Russian e-crime tools and services are getting cheaper, and the black market that supports them is becoming more diverse, according to research by IT security company Trend Micro.
Overall, the range of Russian cyber tools and services on offer are becoming cheaper, Trend Micro senior threat researcher Max Goncharov told SC Magazine UK on Wednesday. For example, the average price of a distributed denial-of-service attack (DDoS) has gone from US$50-80 per day in 2011 to $30-70 per day in 2012. Stolen credit card details are also cheaper.
Average prices are probably going down due to more efficient technologies in the hands of criminals, continuing insecurities in software, and lack of general consumer security, said Goncharov.
"Technologies are getting faster, software [security] is not really getting better, and consumers still rely on luck," said Goncharov.
Some services, such as malware programming and cryptography, have stayed at the same price, said Goncharov.
The Russian black cyber market is becoming more organised, and the ecosystem that supports it more diverse. Trend Micro is tracking more than 80 Russian-speaking e-crime forums, and increasingly communications are initiated on forums which then move to encrypted VPN (virtual private network).
More individualised, specialised services are emerging, such as file crypting services, which conceal infected files or malware from security software. Some groups specialise in preparing phishing and web scamming resources for sale, and others will prepare drop files for use in exploit kits, for example.
The range of Russian e-crime products and services includes dedicated servers, proxy servers, VPN services, social engineering services and hacking services, according to a Trend Micro report published on Tuesday.
Despite a trend towards specialisation, some groups still run several areas of a malware business to keep costs down and retain control of their products, Goncharov added.