Group-IB, one of the leading companies in fraud prevention, cybercrime and hi-tech crime investigations, has announced their annual report on the Russian high-tech crime market for 2014. Analysts from Group-IB’s computer forensics lab and its CERT-GIB unit prepared the 56-page report, covering the second half of 2013 and the first half of 2014.
The comprehensive report provides detailed assessments of the who, what, where and how of high-tech crime, naming which individuals and criminal groups are behind what crimes, where they originate, and who they target. The report covers the trends, evolution and financial impact of various cybercrime practices. The report also details how specific cybercrime practices function, including fraud, banking information theft and malware infections. Individuals, bank employees, security administrators and others who read this report will know the threats targeting them and understand the vulnerabilities and entry points they need to be watchful for. Contents of the report include high-tech crime market assessments, trends over the last year including attack targets and methods, a forecast for 2014-2015, and profiles of key cybercriminals brought to justice over the report’s research period.
“With recent cybersecurity events such as the leaks at JPMorgan, Home Depot, Target, and others, it pays to know which threats matter and where to best allocate security resources,” said Ilya Sachkov, CEO at Group-IB. “Having solid information on the exact nature of cybercrime attacks, and knowing the vulnerabilities that criminal target and exploit, is invaluable to protecting personal and corporate data. Our report provides readers with the knowledge to make smart security decisions.”
The report, which includes a recap of major trends over the past year and offers a forecast for 2015, is available at http://report2014.group-ib.com/.
Key trends in 2014 include:
· The carding black market looks like any online market: Group-IB undertook an extensive study of the Russian market for stolen credit card information. This investigation looked into organized marketplaces where the card market has become structured, complete with wholesalers and online trading platforms. Criminals can easily browse and purchase stolen credit card information as if they were shopping on any mainstream e-commerce site. A study of the online card market site SWIPED found that the most active card supplier is a criminal individual called “Rescator,” who uploaded details of over 5 million cards to the online marketplace. In investigating a test sample, Group-IB found that all sampled cards were originally stolen from the retail chain Target, which famously suffered a security breach in the past year. Group-IB estimates the carding market at $680,000,000.
· Criminals like cryptocurrencies: Group-IB found that 80% of payments on SWIPED are currently made using Bitcoin, with other cryptocurrencies also playing a role as convenient tools for illegal transactions. Shadow Internet shops selling goods such as stolen information, weapons and drugs have switched to using cryptocurrencies as their primary payment methods. The use of malware-based botnets to mine bitcoins has also become more developed insofar as botnet renting through services like SkyShare has become a reality. Stealing from cryptocurrency wallets using Trojans has also become both more sophisticated and more common.
· Mobile banking threats experienced strong growth: This year, five criminal groups emerged that specialize in mobile banking theft using Trojans. These groups infect Android phones and steal information via SMS banking and the use of phishing sites. The scale of these thefts is limited only by the manual nature of the activity. The report also investigates mobile espionage, where malware allows criminals to read texts, listen to phone conversations, and even pinpoint a victim’s location with the GPS on their phone. The report includes screenshots of the tools criminals use to carry out these activities, displaying their invasive nature.
· Targeted attacks on financial institutions continue: Groups targeting financial institutions have stolen about $40 million during the report period, using techniques including Trojans, phishing sites, and even assistance from personnel inside the banks. Criminals use sophisticated processes to evade policies barring bank workers from opening executable files, hiding malware inside of harmless looking document files.
· Hackers reprogram ATM machines to hand out the big bills: Either by physical access or infection of local networks, hackers are able to introduce malicious scripts to ATM software. In some cases the purpose is to record any ATM card numbers and pins used on the compromised machines and to make cash withdrawals from those accounts. Other scripts can reprogram an ATM to pay out larger value notes than they should, for example, issuing 5000-ruble notes when 100-ruble notes ought to be issued. The total amount stolen from one group via this method exceeded 50 million rubles.
· Online banking fraud is down: Of eight criminal groups active in Russian online banking theft last year, two have switched to foreign targets and one was broken up following the 2014 arrest of one of its leaders. This has resulted in a decrease in the total online banking fraud market, from an estimated $615,000,000 in 2012 to $425,000,000 in 2013-2014.
· Spam provides high earnings to sellers of counterfeit pharmaceuticals: Group-IB detects 10,000 new online stores selling fake pharmaceuticals every month. These affiliate programs will sell pills actually consisting of ingredients like printer ink and drywall. The counterfeit stores collude with employees of processing centers and legitimate online stores to skirt the rules of international payment systems like VISA and MasterCard, which prohibit payment for unlicensed medical sellers. The total market for spam fraud, including all counterfeit medicine, products and software, is estimated at $841,000,000.
· Number of DDoS attacks falling in some areas, but power of attacks increasing: While DDoS attacks on government websites fell during the report period, attacks on banks and payment systems increased. Hackers are abandoning using botnets in favor of DNS/NTP amplification attacks, providing more powerful attacks at lower cost. Such attacks now account for 70% of the total.
Global Cyber Security Company
Founded in 2003, Group-IB is one of the leading companies in fraud prevention, cybercrime and hi-tech crime investigations. Group-IB’s mission is to protect our clients in cyberspace by creating and using innovative products, solutions and services.
Key activities of our company:
· Cyber Intelligence and Threat Prevention
· Online brand protection
· Information Security Assessment and Vulnerability Research
· Computer Forensics
· Cybercrime and Hi-Tech crimes investigations
· Innovative software products development for monitoring, detection and prevention of emerging cyberthreats.
In the technologies field, it is imperative that our team members are on the cutting edge. That is why our employees have earned several certificates: CISSP (Certified Information Systems Security Specialist), CISA (Certified Information Systems Analyst), CEH (Certified Ethical Hacker), Extreme Networks Administrator, A+ Certification, Net+, MCP (Microsoft Certified Professional), and MCSA (Microsoft Certified Systems Administrator).
We have more than 90 employees serving customers in more than 25 countries. Our clients include various banks, financial institutions, oil and gas companies, software and hardware vendors, telecommunications service providers from Australia, Argentina, Brazil, Canada, EU, Russian Federation, UK, USA and Ecuador.
Group-IB employees participate in key IT-security conferences such as e-Crime, Cardex, APWG:Counter-eCrime Operations Summit (CeCOS), Cyber Intelligence Asia and the SCADA Security Summit.