New Research Report: How New Internet Laws and Nationalism Fuel Russian Cybercrime
August 8th, 2019
Subscribe to our blog and stay up to date
The Russian dark web is considered by many to be at the cutting edge of cybercrime. Russian threat actors are known for developing advanced malware programs and innovative attack methods. They have launched large-scale cyberattack campaigns against global organizations and governments alike, resulting in massive data breaches, espionage, election meddling, and many other types of malicious activity. The geopolitical implications of the Russian cybercriminal underground are massive, and companies around the world need to keep a close eye on the underground Russian threat actor community.
IntSights performed extensive research on the state of the Russian cybercriminal underground across the clear, deep, and dark web over the past few months. Our researchers observed trends, analyzed new developments, and deciphered lingo commonly spoken among hackers in a variety of forums, black markets, and other threat actor watering holes. This research culminated in an exclusive report on the cyber threat landscape in Russia. We’re proud to introduce The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime.
This report breaks down Russia’s attempts to crack down on free internet use and illustrates the implications for businesses, consumers, and cybercriminals alike. It also provides a comprehensive breakdown of cyber threats originating on the Russian dark web and delves into the serious implications of Russia’s state-sponsored cyber warfare tactics, designed to cause political unrest in numerous Western-world democracies.
Here are some highlights and key takeaways from the report:
Russia’s Sovereign Internet Law
Russia’s new internet censorship law is set to restrict access to content and information the government deems to be oppositional, causing a ripple effect for businesses and users alike. This law allows the Russian government to secure the world wide web within its borders, disconnecting from global internet infrastructure if it so chooses and facilitating mass surveillance and domestic internet control. One of the clauses of the law is a stipulation that government-issues hardware must be installed on every Russian ISP, giving the government unfettered access to user data.
Political Influence and Cyber Warfare
The Russian government disrupts and influences the political landscape in adversary states by hacking anti-Russian political candidates and releasing private or confidential information to foster instability. Russia has executed advanced cyberattack campaigns on foreign organizations and governments alike for the purposes of espionage, retaliation, political manipulation, and covert military operations.
Robust Cybercrime Underground
The cybercriminal community in Russia is both vast and incredibly advanced. Russian hackers have developed cutting-edge malware and have been the first to discover new vulnerabilities since the community’s early development shortly after the advent and popularization of the world wide web. The Russian hacking community was the first to emerge, and its rapid growth – as well as the severity of the damage its attacks caused – thrusted cybercrime into public consciousness in the mid-2000s. Today, the community is massive and sophisticated, with common malware and hacking services sold as commodities and technically advanced groups working tirelessly to develop new attack methods.
Insider Trading Forums
Russian threat actors can provide unprecedented levels of detail, including passport information, photos, marriage history, registered instances of border crossings, times associated with the use of domestic transportation services, video surveillance in certain cities, criminal investigations, and real estate information. These threat actors have the capabilities of a full-scale intelligence agency and are constantly looking to recruit – or bribe – employees of targeted entities to feed them intelligence.
Early Access to Vulnerabilities Like Bluekeep
The Russian underground covers virtually any known type or method of malicious activity. If news outlets are talking about it, it is likely Russian cybercriminals have already had it for some time. The latest Microsoft RDP vulnerability, CVE-2019-0708, dubbed Bluekeep, appears to have made the rounds on the Russian dark web long before Microsoft announced it to the world. The Dark Side of Russia contains screenshots of Russian hacking forum users discussing their use of the Bluekeep exploit nearly a year before Microsoft publicly acknowledged it.
Learn all about the sophisticated Russian cybercriminal underground community in The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime.
Andrey Yakovlev is Lead Security Researcher - Threat Intelligence at Rapid7, focused on intelligence hunting from the Russian Dark Web. He is an experienced professional with nearly 10 years of experience in the cybersecurity field. Andrey specializes in threat discovery, computer forensics and behavioral analysis of Trojans.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.