Recently, our in-house expert on Russian cybercrime hosted a webinar for Cyveillance customers on the ecology and tactics of Russian hackers, and the rising tide of cyber-attacks originating from Eastern European countries. The webinar examined the evolution of the Russian hacker; organizational aspects of cybercrime gangs; day-to-day operations of Russian underground marketplaces; as well as tactics, techniques, and procedures involved in targeting Western victims. The webinar also discussed potential motives and ideologies behind some of the recent attacks on Western targets.
From Basement to Syndicate
The era of home-grown, basement hackers is over. In the past five years, Russian hackers have become increasingly organized and sophisticated, and now threaten individuals, organizations, and governments alike. Major crime syndicates have taken over, and the switch from offline crime to cybercrime has only maximized their profits and geographic reach. Criminal activities range from spamming to identity theft, child pornography to credential harvesting, and many other illicit activities.
Ideological Cybercrime: Hacktivism
In addition to organized cybercrime gangs, Russia and Ukraine have become a hotbed of cyber-attacks prompted by ideological motivations. Hacktivist collectives target Eastern European and Western organizations, banks, and businesses with a near perfect success rate.
Tactics of these collectives vary widely, from social media propaganda, to the more technical Mac.Backdoor.iWorm which hit over 17,000 Mac users by using Reddit for C2. With the current geopolitical climate in the region and abroad, hacktivism is expected to vigorously grow in both capability and frequency.
Hacking: A National Resource
While the reasons for the rise in cybercrime and hacking in Russia and Eastern Europe are many and varied, much of the rise can be attributed to the underutilized techno-industrial complex. Highly-skilled computer science professionals are finding themselves underpaid or unemployed. This, tied with the lucrative opportunities found with crime syndicates, has drawn Russia’s top talent.
In addition, underground and politically motivated hacking has become a source of national pride. In a region plagued with geopolitical instability, even politicians have begun to leverage hacktivist tactics to discredit rivals, stir national pride, and redirect public frustration and anger.
This climate ensures that Russia and Eastern European hackers will no doubt improve their capabilities and continue to be a major global threat.
Conclusion: The New Threat Landscape
While many IT and security professionals focus on vulnerabilities within their network, the increasingly sophisticated Russian hackers have shown that it is not what you can see that is the problem, it’s what you can’t see. Visibility beyond the perimeter is critical to identifying threats before they become a problem. Leveraging threat intelligence with appropriate analysis can mitigate these risks. In addition, language agnostic technologies, paired with multi-language analysis, are vital to identifying and neutralizing threats in the global threat landscape.
For more information on threat intelligence based strategy, you can review our past webinars at any time.