The Russian Underground, Revisited

The Russian Underground has been around (in an organized manner) since 2004, and has been used both as a marketplace and an information exchange platform. Some well-known centers of the Russian underground include zloy.org, DaMaGeLab, and XaKePoK.NeT. Initially, these forums were used primarily to exchange information, but their roles as marketplaces have become more prominent.

Many parts of the Russian underground today are now highly specialized. A cybercriminal with ties to the right people no longer needs to create all his attack tools himself; instead he can buy these from sellers that specialize in specific products and services. For example, you see groups that do only file encryption, or DDoS attacks, or traffic redirection, or traffic monetization. Groups are able to specialize in each of these items do what they do best and produce better, more sophisticated products.

Perhaps the most popular product in the Russian underground economy today is traffic and various traffic-related products. Examples include traffic detection systems (TDSs), traffic direction, and pay-per-install (PPI) services. This purchased Web traffic not only increases the number of cybercrime victims; it may also be used to gather information about potential targeted attack victims.

Like any other economy, the laws of supply and demand are followed in the Russian underground. As we mentioned last week, the prices of underground goods have dropped across the board. This is generally because of the increased supply for these goods available – for example, stolen American credit cards are widely available; as a result the price has fallen. This is evident in the following chart of stolen credit card prices:

Figure 1. Prices for stolen credit cards

The same is true for stolen accounts:

Figure 2. Prices for stolen accounts

With falling prices, however, comes a loss in reliability: goods or services are not always as high-quality as advertised. Sometimes, escrow providers (known as garants) are used to try and give both parties (buyer and seller) reassurances that neither party is scamming the other.

Today, we released our updated look at the Russian Underground titled Russian Underground Revisited. This is an update to our earlier paper discussing the items which are bought and sold in various parts of the Russian underground. For this edition, we have clearly outlined the products and services being sold and what their prices are. In addition, we discuss the changes since the original paper to highlight the continued evolution of the cybercrime threat landscape.

This is part of the Cybercrime Underground Economy Series of papers, which take a comprehensive view of various cybercrime markets from around the world.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

The Russian Underground, Revisited