Looking back, the Russian underground established itself via forums where cybercriminals in need could find whatever they needed to get their enterprises started. The underground is a place where cybercriminals can shop for all kinds of products and services that aid them in crafting and implementing malicious schemes. They no longer need to bother about developing code themselves. The Russian underground was the first market of its kind. It offered crimeware to criminals and established itself via forums sometime in 2004. Over the years, we’ve been tracking how various underground markers are set up across countries while analyzing developments and changes that happen in some of them. Among them, the Russian market still holds the “pioneer” status. The things we see in it often indicate what will happen next in the other markets. To this day, it continues to evolve and thrive despite an evident drop in product and service prices. We’ve exclusively devoted two papers to the Russian underground. In “ Russian Underground 101,“
we provided a general description of the underground market and its actors and hacking activity. Last year, we updated specific market information and highlighted how the substantial price drops we noted in “Russian Underground Revisited“ impacted the security landscape. This latest iteration hopes to describe the Russian underground market’s current setup and point out another significant development— increased professionalization of the crime business. This means largely automated sales processes and significant division of labor. The level of optimization resembles that of a legitimate business having undergone strategy consulting.
