Search This Blog

Showing posts with label Russia. Show all posts

More than half of Russian companies are concerned about the protection of personal data of employees and customers


The antivirus company ESET studied the state of information security in the Russian business sector, interviewing dozens of IT Directors and business owners. According to ESET research, different types of cyber threats affected 90% of Russian businesses. 60% of Russian IT managers are seriously concerned about the safety of personal data.

"The discontinuation of Windows 7 will play a role. Many Russian companies, despite the risks, will continue to use the operating system in the workplace. This will increase the risk of infection with new viruses, compromise and loss of corporate data," said the ESET representative. In addition, on January 14, 2020, support for the Windows 2008 and Windows 2008 R2 server systems was completed. They are used by many small and medium businesses. According to Ruslan Suleymanov, the Director of Information Technology Department of ESET Russia, this year, powerful and frequent DDoS attacks on the corporate sector and deepfakes will remain a trend.

Elena Ageeva, a consultant for the Information Security Center Jet Infosystems, notes that the development of cloud technologies will contribute to an increase in the number of attacks on cloud services.

According to InfoWatch, in Russia, ordinary employees have been and remain the main threat to the personal information of company customers. They account for more than 70% of the violations leading to leaks.

Andrey Arsentyev, head of the InfoWatch Analytics and Special projects Department, believes that phishing attacks will be further developed in 2020.

According to Dmitry Stetsenko, the head of the Kaspersky Lab’s group of system architects, attacks, almost undetected by standard antiviruses, through supply chains and BEC (Business Email Compromise) are gaining more and more popularity. After infecting the system, attackers prefer to use legal IT tools to develop attacks, which also complicates data protection.

Yevgeny Gnedin, head of Analytics at Positive Technologies, believes that attacks to steal information will prevail over attacks with the aim of direct financial theft. "Especially if the company does not provide ongoing monitoring of information security events and the investigation of cyber incidents," said the representative of Positive Technologies.

Russian experts warn the danger of charging the phone in public places


The number of charging stations at airports, bus stops, metro stations and other public places in Russia has been growing rapidly in recent years. However, using such USB-inputs is not safe because attackers can access data stored in the phone or download malware through them. Today in Moscow you can charge your gadgets at airports and train stations, in metro trains, buses, at public transport stops, and in shopping and entertainment centers.

According to Sergey Nikitin, Deputy head of Group-IB, standard USB cables contain four wires: two for data transfer and two for charging. The problem is that hackers embed a special device in the charging wire, or add a small computer to the charger itself. When people connect a gadget to charge, they connect it to some other device.

"Attackers can thus gain access to your device," said the expert. Nikitin gave an example of one of these attacks: a small computer sends malicious code to the gadget, runs it, and so the hacker gains access to the data of the smartphone. An expert at Jet Infosystems Georgy Starostin noted that cybercriminals can download photos from victim's phones for blackmail or infect the device with a virus.

According to him, charging stations in public places carry other risks, the company providing the service can also install additional equipment. According to him, this way it will collect user data for further analysis and sale to advertisers.

The Avast press service said that information is transferred via USB ports in the same way as to the computer. If there are any vulnerabilities in the USB phone software, hackers can gain full control of the connected phone.

Experts advised users to try to avoid charging stations in public places. Avast offered to buy a portable power supply for charging the gadget or USB cables in which the data wires are removed.

The Russian Embassy in Sweden responded to the Swedish Minister's statement about "Russian trolls"


The Russian Embassy in Sweden reacted to an interview with Swedish Minister of Energy and Information Technology Anders Igeman to the TT Agency, in which he said that "Russian trolls" who are opponents of 5G technology attacked his Facebook.

Russia is open for cooperation with Sweden, especially with those of its representatives who are not looking for "Russian trolls". The embassy of the Russian Federation in Sweden wrote about this on Tuesday on its Facebook page.

"We would like to assure the Minister of the fallacy of his opinion that the development of 5G technology in our country is associated with a negative impact on public health. On the contrary, we are open to cooperation with Swedish partners in this area, especially with those who do not suffer, as Anders Igeman, from paranoia in search of "Russian trolls"," said the Embassy.

Anders Igeman said on Monday that an information attack was committed on one of his posts on Facebook organized by opponents of the development of the country's fifth generation of mobile communication 5G. Almost 2 thousand comments were left to this message instead of several hundred. As the Minister himself noted, the content of most of the comments suggests that someone is interested in creating a negative information background around the topic of the development of a new generation of communication. Igeman believes that the "Russian trolls" did this.

"We are especially pleased that Anders Igeman connects the increased interest in his publication about 5G with our country. Judging by the scope of the reaction, almost all Russians who speak Swedish responded to the recent post of Minister!", wrote the representatives of the diplomatic mission.

The Embassy promised to subscribe to the updates of the Swedish Minister and to closely monitor his activity in social networks.

At the same time, representatives of the Embassy expressed hope that Sweden will consider Russia not a threat, but a potential partner.

The Internet isolation law will save the Russian Federation from isolation from the World Wide Web


In 2019, Russia took a number of measures to ensure the security of the information sphere, which in recent years has become the main means of foreign intelligence services to spread lies. First Deputy Chairman of the Federation Council Committee on Foreign Affairs Vladimir Dzhabarov noted that Russia should ensure security in the cyber environment to exclude any possibility of using the global Network against the interests of the state.

"Now it is important not just to control, but to understand and prevent any attacks against the government. The upcoming year will be aimed at ensuring security in the field of IT technologies not only in Russia but also around the world," said the Senator.

He explained his point of view on the example of the law on the isolation of the Runet which came into force on November 1, 2019.

Dzhabarov stressed that the document was adopted not to isolate Russia from the World Wide Web, but to protect the Runet from external threats and various technological disasters that could endanger the reliable functioning of Russian life support systems. In other words, to ensure the independence of the Internet in the country.

“If we feel that we are being blocked, we will take retaliatory measures. We have many rivals. First, of course, the NATO countries, because everything depends on security,” the politician concluded.
In addition, there was a bill introduced by members of the Federation Council to the State Duma. The document proposes to block users of e-mail services and messengers that distribute information prohibited by Russian law. Such activities pose a direct threat to society and the state. Vivid examples are social networks such as Facebook and Twitter, which are the main sources of misinformation. The draft law is currently under consideration.

Earlier, the head of the National Values Protection Fund Alexander Malkevich said that Russia needs a cybersecurity strategy, and announced a forecast for the development of this sphere for 2020. He noted that the state has made a big step forward in countering cyber attacks, but there is still much to do. In his opinion, all the relevant structures should unite to repel any attacks on the cyber borders of the Russian Federation.

The Russian President created a new Department for information security


Russian President Vladimir Putin signed a decree increasing the number of departments of the Ministry of Foreign Affairs of Russia from 41 to 42.  According to the Facebook page of the Department, the new 42nd Department of the Russian Foreign Ministry will deal with international information security, including the fight against the use of information technologies for military-political, terrorist and other criminal purposes.

The decree came into force on December 27, 2019.  The number of employees of the Central office of the Russian Foreign Ministry increased from 3,358 people to 3,391 people. The decree establishes a staff payroll for a year in the amount of 3,521,914.7 thousand rubles ($57,000).

Employees of the Department will have to propose measures to improve legislation to make it easier to cooperate with other countries and international organizations on the topic of information security.

"The main idea of the department is the development of generally accepted rules for conducting a cyber environment and for a collective response to challenges,” said Maria Zakharova, an official representative of the Russian Foreign Ministry.

Earlier, at the end of 2018, the Permanent Representative of Russia in Vienna, Mikhail Ulyanov, announced that a new information security division would appear in the structure of the Ministry of Foreign Affairs. He noted that the decision was made due to the fact that information threats have recently become more relevant.

Recall that on December 28, it became known that the UN General Assembly adopted a resolution proposed by Russia to combat cybercrime.  The US did not support the initiative, considering the document redundant, as there is already an agreement on cybercrime, it's the Budapest Convention

The American side believes that the resolution is beneficial to Russia to create the necessary "type of control over the Internet space."

The Russian Foreign Ministry called the adopted resolution a new page in the history of the fight against cybercrime, stressing that the document actually secured the digital sovereignty of States over their information space.

Kremlin commented on the plans of the US cyber command


Member of the State Duma Committee on International Affairs, Elena Panina, considers the tactics of countering possible "interference in elections", which the US cyber command is developing, as direct aggression against Russia.

Earlier, the Washington Post reported that the US cyber command is developing information warfare tactics against high-ranking Russian officials and businessmen in case Moscow tries to interfere in the 2020 elections. The goal of the cyber command may be representatives of the Russian elite.

"Attempts by the American side to present these plans as "defensive", as a possible response to the case of "interference in the American elections" look ridiculous. In fact, we are talking about the threat of direct aggression against Russia in the information space," said Panina.
According to her, the cynical nature of these actions is manifested in the fact that the United States decided to publicly blackmail Russian political and business elites, threatening to hack e-mail and invade personal space.

She believes that the purpose of public disclosure of such plans is an attempt to intimidate the Russian political class. "Such actions are more typical for a criminal group than for a legal State," stated Panina.

In addition, a member of the Federation Council Committee on Foreign Affairs, Sergei Tsekov, stated that there is nothing original in the published plans for conducting an information war.

"The United States is always waging an information war against Russia. This is the meaning of life for the American community. So there is nothing original in this statement. As for countering Russian" interference " in the elections, the Americans have already achieved a 100% effect. Russia has never interfered in the election process and is not going to," said he.

The Senator also expressed the opinion that the effect of any American tactics of conducting an information war against Russia "will be very weak".

"Russian society is consolidated and understands very well the nature and mentality of the American community. So we do not give in to any propaganda on their part," concluded Tsekov.

Recall that US intelligence agencies accused Russia of interfering in the election campaign before the 2016 presidential election. Later, a commission was formed to investigate these circumstances, led by special prosecutor Robert Muller, the former head of the FBI. 

90% of Russian entrepreneurs faced external cyber threats, says ESET


The antivirus company ESET conducted a comprehensive study on the state of information security in Russian companies, interviewing dozens of IT Directors and business owners.
According to the study, 90% of Russian companies faced external cyber threats and about 50% faced internal ones. Among external cyber threats spam (65%), malware (47%) and encryptors (35%) are leading.

The distribution of malicious software is closely linked to the activity of spammers and phishers who seek to lull the employee's vigilance and force him to follow a malicious link or download a dangerous file. At the same time, many respondents noted that often viruses, Trojans and other malware got on devices because of the human factor - employees used unverified external drives or installed unwanted software.

In addition, 7% of respondents experienced the loss of corporate smartphones, tablets or laptops with confidential information by employees.
It is worth noting that specialists from the CIS often face internal problems of information security. At the same time, Russian companies often had to repel more serious threats: DDoS attacks, phishing, encryptors.

Every fifth Russian company suffered from accidental data leaks due to a lack of knowledge of the security rules for employees working with confidential information. At the same time, Russian IT managers are concerned about the protection of personal data of employees (60%), which is also due to the tightening of the relevant norms of Russian law.

90% of respondents reported that they use anti-virus solutions, 45% control the work with external drives, 26% implement financial protection systems and 28% fight against DDoS attacks. In addition, managers are increasingly turning to third-party companies for audits to ensure information security (15%). At the moment, according to experts, outsourcing security is one of the trends in cybersecurity.

At the end of 2019, 5% of Russian companies are not satisfied with the state of information security and would like to increase the budget. Moreover, with the growth of the number of computers, the level of dissatisfaction and the desire to increase the budget for information security are growing.

Russians learned to circumvent the ban on anonymity in the Network


Russians learned to circumvent the ban on anonymity on the Internet using online services. Services give the customer a phone number for rent for a small amount for a few hours.

Information security experts found that the requirement of mandatory identification of users of messengers by phone number provoked the growth of anonymous verification services. Such resources can be used to spread malicious software or other fraud.

According to the technical Director of Qrator Labs Artem Gavrichenkov, such services provide users with mobile numbers for rent, among them, for example, sms-reg.com, getsms.online, smska.net, simsms.org and others. It costs from 3 to 300 rubles ($0.04 - 5), the rental period is from 20 minutes to several hours. Anonymous verification is available for Mail.ru, Vkontakte, Odnoklassniki, Avito, Yula, WhatsApp, Viber, Telegram, Facebook, Twitter, Yandex, Badoo, Mamba and others.

According to the expert, mobile operators of different countries use services, but judging by the errors in the English version of the sites, the services are aimed at a Russian-speaking audience.

Gavrichenkov is sure that the rented numbers can also be used to distribute illegal content or sell drugs on social networks and messengers.

"The services exploit gaps in government-approved rules for identifying users of instant messengers and social networks by phone number", said Mr. Gavrichenkov. Recall that on May 5, a government decree on the obligation of the owners of Messengers to identify the users of their resources by telephone number came into force in Russia.

The use of anonymous numbers can lead to increased fraud. So, using the generated accounts, anonymous users can make fake likes at posts to lure other users. Most often it is the posts that sell non-existent goods. The situation is the same with malicious applications.

To block all numbers of anonymous Internet portals it is not possible as their list is very quickly updated.

Russian quality system made recommendations for the safe use of IP cameras


The Russian Quality System study says that wireless IP cameras that are used at home, in cafes and other public places can be hacked by attackers to obtain confidential data.

The organization found that cameras have many vulnerabilities, as well as other devices that connect to the Network, for example, smart refrigerators, coffee makers. Specialists of the Russian quality system reported numerous cases in which personal data fall into the hands of hackers due to the hacked Wi-Fi cameras. Hackers can connect to the cameras of a cafe or restaurant and see the victim’s keyboard and their passwords.

In addition, there was a case of hacking the casino’s Wi-Fi cameras when any person with sufficient technical skills could connect to them and observe the casino’s work from the inside, seeing people’s cards.

The vulnerability of wireless cameras is associated with the quality of software that manufacturers save on and the lack of data encryption. In addition, cameras are often managed from accounts for developers who use standard logins and passwords.

Often, the owners of the cameras themselves do not change the data for connecting to the camera, leaving the default passwords and thereby simplifying access to it.

"The cameras are often not thought out in terms of security, so it’s unlikely that they can completely protect themselves from hacking," said the hacker, who wished to remain incognito.

To reduce the risk of hacking IP cameras, the Russian quality system is advised not to save on them and buy cameras with data encryption. It is worth paying attention to the websites of manufacturers, as it is important that the camera model is supported at the moment. The page to which the recording from the camera is broadcast must be protected by the HTTPS protocol.

Experts also advise changing standard passwords, making them complex and limiting the number of devices from which you can connect to the camera.

Insider Threat : Employees of Russian banks are massively recruited to get data


In Russia, there are 73 services that recruit insiders in Russian banks. This information was shared by Darknet researcher Anton Staver.

"Many groups providing such services is due to the amount of work that falls on them," explained Staver. According to the researcher, services that recruit Bank employees receive up to 50 orders a day, which is enough for the existence of an entire industry.

The expert said that customers of such data are usually competitors of banks, jealous spouses of customers, as well as hackers and scammers. Scammers often asked to choose a list of victims with the big account balance. At the same time, according to Staver, recruitment is most often “carried out by specialized structures”.

The expert noted that recruiters receive from customers about 15 thousand rubles ($240) for one employee of the Bank. During the work, the recruiter receives the search criteria, after which the client receives the contacts of the necessary person in Telegram or Jabber. It takes about 5-7 days to search for an insider.

Pavel Krylov, who runs a company specializing in the investigation of cybercrime, agrees with the research data. "Fraudulent schemes using personal data are now successful and effective, so attackers are actively looking for insiders in banks," said the expert. He also noted that various criminal groups taking advantage of theft and withdrawal options use schemes with recruitment for monetization.

The cost of recruitment ranges from 7 thousand to 100 thousand rubles ($112-$1600) and depends on the complexity of the task. If the security service of the Bank works effectively, the price will be much higher. Employees are usually hired through social networks, instant messengers, personal contacts, LinkedIn.

Hackers using government websites of Russian Federation for mining


Cybercriminals used to generate cryptocurrencies not only computers of ordinary Internet users but also the resources of large companies, as well as the websites of government agencies of the Russian Federation. This was announced at a press conference on Monday by Nikolai Murashov, the Deputy Director of the National Coordination Center for Computer Incidents (NCCCI).

"Cases of cryptocurrency mining with the help of infected information resources of state organizations have been identified. In this case, attackers infect web pages, and mining is carried out at the moment they are viewed pages in the browser,” said Murashov.

He noted that the cost of most virtual coins is very high, so there are a lot of people who want to earn money easily. "Up to 80% of the free power of a computer can be used to generate virtual coins, and the legal user may not even know about it," said the Deputy head of the NCCCI. He noted that the seizure of servers of large companies for mining purposes threatens to significantly reduce their productivity and significant damage to the business.

Murashov at a press conference also said that in 2019, about 12 thousand "foreign information resources were blocked, which were used by attackers to damage our country."  In addition, according to him, in the Russian Federation at the request of foreign partners in the current year, the activities of more than 6 thousand malicious resources were stopped.

According to Murashov, users should pay attention to the security of their computers to counter such attacks. The fact of infection with malicious software should serve as a signal that the computer is poorly protected and can become a victim of any attackers.

Murashov noted that two Russian citizens were prosecuted for mining cryptocurrencies through infected computers of organizations.

"In Russia recently there were two cases of criminal prosecution of persons who used seized computers for mining cryptocurrencies," said he.

One of them is a resident of Kurgan, who used almost an entire bot network in various regions of the country. In the second case, a criminal case was initiated on the fact of using the site of company Rostovvodokanal for mining.

Russian Telegram Accounts Hacked by Intercepting One Time Password (OTP)


According to a firm Group-IB, in the last few weeks a dozen Russian entrepreneurs saw their Telegram accounts hacked. And what's disturbing is the way these accounts were accessed. The attackers intercepted the codes used to authenticate user and give access.

A Telegram App logo in QR code

 How the attackers gained access?

In normal procedure, whenever someone logs into Telegram using a different device, a one-time password (OTP), is texted to them and the user can log into their account using this secret code. Now, these hackers managed to access this one-time secret code and snooped on Telegram chats of various users.

Dmitry Rodin, one of the victims of this attack, runs a coding school in Russia. He told the media, he was given a warning by telegram, that someone is trying to access his account. He ignored the notification but another notification came saying some has successfully logged in from Samara, Russia, he immediately terminated all active sessions except for his.

Like Group-IB, he also believes that there was a problem with the telecom operators or his phone was hacked and not the messaging app Telegram. “Perhaps someone logged into my account by intercepting the SMS, which suggests that there might be a problem on the side of the telecom operator,” he said. “This means that other accounts using SMS as an authentication factor are also threatened.” 13 such cases have been reported so far.

"However, this number is likely to increase since we are speaking about a new threat, which has just started spreading,” a company spokesperson said.

 Is SS7 being abused?

The most worrying part is that One-time password (OTP) were hacked, if this hypothesis is indeed true then we are looking at a very big security threat as this technology is used in many log-ins and financial transactions. Another hypothesis is that victim's devices were hacked and the attackers were spying on their messages but Group-IB found no traces of such activity on the victims' phones. And thus Group-IB is tilting towards a mobile network SS7, that's being abused.

Forbes reported, "Think of SS7 as the part of telecom infrastructure that deals with shifting users between networks as they travel abroad. It also manages the changes in charges when traversing different nations’ networks. But in recent years, hackers have learned that if they can get leverage on that network they can silently intercept text messages. Previously, such attacks have been used in bank account breaches and by surveillance companies."

Now, this same network could be used for hacking Telegram accounts.

 Selling access to accounts on the dark web 

Group-IB also suspects that access to these accounts is being sold on the dark web-based Hydra forum for 3,900$ as well as selling access to WhatsApp messages and user info. Now, they think that these could be linked.

“What made us think that the attacks might have something in common with these advertisements is the fact that the incidents coincided with the time the posts were published,” the company spokesperson added.“But we cannot rule out that there are far more connections between these  two events, which is yet to be established in the course of an investigation.”

Hackers steal money from cards through the Uber and VTB applications


A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.

At first, the woman was charged 2 rubles from the card, it looked like a standard check of the solvency of Uber customer, especially since the money immediately returned to the account.

However, immediately after this, 2829 rubles were debited from the card. The app’s notification said it was Uber service fee that Anna hadn’t actually used since she was sleeping.
Then notifications, according to the tourist, began to come one after another. After 22 minutes, when she woke up, the girl blocked her card, but by that time the cost of four more trips that she had not made was debited from the card.

Unknown stole from Kozlova 14 118 rubles and did not stop trying to withdraw money from her account even after blocking the card. It is curious that all write-offs were allegedly made by the international service Uber, which in Russia was merged with Yandex.Taxi.

When Anna contacted the support team of this company, the staff could not give her information about the write-offs. The VTB support service clarified that the last write-offs were made from Moscow, and then Anna appealed to Uber Russia.

The Russian company Kozlova explained that if she did not use a taxi, it means that someone received the data of her Bankcard, including CCV code, and used it for payment.
Kaspersky Lab experts explained that fraud schemes through taxi services are no longer uncommon.

According to them, there are channels in the messengers where you can order a taxi at a great discount. The scheme looks something like this: the passenger sends a message to such a channel indicating the details of the trip, and the attacker calls a taxi using the stolen account.

After completing the trip, the driver receives money from the owner of the stolen account, and the passenger transfers the money directly to the attacker. In order to remain unnoticed for as long as possible, attackers can track the owner of a hacked account on social networks and organize such trips at night when it is likely that a person is sleeping, or during the victim’s travel abroad.

The Kremlin opposed cross-border persecution of Russians in the United States


Dmitry Peskov, the Press Secretary for the President of Russia, commenting on the largest award in history appointed for Russian hacker Maxim Yakubets, said that Moscow opposes cross-border persecution of Russians by the American authorities. The State Department announced awards of $5 million for information that would help detain the Russian Maxim Yakubets. American authorities consider this citizen of the Russian Federation the leader of the hacker group Evil Corp.

"The Russian side has repeatedly offered cooperation [in the fight against cybercrime], and our proposals were undesirable and misunderstood," said the Kremlin representative.

According to Peskov, Moscow considers crimes in the cybersphere very serious, the people who committed them should bear the deserved punishment.

"We traditionally advocate for cooperation in the investigation of such crimes and the capture of criminals, but in this case, we can't speak about cooperation, this is not our fault," said the representative of the Kremlin.

On December 5, the US State Department announced its readiness to pay $5 million for information that will help detain the alleged leader of the hacker group Evil Corp (also known as the Dridex Gang) Maxim Yakubets. This award was the largest in history of all that has ever been nominated for the head of a cybercriminal. Earlier, another Russian Evgeny Bogachev was the “leader” in this indicator, for whom in 2015 a prize of $3 million was offered.

Us and UK authorities accuse Yakubets of leading a group of hackers who stole more than $100 million. According to the US Treasury, Evil Corp is responsible for the development and distribution of the malware Dridex, used to infect the computers of 300 banks and financial companies in more than 40 countries.

According to Washington, Yakubets also provided direct assistance to the Russian government. The US Treasury Department claims that Yakubets worked for the FSB of Russia in 2017, and in April 2018 was allegedly in the process of obtaining permission from the FSB to work with Russian secret documents.

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

Rostelecom to setup honeypot to deal with hackers


The largest Russian provider of digital services and services Rostelecom offered telecom operators to set traps for hackers - honeypots.

The concept of creating a new cyberattack warning system was presented at a meeting of the Information Security working group as part of the Digital Economy national project.

It is known that we are talking about creating special software that will simulate the vulnerability of the server, seeing which hackers try to hack the network of companies. At this time, the program will record all the actions of the attacker and send them to specialists. Experts of Rostelecom are sure that in this way it will be possible to collect information about new methods of hacking.

Operators must set these traps themselves and exchange data with other companies. At the same time, Rostelecom's concept does not imply state financing of the project, and the company does not specify the cost of the entire system.

According to the head of the Russian research center Kaspersky Lab Yuri Namestnikov, businessmen will incur minor expenses. Basically, the money will be used to select specialists and improve servers and security.

IT-experts call telecom operators one of the most interested users of honeypots.  Positive Technologies expert Dmitry Kasymov said that telecom operator can’t be called secure in principle. "During the conduction security audits, we identify many vulnerabilities that allow attackers to leave subscribers without communication, listen to their conversations and intercept SMS, use communication services at their expense and even bypass the operator's billing systems.

These security flaws are already being exploited by hackers, even for stealing money from Bank accounts," explained he.

So, many Russian mobile operators supported Rostelecom's initiative to create a system of honeypots, as the infrastructure of these telecommunications companies still suffers from cybercriminals.

However, Kaspersky Lab experts warn that misuse of the honeypot concept can be dangerous. If you do not configure this type of system properly, it can become a source of additional threats to the network infrastructure.

Russian banks discovered a new virus to steal money


From this year, hackers began to use new viruses that can enter the bank’s application on a mobile device and withdraw money from the victim’s account. Two Russian banks have already reported on this type of fraud.

Hackers use a new type of attack for the Android operating system. Fraudsters disguise viruses as applications or distribute them as links. After downloading and installing such a file, the virus begins to perform its functions without the user's knowledge. The programs are able to automatically transfer money from the victim's account to cybercriminals through the available mobile banking application.
Group-IB specialists first discovered such an attack in the spring of 2019. Then the new mobile Trojan Gustuff was modified, which appeared in December 2018 and created by a Russian-speaking hacker. This type of virus, experts noted, threatened only 100 foreign banks.

A new type of Trojan attacked at least two Russian banks in 2019 - Moscow Credit Bank and Post Bank. Representatives of the first noted that there are few cases of theft. The second confirmed one-time problems and talked about preventing fraud.

"From July 2018 to June 2019, hackers were able to steal 110 million rubles (1,7 million $) with the help of Trojans for Android," reported Group-IB.
However, compared to the same period last year, the indicator fell by 43%. It is reported that now hackers have mainly switched to the international market and only in rare cases continue to modify the application to attack the Russians.

According to the representative of Group-IB, the activity of Trojans in Russia decreased after the detention of the owners of the largest Android botnets, as a result of which hackers switched to the international market.

"However, some attackers modify applications and sell Trojans for subsequent attacks on users in Russia. This is a rare practice."

Earlier, the head of the Computer Security Association, Roman Romachev, said that data leaks will continue until banks become responsible for this.

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

Thousands of Russians became victims of the Сryptominer


International antivirus company ESET reported that hundreds of thousands of users in Russia, Belarus, Ukraine and Kazakhstan became victims of the Miner Virus. Specialists could not find a special module for cryptocurrency mining for years.

According to the company ESET, the mining module is distributed by the Stantinko botnet. This is a complex threat, active at least since 2012. The botnet has self-defense mechanisms that allow operators to remain undetected.

Stantinko is most often distributed through torrents and can disguise itself as pirated software. Previously, it was used for advertising fraud schemes: security experts said that over the past five years, the botnet infected more than 500 thousand computers in Russia (46%) and Ukraine (33%).
According to ESET, the crypto mining module is CoinMiner. Stantinko is carefully compiled for the new victim, so it is difficult to detect on the device. It is also able to contact with the mining pool through a proxy, the IP addresses of which are in the description of the videos on YouTube.

It is almost impossible to detect the module on a computer without special security checks. CoinMiner.Stantinko constantly scans the processes running on the PC and shuts down when anti-virus activity is registered.

In the process of mining, a significant part of computer resources is spent. In order not to cause suspicion, the module analyzes the activity and pauses its work, for example, if the device is running on battery power.

The main goal of Stantinko is financial gain. Operators provide false clicks on advertising links: the virus installs two browser extensions (the Safe Surfing and Teddy Protection) for the unauthorized display of advertising, which brings income to operators.

Analysts note that Stantinko allows operators to not only simulate click-throughs on advertising but also to steal data from a computer, to hack control panels using password-guessing attacks for reselling, to create fake accounts, likes on pages and a photo, to fill up the list of friends on Facebook.

ICQ and Signal are the most secure messengers in Russia, says Vladimir Zykov


Vladimir Zykov believes that ICQ messenger is safer than WhatsApp, but this does not solve the problems. iOS and Android operating systems contain many vulnerabilities that are exploited by hackers.

Choosing a messenger for use, Russians are guided mainly by the advice of friends and their own feelings, said Vladimir Zykov, head of the Association of Professional Network Users and Messengers. The expert is sure that ICQ and Signal messengers are the safest in Russia. But few people use them.

In General, any messenger for a smartphone does not guarantee absolute security, because a vulnerable operating system controls the messenger.

"But if you choose secure mobile software, then the probability of hacking, of course, decreases," said the expert.

According to the expert, the situation is due to the fact that most applications run on mobile devices running the operating systems iOS and Android, developed by American companies Apple and Google. Therefore, they have access to Russian accounts.

"That is, in fact, their owners can connect to your phone and calmly watch from the screen everything that you have there," said he.

Earlier, the creator of Telegram and VKontakte Pavel Durov sharply criticized Facebook. The entrepreneur is unhappy with the protection of information in the WhatsApp messenger.
According to Durov, the application is a kind of Trojan that are not connected in any way with the messenger. This is due to the policy of the American company, which deliberately leaves security vulnerabilities.

WhatsApp, at the same time, is one of the most common messengers among Russians. In addition to it, the Viber application is popular. However, as experts say, these services do not really have high security.