Lithuania has applied to host the European Cyber Security Competence Center, which is designed to develop technologies and develop protective measures. The Raimundas Karoblis, the Minister of National Defense of the Baltic Republic, openly links the request for its creation with the "Russian threat".The vulnerability of NATO's "eastern flank" continues to worry European countries, which believe that after the protests in Belarus, the issue of Russia's influence is more acute.

Lithuania will compete for hosting the institution with Belgium, Germany, Luxembourg, Poland, Romania and Spain.

Ministry of Defense of the Baltic Republic draws attention to the activity of China and Russia, which are often associated with the hacker threat.

The Minister of Defense claims that "Russian cyber attacks happen quite often," although at the same time he makes a reservation: it is very difficult to formally establish the "authorship" of hacker attacks.

According to him, this is accompanied by information campaigns. It is likely that the work of the European Cybersecurity Competence Center will also be aimed at countering those information messages that will be considered propaganda in Vilnius. By the way, Lithuania offers to place the institution itself in the Vilnius TV tower.

It is worth noting that in January, the Prime Minister of the Republic Saulius Skvernialis called Lithuania "a leader in the field of information security". According to him, this area is a priority for the Baltic Republic.

In addition, Lithuania ranked fourth in the Global Cybersecurity Index (GCI) with a score of 0.908 points. The rating was led by the United Kingdom, which scored 0.931 points. The second and third places are occupied by the United States (0.926) and France (0.918). The top five is completed by Estonia, whose security level was estimated at 0.905 points.

Lithuanian authorities often claim cyber attacks and "Russian interference” without providing any evidence of the "guilt" of the Russian side. Moscow denied all such accusations and stressed that they were "absolutely unfounded".

However, Lithuania is currently concerned about military activity near its borders, which, according to its estimates, has increased against the background of the Belarusian events.

Microsoft on Monday claimed that Vietnamese government-backed hackers have been behind the cryptocurrency-mining malware campaign.

Anton Kardanov, head of the information security sector at AT Consulting, warned that motion recognition systems can be used by cybercriminals to steal the personal data of users during video conferences. According to him, a special algorithm can read the movement of hands over the keyboard if they fall into the field of view of the camera, which poses risks to the user's privacy.

“The Artificial intelligence (AI) algorithm with high precision can restore the typed text if the video shows the movement of the arms and shoulders," said Mr. Kardanov.

It is reported that the program first removes the background and turns the image into gray tones, and then focuses on the hands — as a result, the algorithm leaves only the contours of the hands and shoulders and monitors their movements. They are used to restore the text typed on the keyboard.

Thus, an attacker can recognize passwords, passport data, Bank card numbers, and other information that the user types on the keyboard during a video call.

Meanwhile, Maxim Smirnov, commercial Director of IVA Technologies, believes that visual recognition of hand movements and, in particular, text typed on the keyboard is quite realistic, but developers will have to work hard on the quality and accuracy of the technology, which is not an easy task.

"Remote work and video conferences are our new reality, as well as new opportunities for fraudsters and new threats to users", said Sergey Zabula, head of the group of system engineers for working with partners, Check Point Software Technologies in Russia.

Earlier, Group-IB also reported possible attacks using motion recognition technology. According to the company, you can protect yourself from scammers by hiding important information from the camera's field of view.

According to the Vice-President of the Association of Banks of Russia Alexey Voilukov, information processing can take several hours or even days, while a fraudster can withdraw money from the card within an hour.

President of the Association of Banks of Russia Georgy Luntovsky sent a letter to Vadim Uvarov, Director of the Information Security Department of the Bank of Russia, with a proposal to organize direct interaction between market participants in order to exchange data on suspicious transactions.

Now financial organizations use an automated system to inform the Regulator about all operations that have signs of being performed without the knowledge of customers. Then the Regulator accumulates all the collected data about attacks and returns them to banks in a consolidated form. According to Alexey Voilukov, information processing can take several hours or even days, while a fraudster can withdraw money from the card to which they were withdrawn within an hour. 

Mr. Voilukov noted that the creation of a centralized mechanism will speed up the exchange of information by about five times, and the time for providing information in some cases will be reduced to 20-30 minutes.

"For example, several people complained to the Bank about unauthorized transfers within an hour. It detects a fraudulent account and promptly sends information about it to the organizations from which the money was transferred. With a quick response, there is a chance to prevent theft," he explained Mr. Voilukov. According to him, this scheme of work will allow us to fight against fraudsters who work using social engineering methods.

The Central Bank told that they will study the proposals. VTB, MKB, Rosbank and Tinkoff support the Association of Banks of Russia initiative. VTB added that the system for exchanging information on incidents needs to be improved, as this will speed up and automate the processes of the rapid response of banks to fraudulent attacks.

 Attackers call a potential victim and offer to install an app on their phone that "reliably protects money from theft." And then, with the help of this app, they steal the money from the card or get a loan on behalf of the victim.

According to Sergey Sherstobitov, head of the Angara information security integrator, fraud is committed using a malicious program that can intercept passwords when they are activated in banking applications. Then, with their help, the attackers can easily transfer funds to another account.

Dmitry Kuznetsov, head of methodology and standardization at Positive Technologies, warns that Bank employees never ask customers for card or account details.

The police do not exclude that such fraud may be widespread and asks Russians to remain vigilant.

According to the Central Bank, the activity of telephone scammers increased four times in the first six months of this year. In total, the regulator recorded more than 360 thousand unauthorized transactions with funds of Russians for a total of about 4 billion rubles ($51,8 million). Banks returned about 485 million rubles ($6 million) of stolen money to their clients.

The low percentage of refunds from the Bank is due to the fact that people, in fact, become victims of their own free will. After all, the client signs an agreement with the Bank that prohibits the transfer of confidential information about the Bank card to third parties, said lawyer Yakovlev.

However, it should be noted that the data of clients of Russian banks has risen in price on DarkNet. Ashot Hovhannisyan, the founder of the DLBI DarkNet search and monitoring service, explains that the increase in the cost of such services indicates a decrease in the number of offers on the market. This, in turn, means that credit institutions reduce the chances of hackers to steal data and increase security.

In recent months, there has been an exponential surge in malware attacks. According to the checkpoint, the last quarter itself has seen an increase of 50% in malware attacks. “In the last 3 months, there has been a 50% increase in the daily average of attacks, compared to the first half of 2020. US ransomware and malware attacks doubled (~98% increase) in the last 3 months, making it the #1 most targeted country for ransomware, followed by India, Sri Lanka, Russia, and Turke”, reports checkpoint. 

So, ehackingnews did some research into cybersecurity products for email and phishing malware as well as file protection, and one company stood out with their promising technology and competent product- Odix and their patented Content Disarm and Reconstruction (CDR) tech.

The recruiting agency HeadHunter confirmed the growing demand for specialists in the field of cybersecurity, the number of vacancies for such specialists in Russia is growing at a double-digit rate. If for the whole of 2018 more than 17 thousand of them were opened, then from January to October 2020 - almost 30 thousand.

Natalia Golovanova, head of the SuperJob research center, notes that specialists and managers in the field of information security are most in-demand today in IT and financial companies. “Now the competition in this segment of the labor market is only 2.5 CVs per vacancy, which indicates a lack of specialists and a low level of competition,” she said.

Next year, Golovanova expects "a smooth increase in demand for specialists in the field of information security”.

It is worth noting that the average market salary of information security specialists is now 150 thousand rubles ($1,800) in Moscow, and 130 thousand rubles ($1,600) in St. Petersburg, and 320 thousand ($4,000) and 300 thousand rubles ($3,700) for information security directors.

Oleg Sedov, Director of Development for the Cybersecurity for the Population business at Rostelecom-Solar, confirms that the demand for information security specialists is significantly higher than the supply. "The problem of personnel is manifested not only in the shortage of employees but also in the lack of qualified specialists,” said Sedov.

According to a study by the consulting company PwC, more than half (52%) of Russian companies plan to increase spending on information security in 2021, and 42% of organizations intend to increase the number of employees employed in this area.

For example, PwC estimates that more than 3.5 million new cybersecurity jobs will be opened worldwide in 2021.

The study was conducted based on the results of a survey of more than three thousand managers of companies, technology and information security departments in various industries.

On September 25, Vladimir Putin invited the US authorities to resume cooperation in the field of international information security, which began in 2013 but was frozen due to disagreements over Ukraine and Russia's alleged interference in the 2016 US presidential election.

The President of the Russian Federation then stated that the dialogue in the cyber sphere should not be a "hostage" of political disputes, and proposed a four-point program for restoring cooperation.

In a statement, the Russian President said that "the risk of a large-scale confrontation in the digital sphere is one of the main strategic challenges of our time." "Special responsibility" for preventing cyberwarfare lies, as the Kremlin said, "on key players in the field of international information security," that is, primarily on Russia and the United States.

On October 7, in an interview with the Russia TV channel, Vladimir Putin complained that there was no response to his proposal from the United States. "Unfortunately, as with a number of our other initiatives, there is no response to this, I believe, very important topic, although there are continuing complaints against us about our hyperactivity in the information sphere, interference in elections there, and so on, which have absolutely no basis,” said Mr. Putin.

Russia intends to sharply increase the cost of information security, and mainly on cryptography, and not on personal data protection

According to the published draft of the Federal budget for the next three years, it was decided to increase the expenditures on information security in the amount of 2 billion rubles (25 million dollars) initially laid down for 2022–2023 to 16 billion rubles (204 million dollars). This is the most significant increase in the budget in comparison with other Federal projects included in the Digital Economy direction.

The authorities plan to pay the greatest attention to the development of domestic cryptography, the functioning of cyber polygons, filtering Internet traffic and countering computer attacks. At the same time, the creation and operation of the national center for the introduction of modern cryptography methods can take over more than half of the total budget of the Federal project.

Budget money should also be used to analyze the security of state systems. However, the largest expenditures are allocated for the technical implementation of various project areas: equipment, specialized software, and staffing and production support.

The disadvantage of the project is the lack of measures aimed at preventing data leaks and protecting the personal information of Russians. Analysts pointed out that it would be logical to allocate part of the funds to system security in matters of interaction between the state and citizens on digital platforms. In addition, according to market participants, specialized education and training of qualified specialists receive insufficient funding.

Ivan Mershkov, technical Director of NGRSOFTLAB, said that it is critically important to envisage measures to increase digital literacy among the population. The number of phishing attacks shows explosive growth, which will only increase with the increase in digital consumption.

Nevertheless, the increase in funding for this federal project was seen as a good sign, indicating that the issue of cybersecurity is coming to the fore in Russia.

 Smart watches, which are gaining popularity among Russians, are among the Internet of things (IoT) devices, which means that by hacking them, an attacker can get confidential user information, listen to their conversations and track their movement, said Ilyas Kireev, a leading promotion Manager at Crosstech Solutions Group.

According to him, the main problem of IoT devices is weak security mechanisms. The small product lifecycle means that there are no regular security updates and the device may have dangerous vulnerabilities.

"Vulnerabilities in IoT devices create favorable conditions for hackers to create large-scale botnets like Mirai and the most powerful DDoS attacks on the Internet," said he.

"Data can leak both via the Internet and via Bluetooth. Critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gain full control over the device's system, as well as carry out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data," added Mr. Kireev.

"An attacker can find out the PIN code from your card, passwords, your daily routine, and much more, which will give them full control over all your operations. For example, if a smart watch manufacturer uses centralized systems for storing and processing data, then one attack is enough to get all the data of customers," warned the expert.

According to Mr. Kireev, to protect yourself and your loved ones, you need to constantly update the software, not enter the CVV of bank cards and control the information transmitted.

It is interesting to note that lawmakers around the world have long expressed their concerns about the fact that smart watches can act as a spy that is always on the wrist. So, the German Federal Network Agency, which regulates the telecom industry, introduced a ban on the sale of smartwatches for children back in 2017. The agency said that devices with a built-in tracking function violate German law.