Victim Insights around the Russian Hack
7 August 2014 – The recently disclosed Russian hack in which a Russian cyber gang stole billions of passwords from both commercial websites and consumers highlights the challenges we all face in our day to day activities on the web. Cyber thieves are targeting us all in their quest to make money and as we’ve talked about before, the Russian underground is the biggest and baddest of the underground economies. The goal of this group is to steal as much money from the West and bring into their own country, and as such, this won’t be the last time this occurs.
The lesson from this we should all take is the cybercriminal underground is thriving and growing as the number of victims continues to grow on the web. Criminals have always gone to where the money is, and since 90+% of all currency is now online, they will continue to look for ways to steal it.
There are some specific behaviors we can all do to help mitigate our risks associated with these attacks. The following are a few best practices both commercial businesses and consumers can take now to help improve their security profile.
Online users need to be a lot more suspicious of where they go online, of emails they receive, and of their social media interactions. Being aware of your surroundings is a key safety tip when you are in a strange city, think of the Internet as a strange city and be aware of your cyber surroundings.
Cybercriminals can use these stolen credentials in a number of ways. Likely they are selling them within the underground for different amounts depending on the information stolen. Trend Micro researchers have been monitoring the Russian Underground market for a number of years and publishing prices of goods and services sold within.
From our Russian underground investigation, the prices for spamming (per 10,000 messages) from 2011 to 2013 are below:
· Generic (uses a public database): US$13 to US$4-5
· External email database based: US$17 to US$13
· SMS: US$600 to US$100
· ICQ: US$55 to US$4-9
· Skype: No data to US$86
The prices of stolen data have been dropping each year, and as such cybercriminals need to steal more data to make the same amount of money. This is a key reason why we’re seeing more high-volume attacks, whether the recent retail breaches against vendors who process a lot of credit cards, or attacks like the one discussed here. Compromising sites is a lot more efficient than trying to compromise individual users directly.