TrendMicro has published an excellent study on the evolution of the Russian underground, detailing products, services and related prices.

Max Goncharov has published a new interesting study on the Russian Underground, titled Russian Underground Revisited, one year after the previous report “Russian Underground 101”. Trend Micro report continues its analysis of the services and products offered by cyber criminals in the most prolific black market, the Russian underground.

As observed by Goncharov, toolkits are becoming more available and cheaper on the black market, the products are even richer of features to advantage the work of cyber gangs. Russia, China and Brazil are the countries where underground forums are more productive.

The number of Russian underground forums is increasing year after year, some popular are becoming very popular such as verified.su and ploy.org, which have reached hundreds of unique members.

Particular attention is reserved to the Deep Web, which provides the optimal environment to sell products in total security and anonymity for cybercrime. We saw in the last month a growing number of activities exploiting hidden services in Tor Network to propose new back markets, hacking forums or resources to hide Command and Control infrastructure to make the botnet more resilient.

The paper is divided into the following five sections:

1- Introduction to the Russian underground market, in which are analyzed the products and services proposed in the market.

2 – Differentiation of Russian underground market with other dark underground ecosystems

3/4 – Detailed descriptions of the most common products and services.

5 – Pricing information.

The Russian underground market is consolidating the model of sale known as malware-as-a-service, a growing number of illicit products and hacking activities are available for rent. Like every market, also Russian underground has its own specialty, the sale of TDSs and traffic direction and PPI services.

“In fact, traffic-related products and services are becoming the cornerstone of the entire Russian malware industry, as buying Web traffic can not only increase the cybercriminal victim base, sifting through the traffic stored in botnet command-and-control (C&C) servers can also help threat actors find useful information for targeted attacks.” states the report.

The report explicitly refers also the importance of the role of third parties which offer escrows service to guarantee buyers and sellers.

“When buying and selling stolen credit card credentials, for instance, an escrow checks several numbers to confirm their legitimacy before handing the payment the buyer gave him for safekeeping to the seller. Escrows usually get 2‒15% of the sales price for their services, depending on the agreement between buyers and sellers and other circumstances.”

Following the list of principal products offered:

Trojans

Exploits and Exploit Bundles

Rootkits

Traffic

Crypters

Fake Documents

Stolen Credit Card and Other Credentials

while list of the most popular services includes:

Dedicated-Server-Hosting Services

Proxy-Server-Hosting Services

VPN Services

Pay-per-Install Services

Denial-of-Service Attack Services

Spamming Services

Flooding Services

Services Malware Checking Against Security Software Services

Social-Engineering and Account-Hacking Services

Are you interested in price list? Of course and the excellent report includes the prices for both product and services. I avoid to provide the full list because I consider important that you will read it to better understand how are evolved the offer and the market price of each item in the last three years.

Even if the prices of almost every product and service sold in the Russian underground market are decreasing in the last years, the black market is very profitable for both buyers and sellers.

“Cybercriminals, like legitimate businesspeople, are also automating processes, resulting in lower product and service prices. Of course, “boutique” products and services remain expensive because these involve specialized knowledge and skills to develop that only a few badguys have.” states the report.

Russian underground is the example of a successful evolution of criminal proposal.

This report is a must read!

Pierluigi Paganini

(Security Affairs – Russian undergroun, cybercrime)

Share this...

Linkedin Reddit Pinterest

Share On