The last few weeks have been almost nonstop travel for me, with the Infosecurity Expo, an AMTSO
workshop, and the annual EICAR
conference. Given the amount of work that those events entail, the CARO workshop
constituted something of a holiday: two days where I didn't have to present anything and wasn't involved with the organization. Well, I suppose it's sad to regard presentations on dynamic binary instrumentation and the security implications of the Von Neumann and Harvard architectures as relaxing, but there you go.
The nice thing about my job is that while it's a long time since I did any significant hands-on work myself, I get to work with some amazingly bright people. It's not surprising, given how much cybercrime originates in Eastern Europe, that some of the best counter-threat research also comes out of the region. And while there were plenty of stimulating presentations (unfortunately, the nature of the event means that some presentations may not be made publicly available), I'm delighted that my colleagues Robert Lipovsky, Alexandr Matrosov, along with Dmitry Volkov of Group-IB, have agreed to make a version of their presentation on “Cybercrime in Russia: Trends and issues” available on the ESET white papers page.
So if you were one of the researchers furiously scribbling or typing during the presentation, here's your chance to check your figures. For instance:
- It's estimated that around 19 percent of cybercriminal profit is “earned” by cybercriminals living in Russia (expected to rise by about half a billion dollars in 2011)
- 36 percent of criminal profit is down to Russian-speaking countries
- Attacks on Russian banks more than doubled from 2009 to 2010
But there's much more to the presentation than raw statistics. The presentation looks at four main areas:
- Fraud targeted at Russian banks and payment systems
- SMS fraud using premium numbers (“winlockers”/LockScreen trojans)
- DDoS attacks – Growth in number and in power
- Unauthorized access to sensitive corporate information
It also includes information on malware, like Lockscreen, Sheldor, RDPdoor and Carberp, and some disquieting conclusions on the implications for the rest of the world of the trends observed by researchers from ESET and Group-IB.
*Yes, I know Russian nesting dolls should probably be called Matryoshka dolls rather than Babushka dolls, but I suspect that many people outside Russia probably wouldn't recognize the preferred term.