The Russian Underground Today: Automated Infrastructure, Sophisticated Tools
The Russian underground has been around since 2004, and has been continuously used as an underground platform for trading goods, services, and information. In 2012, we published “Russian Underground 101,” which provided a brief summary of the cybercriminal underground and shed light on hacker activities in the region. We also learned about the various goods and services being offered in these hidden markets, which included exploit kits, bulletproof web hosting, VPN services, custom-created malware, and pay-per install (PPI) services.
Over time, we have updated the information that fundamentally discussed these above-mentioned activities and concluded that the decrease of prices of goods and services in the market wasn't a sign that the the Russian cybercriminal ecosystem was declining. In fact, our research revealed that as long as there's a demand for these goods and services, the cybercriminal underground will thrive.
Today, the Russian underground didn't just grow—as seen in the growing number of illicit products and services being offered in its marketplaces—it has also evolved to become more sophisticated and professional, as manifested by the following improvements:
- Automated processes to accelerate trades and lower prices
- More seamless and standardized transactions via new marketplaces
- Newly optimized and segmented translations and antispam-proofing offerings
- Unique platform-registration processes that ensure anonymity
- Easier access to bulletproof hosting services (BPHS) that form the base of undetected proceedings
The research paper Russian Underground 2.0 offers a look into a mature ecosystem with an increasingly professional underground infrastructure for the sale and trade of malicious goods and services. It also discusses the growing competition, process automation, the introduction of new attack avenues, and its community's underground activities.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale