, the Russian underground.

As observed by Goncharov, toolkits are becoming more available and cheaper on the black market, the products are even richer of features to advantage the work of cyber gangs. Russia, China and Brazil are the countries where underground forums are more productive.

The number of Russian underground forums is increasing year after year, some popular are becoming very popular such as verified.su and ploy.org, which have reached hundreds of unique members.

Particular attention is reserved to the Deep Web, which provides the optimal environment to sell products in total security and anonymity for cybercrime. We saw in the last month a growing number of activities exploiting hidden services in Tor Network to propose new back markets, hacking forums or resources to hide Command and Control infrastructure to make the botnet more resilient.

The paper is divided into the following five sections:

  • 1- Introduction to the Russian underground market, in which are analyzed the products and services proposed in the market.
  • 2 – Differentiation of Russian underground market with other dark underground ecosystems
  • 3/4 – Detailed descriptions of the most common products and services.
  • 5 – Pricing information.

The Russian underground market is consolidating the model of sale known as malware-as-a-service, a growing number of illicit products and hacking activities are available for rent. Like every market, also Russian underground has its own specialty, the sale of TDSs and traffic direction and PPI services.

“In fact, traffic-related products and services are becoming the cornerstone of the entire Russian malware industry, as buying Web traffic can not only increase the cybercriminal victim base, sifting through the traffic stored in botnet command-and-control (C&C) servers can also help threat actors find useful information for targeted attacks.” states the report.

The report explicitly refers also the importance of the role of third parties which offer escrows service to guarantee buyers and sellers.

“When buying and selling stolen credit card credentials, for instance, an escrow checks several numbers to confirm their legitimacy before handing the payment the buyer gave him for safekeeping to the seller. Escrows usually get 2‒15% of the sales price for their services, depending on the agreement between buyers and sellers and other circumstances.”

Following the list of principal products offered:

  • Trojans
  • Exploits and Exploit Bundles
  • Rootkits
  • Traffic
  • Crypters
  • Fake Documents
  • Stolen Credit Card and Other Credentials

while list of the most popular services includes:

  • Dedicated-Server-Hosting Services
  • Proxy-Server-Hosting Services
  • VPN Services
  • Pay-per-Install Services
  • Denial-of-Service Attack Services
  • Spamming Services
  • Flooding Services
  • Malware Checking Against Security Software Services
  • Social-Engineering and Account-Hacking Services

Are you interested in price list? Of course and the excellent report includes the prices for both product and services. I avoid to provide the full list because I consider  important that you will read it to better understand how are evolved the offer and the market price of each item in the last three years.

 

Even if the prices of almost every product and service sold in the Russian underground market are decreasing in the last years, the black market is very profitable for both buyers and sellers.

“Cybercriminals, like legitimate businesspeople, are also automating processes, resulting in lower product and service prices. Of course, “boutique” products and services remain expensive because these involve specialized knowledge and skills to develop that only a few badguys have.” states the report.

Russian underground is the example of a successful evolution of criminal proposal.

This report is a must read!

Pierluigi Paganini

(Security Affairs –  Russian undergroun, cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

13 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

19 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.