The Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to Recorded Future.
The firm’s Insikt Group division analyzed detailed threat intelligence gleaned from the cybercrime underground to compile its Annual Payment Fraud Report: 2022.
It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 – to 45.6 million – and a 62% slump in card present records, to 13.8 million.
Recorded Future traced this significant decline to two key events at the start of the year. The first was an unexpected crackdown by the Russian state on cybercrime groups, which included arrests of suspected members of the REvil ransomware collective.
“The governing theory is that Russia sought to signal its intent to cooperate with the West against cybercrime should the West acquiesce to Russian demands regarding Ukraine,” the report claimed.
Whatever its intent, the clampdown had a chilling impact on card fraud from the second half of February to April, including the shuttering of several top-tier carding shops, Recorded Future said.
However, what came next arguably had an even bigger impact.
“After April, slack carding demand and depressed volumes of ‘fresh’ records were likely a result of Russia’s war,” the report continued.
“It is highly likely that the war has significantly impacted Russian and Ukrainian threat actors’ ability to engage in card fraud as a result of mobilization, refugee and voluntary migration, energy instability, inconsistent internet connectivity and deteriorated server infrastructure. Russian-occupied areas of the Donbas region of Ukraine were long suspected to have hosted cyber-criminal server infrastructure.”
As a result, the future of the card fraud market will depend on external events, the report concluded.
“Should Russia’s unprovoked war in Ukraine continue, the factors influencing regional threat actors’ ability to engage in card fraud will likely persist, and threat actors’ ability to engage in card fraud will remain lower than before the war, even as they continue to adapt,” it noted.
“If the war should end, monitoring the region’s post-war economies will be crucial to determine whether the conditions and incentives exist for a renewal – or possibly even an increase – in card fraud activity.”