In the report, Group-IB differentiates between cybercriminals living in Russia and Russian-speaking cybercriminals, who include citizens of the countries of the former Soviet Union and other countries. In the 28-page report the researchers estimate that the total share of the Russian cybercrime market alone doubled to $2.3 billion, while the whole Russian-speaking segment of the global cybercrime market also almost doubled, to $4.5 billion. The researchers noted that the Russian-speaking segment of the global cybercrime market traditionally encompasses twice the amount of the Russian segment.
The Group-IB analysts highlighted general trends in the development of online crimes in 2011. The market was embraced by traditional organized crime groups that are trying to control the entire theft process, which led to the merging of two criminal worlds and a refocusing of the Russian mafia's traditional emphasis on crimes such as drug and arms trafficking to cybercrimes, according to the report. This could lead to "an explosive increase of attacks" on the financial sector, the researchers warned. Online banking fraud is one of the fastest growing segments of cybercrime, with a big increase in 2011, Group-IB said.
The cybercrime market has consolidated, with the rise of several major groups that operate on a consistent basis. These groups are also linking up and working together, sharing compromised data, botnets and financial scams, Group-IB noted. Also, more non-technical criminals tried their luck in cybercrime, leading to an increase of outsourcing services such as consulting, training, and the sale of malware and exploits, Group-IB said. All these trends lead the researchers to conclude that "the Russian cybercrime market is experiencing a period of dynamic transition from a quantitative state to a qualitative one, moving away from the chaotic model of the development of the cybercrime world."
Online banking fraud, phishing attacks and the theft of stolen funds increased within Russia and was the largest area of cybercrime, amounting to an estimated $942 million, followed by spam at an estimated $830 million and $230 million estimated as the amount paid by cybercriminals for technical services. In Russia, there is also a trend in targeting individuals rather than financial institutions for online banking fraud, and criminals mainly used Web-inject technologies and Trojan programs to lead users to phishing sites.
Group-IB also noted a sharp increase in politically motivated Distributed Denial of Service (DDoS) attacks that were used to black out blogs, forums and media sites in Russia around the presidential elections, though the main targets of those types attacks were usually online stores. The researchers noted that the strength of DDoS attacks in Russia weakened in 2011 compared to 2010, with botnets used typically using no more than 10,000 nodes for attacks.
In order to fight the increase in cybercrime, Group-IB proposed to increase penalties and change existing law enforcement practices by educating law enforcement officials on cybercrime investigation techniques. According to the firm, Russian laws are critical in battling global Russian cybercrime. Although there has been progress, there is room for improvement, the group said.
Also suggested by the researchers is increasing international cooperation via the U.N. and clarifying terms as "botnet" in new laws to make them more applicable to the current online crime environment.