Russian Underground: Prices Drop, But Products Get Specialized
Established back in 2004, the Russian underground market was the first to offer crimeware to cybercriminals. Up to this day, it continues to evolve and thrive despite the evident drop in market prices.
The underground market in Russia began via forums, venues where cybercriminals anonymously convened to swap tips, tricks, and vital information. Once these cybercriminals started hawking their wares, the underground became a legitimate trading platform, a black market where they can freely promote, sell, and even review several tools, programs, and services that can be used for numerous malicious activities.
Just like any other marketplace, the Russian cybercriminal underground also experiences peaks and valleys, often dictated by supply and demand. These trends are able to give us a clue as to what malicious wares and activities are popular to cybercriminals in the region.
In 2013, we noted a significant drop in the prices of goods offered in the Russian underground. Though normally this would indicate a weakened interest in crimeware, other factors prove that business is actually booming. The dropping of prices may indicate a very competitive market. The availability of more robust and diverse product and service offerings make common crimeware a lot cheaper and a lot more accessible to buyers.
Cybercriminals have also automated their processes. This, too, could have contributed to the decrease in prices. The only products and services that are unaffected by the dip are what we call “boutique” wares. These are highly specialized offerings that require very distinct skillsets to produce. Only a few cybercriminals are able to provide these types of products and services, hence their high rates.
An interesting characteristic of the Russian underground market is how cybercriminals go to great lengths to protect their anonymity. In an effort to mask their identities and shroud their transactions, buyers and sellers use escrows, third parties who test the sellers' products and services, and check for the buyers' ability to pay. In return for their services, they get a commission of around 2-15%.
This underground economy is not going away anytime soon. Cybercriminals are still making profit off of their peers, and customers are still willingly going to them to buy wares. As long as there is a need for it, the Russian underground market will continue to exist and grow over time.
To view an extensive list of the Russian underground offerings and their corresponding prices, read the full research paper Russian Underground Revisited.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report