Russian Hackers Made $2.5B Over The Last 12 Months

  /     /     /  
Publicated : 22/11/2024   Category : security


Russian Hackers Made $2.5B Over The Last 12 Months


The big bucks are in selling credit card data -- not using it for fraud -- and PoS and ATM attacks are on the rise.



The Russian hacking industry brought in $2.5 billion between mid 2013 and mid 2014, thanks in large part to the Target breach, according to a report released today by Group-IB.
Other bad news: ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data thats 10 times more profitable than your average plaintext credit card number.
Also, while financial fraud is still a big earner -- accounting for $426 million -- its being surpassed by the simple buying and selling of credit card data. The carding business brought in $680 million.
All of this is evidence of the growing sophistication of the Russian cybercrime industry. (Group-IB defines this as the market of computer crimes committed by Russian citizens, by citizens of the [countries in the Commonwealth of the Independent States, created when the Soviet Union was dissolved] and the Baltic states, as well as by citizens of other countries from the former Soviet Union.) As the report describes it:
The market for stolen credit card data in the last 10 years has finally been structured and now features mass automated distribution channels in the form of electronic trading platforms.
[Want more about the Russian hacking industry? Read how the cyber espionage group, Sandworm,
hit Ukrainian and American targets
with a Windows zero-day attack.]
Last year, the Target breach was the main source of stolen credit card details, but soon attacks on point-of-sale may be the new well where the carding marketplace goes. As the report explains:
The market value of a credit card dump is on average 10 times higher than the cost of credit card text details. This is because dumps offer greater opportunities for fraudulent transactions. So, with the dump of a credit card, an attacker can make a physical duplicate of that card and conduct operations in off-line points of sale, buying expensive electronics, luxury goods, medicines and other goods to be subsequently sold in a secondary market. Credit card dumps are stolen with the use of skimming hardware, or by infecting POS terminals with special Trojans (Dexter, BlackPOS, JackPOS, BrutPOS, Alina, etc.).
PoS attacks were
all the rage
this summer, and their popularity is likely to grow.
POS attacks have a good potential to get worse, says Group-IB CEO Ilya Sachkov. There is a vast number of vulnerable devices, random infections, target attacks, and reluctance of operators to provide the necessary level of protection. The result is big leaks. [Another] important factor is that no one has been prosecuted so far. There is no precedent, therefore there is no reason for a decline, only growth.
These breaches, in particular, are a boon to card traders. The size and growth of the booming carding market was what most surprised Sachkov about the findings.
There are now professional wholesalers who deal in stolen card data. The main supplier of user data stolen from compromised credit cards has been Rescator -- a.k.a. Helkern, a.k.a. ikaikki, and suspected to be Ukrainian resident Andrey Hodirevski. The wholesalers buying Rescators wares do quite well for themselves, too. Rescator made roughly $1 million by selling over 150,000 cards to SWIPED, one of the largest online trading platforms; SWIPED itself made $6 million in one year.
Group-IB also notes that Bitcoin has become the currency of choice in the criminal marketplace. Almost all shops selling credit card data, as well as shops in the shadow Internet selling weapons, drugs and more have switched over to Bitcoin as their method of accepting payments, the report states.
There has also been a sharp increase in Russian criminals attacks on ATM machines. From the report:
Attackers now use not only malicious programs capable of stealing credit card details, but also more advanced types of fraud, where the criminals manipulate the amount issued from ATMs or are able to control the dispenser for the ultimate aim of emptying the ATM machines of their cash during maximum load.
Earlier this year, ATMs were
plagued by the Ploutus malware
and just last week Kaspersky Labs
released details
about attackers compromising ATMs by using the Tyupkin malware.
ATM attacks have increased due to [the] emergence of new software and [a] new criminal group that does targeted attacks, says Sachkov. In addition, ATMs historically were considered very secure, except skimming, therefore banks were not heavily involved in development of protection from such attacks.
The Russian hacking industry also has tidy little businesses in DDoS attacks ($113 million) and the sale of nefarious goods and services like traffic, exploit code, and anonymization ($288 million). Yet what brings in the most bucks is perhaps the least glamorous: spam, which brought in a whopping $841 million. Sachkov says that that spamming was always a lucrative business, and that the evolution of spam for Skype, SMS, and voice media is getting new players into the market.
The worst news is the increase in number of criminal groups due to the emergence of new ways of theft from individuals by use of mobile devices, says Sachkov. This year also saw the emergence of five new crime groups specialized in mobile bank theft, and all of them used their own unique Trojan horse. In addition, the bad news is that hackers use politics and geography to avoid prosecution.
Yet, its not all gloom and doom.
The best news, says Sachkov, is that weve seen a reduction of theft from legal entities in [the] Russian sector. This essentially means that investigations that were undertaken have proved to be effective.
The best news for [the] foreign sector is the arrest of Paunch, says Sachkov. Paunch, the 27-year-old creator of the BlackHole and Cool exploit kits, was arrested last October. Before his arrest, his criminal endeavors were making him over $50,000 per month. [Paunchs] exploit-kit pack malware was widely used in attacks, including bank theft from customers of banks overseas.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Russian Hackers Made $2.5B Over The Last 12 Months