Pierluigi Paganini
October 18, 2014
Group-IB, a leading company in cybercrime prevention and investigations, has issued its annual report titled “GROUP-IB REPORT: HIGH-TECH CRIME TRENDS 2014″ which cover the second half of 2013 and the first half of 2014.
The report is one of the most interesting analyses of high-tech crime activities, it identifies threat actors, their means and covers trends, evolution and financial impact of various illegal practices.
According to the cyber Intelligence firm Group-IB, a person or a group of individuals operating under the pseudonym “Rescator” (AKA Helkern and ikaikki) disclosed online credit card data of more than five million users.
“Rescator is not the owner of SWIPED, he is active seller in this card shop,” Dmitry Volkov, head of threat prevention & the investigation department at Group-IB claimed. “Rescator lives in Ukraine, but he does not sell compromised cards of Russian or Ukrainian banks. No local victims – no criminal case,”
Rescator is one of the most active sellers of the SWIPED card shop, he is based in Ukraine that is considered by investigators one of the countries which hosts principal actors of underground markets specialized in the sale of credit card data.
Group-IB revealed that it is a common practice for the users of the SWIPED card shop the use of virtual currencies, nearly 80 per cent of payments is made with Bitcoin. Be aware, Rescator is the owner of credit card shop Octavian.su and member of the Darklife team, a Russian-speaking cyber gang that manager the closed forum darklife.ws.
The stolen credit card data have been offered by the SWIPED online carder marketplace, all the information belongs to the cards stolen in the databreach suffered by the US retail giant Target.
“The most active supplier of credit cards is a user called ‘rescator’, who uploaded more than 5 million cards to the shop. In partnership with a financial institution in the United States, Group-IB investigated a test sample of credit cards uploaded by ‘Rescator’ in the period from December 2013 to February 2014 marked “USA FRESH BINS TR1+TR2+ZIP [80% VALID]”.states the GROUP-IB REPORT: HIGH-TECH CRIME TRENDS 2014 recently issued by the firm.
The HIGH-TECH CRIME TRENDS 2014 report reveals that the Russian underground market for stolen credit card data is very complex and well organized. Cyber criminals provide efficient platforms for the sale credit card data.
The Group-IB’s annual report states that Russian and Eastern Europe gangs are specializing their operations against online banking users, the data demonstrates a surge of illegal activities against mobile users. The number of Online banking frauds is decreasing only in Russia, according to the experts of the Group-IB due to the law enforcement action.
“Of eight criminal groups active in Russian online banking theft last year, two have switched to foreign targets and one was broken up following the 2014 arrest of one of its leaders. This has resulted in a decrease in the total online banking fraud market, from an estimated $615m in 2012 to $425m in 2013-2014,” it reports.
The overall amount of losses for financial institutions during the report period is nearly $40m, the criminals exploited every tactic to maximize the profit as explained in the document. The following formula was used for the calculation of the overall theft amount = Ng*K*A*Nd
• Ng – number of groups • K – average number of successful thefts per day • A – average theft amount • Nd – number of business days So, online banking theft amounts wer ecalculated as follows Theft from corporate entities: 6*4*40000*249= $239,040,000 Theft from individuals: 4*3*2300*249= $6,872,400 Theft using mobile Trojans: 5*5*500*249 = $3,112,500 Targeted attacks on banks and payment systems: ~ $40,000,000 Total:$289,024,900In line with other reports analyzed in these days, the HIGH-TECH CRIME TRENDS 2014 report issued by Group-IB confirms the increase of DDoS DNS/NTP amplification attacks.
Russian underground economy is also characterized by an intense activity of sellers of counterfeit pharmaceuticals, the experts at Group-IB detects 10,000 new online stores selling fake pharmaceuticals every month.
“The counterfeit stores will collude with employees of processing centers and legitimate online stores to skirt the rules of international payment systems like VISA and MasterCard, which prohibit payment for unlicensed medical sellers,” Group-IB reports.
Ilya Sachkov, CEO and founder of Group-IB, explains that “Society, the state and the companies found themselves not ready for such a rapid change of technologies and criminal environment.”
“Methods used by the classical cybercriminals move on to the arms of organized crime which allows it to commit more audacious crimes. Also the instruments developed by cybercriminals used for public and industrial espionage.”
Key trends in 2014 include:
I strongly recommend reading the GROUP-IB REPORT: HIGH-TECH CRIME TRENDS.
(Security Affairs – Group-IB HIGH-TECH CRIME TRENDS 2014 report, cybercrime)
