Let’s delve into some of the major shifts that have taken place in the cybersecurity sphere in the past five years and see how they have transformed the way Russian-speaking cybercriminals operate. The roles of people in the game directly depend on the infrastructure and the instruments - and these have changed. The main constants in this system are the infrastructure needed for carrying out cybercriminal activity and the instruments used for this activity. The cybercriminal ecosystem has always consisted of various roles. This is a surprising trend, as one would expect COVID-19 and the move to remote working to have prompted more computer incidents. The industries affected included everything from IT to retail, from oil and gas to healthcare.
We investigated 200 cases for clients in Russia in 2020, and already over 300 in the first nine months of 2021. On top of that, due to changes in legislation that limited financial institutions in hiring external services, the number of cases we investigated for financial industry clients in 2020 was zero. These days, the industries under attack are not limited to financial institutions, while major attacks like those we investigated back in the day thankfully are no longer possible.
Others cybercriminal groups, such as Cerberus, left the game and shared their source code with the world. Big names such as Lurk, Buhtrap, Metel, RTM, Fibbit and Carbanak boldly terrorized banks nationwide, yet eventually fell apart or ended up behind bars - with our help too. The services we offer include incident analysis, investigation and post-incident expert support, all directed at preventing and mitigating the consequences of cyberattacks.īack in 2016, the primary focus of our expert was on major cybergangs that targeted financial institutions, banks in particular. Kaspersky’s Computer Incident Investigations Department specializes in attacks by Russian-speaking and Russia-based cybercriminals. This report attempts to shed light on the changes in cybercriminals’ operations that we deem important - and actionable. Moreover, trends that are visible in one country, more often than not resurface in other places and among new cybercriminal gangs. While this report is primarily focused on cybercriminals that operate on Russian territory, cybercriminals rarely restrict themselves to national borders - with ransomware gangs being a prime example of such cross-border activity. Lastly, we analyze the targets that cybercriminals select these days as opposed to a few years back, the reasoning behind them and criminal-to-criminal services offered on the dark web. We also review what pushed cybercriminals to transform their operations into the now well-known malware-as-a-service model - the use of cloud servers, the decreasing relevance of custom malware and the subsequent emergence of small, agile teams. We overview what kind of attacks are now carried out by cybercriminals and what influenced this change - including such factors as changes in vulnerability market and browser safety. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi.
Mouse: Logitech G903 LIGHTSPEED Wireless Gaming Keyboard: Logitech G910 Orion Spectrum Illuminated Mechanical Gaming Monitor(s) Displays: Samsung C27HG70 27" WQHD Curved Gaming Graphics Card: ASUS Radeon RX 5700 XT ROG Strix OC 8GB Memory: Corsair Vengeance LPX 64GB 3000 MHz Motherboard: ASUS ROG Strix X570-F Gaming
OS: Windows 10 Pro 64-bit (20H2) / Linux Mint 20 64-bit (Cinnamon)ĬPU: AMD Ryzen 9 3900X (Corsair Hydro H100i) System Manufacturer/Model Number: Custom Built (Self)