As global cybercrime increases, governments and businesses are struggling to keep up with the threats they are facing. Because of the changing and innovative methods of attack being used against them, it is of the utmost importance that they constantly refine their knowledge of the particular enemies they face.
Our purpose here is to shed some light on the two biggest sources of cybercrime perpetrated by non-governmental agencies: Brazil and the former states of the Soviet Union. Drawing from these examples, we also hope to provide some advice on how to deal with the increasing number and variety of cybercriminal gangs.
Both Brazil and Russia lose billions of dollars to cybercrime each year, and their home-grown criminals supply Trojans and other types of malware (malicious computer programs), stolen e-mail accounts and passwords, and other private information to criminal clients around the world. According to a report by Kaspersky Labs, Brazil was ranked the most dangerous country for financial attacks in 2014, and the Brazilian ChePro Trojans were ranked the second-most-widespread malicious program after ZeuS. Both of these Trojans target system information, online credentials, and banking details. These are also customizable tools that can gather any sort of information the thief wishes.
The vast resources available on the Dark Web and the loose laws for prosecuting cybercrimes in Brazil make it a hacker’s paradise. Brazilian cybercriminals aren’t as organized as their counterparts in the former Soviet states and don’t need to use complex malware and strategies since their main targets are companies within their own borders, that lack sophisticated defenses. According to an investigative report carried out by the RSA research group, the equivalent of about $3.75 billion has been hacked from the Boleto Bancário, a payment method managed by the Brazilian Federation of Banks, since 2012. This one attack amounted to over 495,000 transactions involving 30 banks and impacting more than 192,000 victims.
The former Soviet bloc shares some superficial similarities to Brazil in terms of the number of dangerous cyberattacks committed by its criminals, but its scofflaws can be much more sophisticated. They tend to operate in disciplined networks on a larger, international scale.
Because of Russia’s close relationships with former Soviet states and the abundance of unemployed Russian-speaking computer experts in these areas, cybercriminals can operate internationally in these countries. This helps them hide their identities and avoid extraditions. They often openly advertise thinly-disguised criminal jobs in countries such as Belarus and Ukraine and use the new “employees” for low-level coding and as money mules. Unlike the Brazilians, cybercriminals in Russia and the other former Soviet states share a code of conduct — Bор в зако́не, or “thieves in law” — that dates back to the Gulags of Soviet Russia.
Russian-speaking cybercriminals are often involved in big picture cybercrime — things like manipulating currency, stealing money over several years, and transnational schemes. In 2015, such cybercriminals developed and deployed a computer virus known as the “Corkow Trojan” to infect Kazan-based Energobank and place more than $500 million in orders at non-market rates. The complex, focused malware was able to penetrate the defenses of the Russian regional bank and move the ruble-dollar rate an astounding 15% in mere minutes, according to a Moscow-based cybersecurity firm hired to investigate the attack. There is also evidence that a group of about 20 Russian-speaking hackers has fleeced over $1 billion from global bank accounts in the past three years.
Learning from attacks like these is important not only for security outfits but also for companies’ chief security officers and in-house security teams. Boards should also understand and be kept informed of the nature and source of cyberrisks.
All business suffering from cybercrime need to conduct a thorough examination of how their systems are being infiltrated. By collecting data on the characteristics of, say, the viruses or malware being used, it will be easier to deduce who is conducting the attacks and what their resources are.
But proactive cybersecurity means going beyond standard cataloging of viruses and malware. Security specialists need to start collecting data on recent attacks on similar industries, when they occurred, which criminal group launched them, the methods that others used to defend themselves against them, and the prices that stolen information from their industry is fetching on the Dark Web. This information will help companies understand who the criminals that might target them are, what they are attacking, and how they are evolving.
They can work with security firms, law enforcement agencies, and universities to get this information. But since the criminals have become increasingly specialized and focused, companies need to have advice tailored to their specific business. They might even consider hiring and training social scientists to help them develop behavioral insights.
Big and medium-size organizations also should develop more sophisticated cyber-emergency response teams (CERTs) to handle emerging threats. Many governments looking to strengthen their nation’s cybersecurity are developing CERTs and can offer excellent models and ideas about defense.
Finally, business leaders should not simply delegate the cybercrime challenge to security professionals. It should be treated as the problem of everybody in the organization. A well-thought-strategy should be designed and implemented that takes into account the huge insider threat, and a safety culture that make everyone responsible for cyberdefense should be nurtured.
Cybercriminals are diverse and constantly changing. Only a comprehensive effort can anticipate and thwart their attacks.