Search This Blog

Showing posts with label Russia. Show all posts

The Public Chamber of the Russian Federation reported a DDoS attack on its website


The website of the Public Chamber (OP) of Russia was attacked by hackers. The site of the project on the fight against fakes at all levels feikam[.]net was also subjected to a DDoS attack. Currently, there is no access to sites, an error appears when trying to access them.

Alexander Malkevich, the head of the expert advisory group of the Public Chamber of Russia on public control of remote electronic voting, said that the attack began after the end of receiving votes from online voters.

In his opinion, the attack is connected with the active work of the Public Chamber of the Russian Federation to expose fakes about the all-Russian vote on amendments to the Constitution.

"In the evening of June 30, after the official end of the online voting process, the website of the Public Chamber of the Russian Federation was attacked by hackers who managed to interrupt its normal operation for a while. This is very similar to the retribution of those who were prevented by members of the Chamber from wreaking havoc during the voting, especially considering that there was the hack of the site http://feikam.net/  at the same time," he noted.

According to Mr. Malkevich, 5 thousand fakes were found on the Internet, and their number has grown several times as the voting began to approach. Earlier, he noted that mostly false information about the amendments to the Constitution is distributed through the media-foreign agents and in social networks.

It's important to note that All-Russian voting began on June 25 throughout Russia and lasted until July 1. On it, citizens were asked whether they approve of the amendments to the Constitution. The "Yes" and "No" options were indicated in the Bulletin. The main amendment is the nullification of Vladimir Putin’s presidency so that he can become president again.

Russian Medvedev pleaded guilty to cybercrime in a US court


The US Department of Justice considers Sergei Medvedev one of the founders of the transnational organization Infraud, which sold stolen personal, banking and financial data, as well as information from credit and debit cards

Russian Sergei Medvedev, accused in the United States of cybercrime and causing damage of $568 million, pleaded guilty, said the US Justice Department on June 26.

"Sergey Medvedev, also known as Stells, segmed, serjbear, aged 33, from the Russian Federation, pleaded guilty to US District Court judge James Mahan in Nevada," said the Department in a statement.
According to the Ministry of Justice, Infraud engaged in large-scale acquisition, sale and distribution of stolen identification data, information from compromised debit and credit cards, personal information, banking and financial data, and malicious computer programs.

The prosecution believes that Infraud was created in October 2010 by a native of Ukraine Svyatoslav Bondarenko, also known as Obnon, Rector, Helkern. In the United States, Medvedev is also considered one of the creators of the platform. The organization's slogan is "In Fraud We Trust". By March 2017, the organization had almost 11,000 registered members (according to the US Department of Justice). The loss from Infraud's operations amounted to more than $568 million.

Recall that on February 8, 2018, the Agency reported that 36 people were accused of involvement in the activities of Infraud. At the same time, the Ministry of Justice reported on the arrest of 13 people who were members of the organization. They were citizens of the United States, Australia, Britain, France, Italy, Kosovo and Serbia.

The next day, it became known about the detention of Sergei Medvedev in Thailand. The operation to detain the Russian was conducted by local police at the request of the FBI. The Bangkok Post then reported that Medvedev was engaged in illegal online trading for bitcoins. More than 100 thousand bitcoins were found on the Russian's accounts.

Earlier on Friday, it was reported that a court in the United States found Russian Alexey Burkov guilty of cybercrime and sentenced him to nine years in prison.

Group-IB disclosed data about a Russian-speaking hacker who hacked hundreds of companies


Computer security specialists at Group-IB have identified a suspected hacker with nickname Fxmsp who has been trading on the Darknet for three years with access to corporate networks of international companies.

He is called one of the most dangerous criminals in this area: more than 130 companies around the world, including the leading American antivirus corporations, were affected by the actions of this representative of the Darknet. Allegedly, the attacker is a resident of Kazakhstan, Andrei Turchin.
Group-IB believes that the hacker compromised 135 companies in 44 countries, including the United States, England, France, Italy, the Netherlands, Japan, Australia and others. Allegedly, the attacker earned about $1.5 million through criminal means. Materials on the hacker were transferred to international law enforcement agencies.

For the first time, a criminal with the nickname Fxmsp became active in the second half of 2017. Group-IB noted that the attacker attacked banks, telecommunications operators, energy sector organizations, government organizations, IT service providers and retail. After some time of its activity, he began to sell access not as a product, but as a service.

The main activity of Fxmsp occurred in 2018, after which this area was empty for some time, and since the beginning of 2019, the cybercriminal has followers who are now active in the underground, taking up the techniques of Fxmsp, the Group-IB company said in a document.

At the same time, the "invisible God of the network" (as Fxmsp was named by his accomplice Lampeduza) became widely known after the incident that occurred in May 2019. Information stolen from three American antivirus titans: Symantec, Trend Micro and McAfee was put up for sale on the network. For providing access to their corporate networks and stolen information, the attackers asked for more than $300 thousand.

A hacker is one of the most dangerous cybercriminals. Computer security experts do not rule out that it still continues its activities. In total, Fxmsp has about 40 followers on underground forums.

Secondary Infektion: A Russian Disinformation Operation Agency You Need to Know About


The secret campaign was famous as "Secondary Infektion," and it worked separately from the IRA and GRU, staying hidden for many years. The IRA (Internet Research Agency) is known for its notorious disinformation campaigns, where it floods the social media platforms with false information and propaganda. Whereas the GRU, also known as the Main Intelligence Directorate in Russia, is infamous for planning cyberattacks and even strategic data leaks. But in recent times in Russia, it is suspected that there might be a third intelligence agency responsible for such cyberattacks and was able to penetrate even more in-depth. It is believed that this third party that worked distinctly from the former two managed to stay undercover for a long time in Russia and only recently came to public knowledge. Here's what we know.


Known as Secondary Infektion, cybersecurity experts found about the operation in 2019. As of now, a social media analyst firm named Graphika published a report on the intelligence group's activities, which seemed to have started in 2014. According to the report's analysis, this group is known to cover its tracks, and all Secondary Infektion operations online are protected by robust security, which uses hallmark accounts that disappear soon after publishing a comment or a post on social media.

"Secondary Infektion targeted countries across Europe and North America with fake stories and forged documents. Its focus and areas of interest were often of a diplomatic and foreign policy nature: it appeared primarily aimed at provoking tensions between Russia's perceived enemies, and its stories typically concerned relationships between governments and often specifically focused on government representatives. It is also notable for launching smear campaigns against Kremlin critics and for targeting presidential candidates in 2016 in the U.S., in 2017 in France, in Germany, Sweden, and elsewhere," says Graphika's executive summary.

Hence, Secondary Infektion's operations are quite the opposite of the IRA and GRU's way of working. The IRA and GRU believe in building an online presence and increase their reach that is aimed to leave a long-lasting impression, through their disinformation campaigns.

Experts fear an increase in the number of cyber attacks after the end of self-isolation


As 62% of respondents answered, when companies transferred employees to remote work at the beginning of the pandemic, the most concern was ensuring secure remote access and VPN. 47% of respondents reported that they were concerned about preventing attacks using social engineering methods, and 52% called the protection of endpoints and home Wi-Fi networks of employees one of the main challenges.

"Even before the introduction of self-isolation, many companies allowed employees to work remotely. As soon as the regime entered into force, organizations had no choice but to organize remote access for all their employees as soon as possible. Of course, these measures have led to the emergence of new opportunities for attackers to carry out attacks. Despite the fact that we are now gradually returning to the normal life, the threat of cyber attacks is not decreasing. Companies need to use comprehensive zero-day security solutions to avoid being hit by a large number of next-generation cyber attacks," explained Vasily Diaghilev, head of Check Point Software Technologies representative office in Russia and the CIS.

At the same time, 65% of information security experts noted that their companies are blocking the access of external computers to corporate VPNs. 51% of specialists said that the greatest threat comes from home devices, 33% see the main security threat in mobile devices of employees.

According to Dmitry Medvedev, Deputy Chairman of the Security Council of the Russian Federation, the number of cybercrimes in the past five months in Russia has exceeded 180 thousand, which is 85% more than in the same period of time in 2019.

He stressed the importance of taking into account that new schemes and techniques are being developed for cyber attacks.

The number of vulnerable computers in Russia tripled during the period of self-isolation


DeviceLock analysts claim that the number of computers with the Windows operating system in Russia, that are vulnerable to Remote Desktop Protocol (RDP) access attempts, increased by 230%, to 101 thousand during the time of self-isolation.

The company's founder, Ashot Hovhannisyan, explained that the rapid growth was due to the fact that during the coronavirus pandemic, the number of servers, including those open to the Internet, also grew rapidly.

According to him, most companies allow users to connect via the Remote Desktop Protocol only using VPN technology, while a small percentage of servers are allowed to log in without a password, which is a serious threat to corporate networks.

Alexey Novikov, Director of the Positive Technologies expert center, added that botnets scanning the network for vulnerable computers had new goals when companies started transferring employees to remote work.  According to him, the rapid transition to remote work contributed to the fact that the priority was put on the performance of the infrastructure, rather than information security.

Hackers sell company accounts on the Darknet for 300-500 rubles ($4-7). The information obtained can help cyber criminals in stealing the user's personal data. This way, criminals will be able to get into the Bank account or, for example, to the crypto exchange or e-wallet.

According to Igor Zalevsky, head of the JSOC CERT cyber incident investigation department, the number of attacks has increased with the growth of the number of targets. For example, the number of attempts to select RDP passwords increased from 3-5 times to 9-12. The attacks began to last longer – from two to three hours. According to him, it takes attackers an average of one and a half days to access large companies with a large information security department. 

Expert: the image of a "Russian hacker" has become a means of information warfare with the Russian Federation


Experts commented on the release of the report of independent public organizations "Information fight against Russia: constructing the image of the enemy".

The director of the Center for Political Information, Alexei Mukhin, noted that the report analyzed how the image of the "Russian hacker" works. According to him, this image is replicated much less through the media than through social networks.

The image of a "Russian hacker", as Mukhin said, is mainly distributed via Twitter using similar hashtags, such as #Russianhacker. This is done to attract attention, to redirect the user to materials that demonstrate "horror and lawlessness".

This forms a "public opinion", with which not only politicians but also the military are already working. This is bad, because, in their hands, the information struggle turns into a hybrid war.

In different years, according to this scheme, Russia was accused of various outrages. In 2014, in the participation in the war in the Donbass, in 2016, in interference in the American elections.

It is characteristic that as soon as Russia requires to show evidence, it turns out that they are not.
Anna Shafran, a TV and radio host, believes that an open information war has already begun. 

According to her, recently, YouTube blocked without warning or explanation three popular Russian resources, including the TV company "Crimea-24". The Russian Foreign Ministry, of course, protested and rightly qualified the incident as an attack on Russian-language resources from the American Internet platform.

Sergei Sudakov, a Professor at the Military Academy of Sciences, said that the meme "Russian mafia" was created in the interests of the United States in the 1990s. It is outdated, replaced by a new meme "Russian hacker". It is fashionable to present Russia as an international information terrorist.
It is worth noting that in the Russian sector of the Internet, the meme “Russian hackers” is perceived approximately as “British scientists”. At the same time, in the foreign segment, the concept of "Russian hackers" is linked to such concepts as danger, interference, and more recently, incitement to riot.

Russian hackers attacked Poland due to NATO exercises


The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army

Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources.

"Poland again became the target of information attacks that coincide with the Kremlin's actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General," said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services.

He added that the disinformation attack coincides with the beginning of the next phase of the Defender Europe-2020 exercise and concerns military cooperation between Poland and the United States.
As noted, as a result of hacker attacks on several Polish sites, materials about the training of Defender Europe 2020 were posted. The article was posted on the Internet pages of Niezalezna[dot]pl, Olsztyn24[dot]com, RadioSzczecin[dot]pl, ePoznan[dot]pl, which makes fun of Poland and its army.

These materials were blocked by the administrators of information resources, but after that, some of them again became targets of cyberattacks. 

The speaker of the coordinating Minister noted that the theses published in the articles coincide with the long-term actions of the Russian Federation against Poland. According to Zharin, the purpose of this was to strike at the unity of NATO and the possibility of joint actions of US and Polish forces, to destabilize relations between Warsaw and Washington, as well as question official documents regarding threats to Poland.

It is interesting to note that Poland plans to completely abandon Russian gas from 2022.

German Intelligence Warns Companies of Potential Hacking Threats from Russia


According to German intelligence agencies, a group of hackers from the Kremlin are targeting German infrastructures like energy, water, and power resources for a long time. The information came out the first time at the start of this year when investigating officers found evidence of cyberattacks on German companies. The names of the target companies are yet to be known. Still, a cyberattack has compromised them, says statements of German intelligence agencies that were sent to head of these infrastructures.


The group of hackers has been identified as "Berserk Bear." According to the investigation, the hackers are likely to be state-sponsored by the Russian FSB intelligence agency. The hackers are suspected of using the supply chain to infiltrate into German IT infrastructures, says various investigation agencies. According to the investigation, these hackers use openly available malware to permanently infiltrate the company's I.T. network and access sensitive information, along with having complete control over the company's server. The agencies didn't find any damaging evidence against the companies and have refused to offer any comment for the current situation.

The group Berserk Bear is infamous for stealing the U.S. energy companies' data in the year 2018. U.S. President Donald Trump had blamed Russia for the attack. According to cybersecurity experts, Berserk Bear is the group that Moscow is most likely to contact if there is a need to hack the industrial networks. Another hacking team called "Sandworm" was famous for the attack that shut down Ukraine's power supply in 2016 and 2018.

According to Cyberscoop, a cybersecurity website, "Sven Herpig, a cybersecurity expert with the German think tank SNV, welcomed the advisory and urged German companies to heed the warning. The memo has "concrete recommendations of how to spot and protect against an intrusion" from Berserk Bear, he said. The Russian Embassy in Washington, D.C., did not respond to a request for comment on the German agencies' report." Berserk Bear is responsible for various cyberattacks on American and German electrical utilities since 2018, say the cybersecurity experts. The group has been aggressive and attacked several companies.

The voting site of the United Russia party was attacked by hackers


"Initially, the voting went as usual. At seven in the morning, a rapid increase in attempts to vote began. After some time, technical support detected a DDoS attack — attempts were made to upload votes from non-existent voter IDs to the system," commented the press service of the party.
Deputy Secretary of the General Council of United Russia Sergey Perminov said that within two hours, the growth of hundreds of thousands of fake requests was stopped. At this time, there was a queue of real people who went to vote on the site.

"We use the blockchain to conduct preliminary voting — accordingly, all data comes to us in encrypted form and goes through several stages of verification. All ballots are anonymous — we don't have access to the personal information of the electors who sent them, which means we can't track the attack vector. Accordingly, we process all requests without exception. Therefore, we are now increasing our capacity in order not to lose any of the real votes," explained Perminov.

Deputy Secretary noted that they managed to stop the attack within two hours, now the system is gradually improving. All the data of real electors who managed to vote has been included in the blockchain and will be available for verification. The correctness of the vote, according to him, is not violated.

It is worth noting that United Russia is the only party in the Russian Federation that conducts primaries to nominate candidates for elected posts. Any Russian citizen can participate. This year, due to the coronavirus pandemic, primaries are held in electronic format.

Recall that on May 23, Russian President Vladimir Putin signed a law on remote voting. According to the document, a new type of voting without a paper ballot is being introduced in the Russian Federation. Special software will be used instead.

Russian experts assessed the level of protection of corporate data from hacker attacks


Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research.

"It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out," said experts.

Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection.

According to experts, every sixth company showed signs of hacker attacks, malicious links on official sites or valid accounts in public leak databases. Based on this, the researchers concluded that the company's IT infrastructure could be controlled by hackers.

Specialists advise companies for protection, first, to follow the General principles of information security: regularly check their information resources available for external connection, as well as develop strict rules for corporate password policy and monitor their implementation. In addition, they recommend regularly updating the security settings for operating systems and installing the latest versions of software products.

Recall that, according to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.

Russia puts cryptocurrency under a ban


Russian parliamentarians have developed a package of bills that assume administrative and criminal responsibility for the use of cryptocurrencies. Experts believe that such measures can lead to the destruction of the blockchain industry in Russia.

"People who currently own cryptocurrency will be forced to get rid of it before the law comes into force, or risk "going underground", and this is a loss or risk," said Dmitry Kirillov, a senior tax lawyer at Bryan Cave Leighton Paisner. Based on the amendments, mining or exchanging 3.5 bitcoins will lead to criminal liability.

Penalties are provided for any use of digital assets, from the organization of a crypto exchange and mining farm, attempts to pay with cryptocurrency on the Internet.  Fines range from 500 thousand rubles ($7,000) for individuals and up to 2 million rubles ($28,000) for legal entities.

Founder of the stable cryptocurrency platform Stasis.net Gregory Klumov called the new amendments "putting nails in the coffin of financial innovation and technological progress."
"In fact, it is proposed to build a new iron curtain in the digital economy with their own hands," said Yuri Pripachkin, president of the Russian Association of Cryptoeconomics and Blockchain.

Currently, in the Russian Federation, in addition to software, the hardware is being actively developed - means for storing tokens, cryptocurrencies. Many young specialists from the Russian Federation are already involved in this industry, and experts are worried that the adoption of this bill will put an end to the innovative economy.

Earlier, E Hacking News reported that, according to First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.

Russian banks revealed new types of fraud


Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have become more active. An applicant should fill out a form with personal data. Then a letter arrives that he was hired, and he needs to transfer money for some equipment urgently. In the end, no money, no work.

VTB specialists reported cases of fraud when hackers place job ads and get access to mobile phones while communicating with candidates. Then, using remote access, hackers get to the client's personal account and can withdraw money.

Hackers are looking for candidates without experience, for example, for the position of mobile app tester. Those who responded to the ad, they are asked to pass testing and install remote access programs to their computer or smartphone for control. Fraudsters can use them to log in to their personal account and withdraw funds.

The VAT refund scheme is also gaining popularity among fraudsters. Attackers publish videos on the Internet with a proposal to refund value-added tax to all Russians left without income. In this scheme, customers click on a fraudulent link from the description to the video and independently perform expense transactions, which leads to a loss of money.

"Internet companies began to actively appear that offer customers to take advantage of the volatility of cryptocurrencies and promise a large profit," said Kuznetsov about another scheme.

Finally, financial fraudsters copy popular initiatives of well-known brands and companies to attract their victims, using hashtags of the period of self-isolation, for example, #stayhome and offer to participate in the campaign to get three thousand rubles ($42). For this, it is allegedly necessary to provide card data and a one-time SMS password.

It is worth adding, according to the international company Group-IB, using the remote access program TeamViewer, fraudsters steal from the clients of large banks on average from 6 million to 10 million rubles per month ($84,000 - 140,000).

The Russian State Duma adopted a law on remote voting


The State Duma adopted in the second and third readings amendments of deputies of United Russia that simplify the organization of elections in the context of a pandemic. Both postal voting and remote electronic voting will now be possible for all levels of elections.

Recall that the beginning of the pandemic of coronavirus infection served as a kind of trigger for the introduction of remote voting. This was stated by the political party United Russia. For this purpose, an electronic voting system based on blockchain technology has been developed.

First Deputy Chairman of the State Duma Committee on state construction and legislation Vyacheslav Lysakov stated that the bill adopted by the State Duma is due to technological progress and digitalization of many areas of life.

"Taking into account modern realities, it is extremely important to modernize and promote processes, including voting. I think this is an absolutely normal step. We are moving towards reducing the paper document flow," explained the parliamentarian.

However, experts say that it is difficult to control voting in such an election.

"This is a very dangerous initiative in the conditions of general distrust of our electoral system. It is simply impossible to check that everything went correctly. Civil Control over this form of voting is reduced to a minimum," said Grigory Melkonyants, co-chair of the movement Voice for the protection rights of voters.

The expert added that it is impossible to verify that the voter votes personally, that the secrecy of the vote is respected. In addition, you cannot be sure that all votes will be correctly considered.
Earlier, E Hacking News reported that electronic voting in Russia is safe.

Data of 9 million customers of the Russian courier service CDEK leaked


Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services

Telegram channel In4security noticed that the database contains information about the delivery and location of goods and information about buyers, including Tax Identification Numbers. The seller of the database sent the author of the Telegram channel screenshots dated May 8, 2020. This indicates that the databases are fresh.

The CDEC claims that there was no data leak from the company. As the representative of the service stressed, personal data is collected by many companies, including state aggregators, the leak could have occurred on any of these resources.

Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies, said that this is the largest leak of personal data from Russian delivery services. He notes that the information of CDEC users is not leaked for the first time: previously, customers of the delivery service complained that personal data of other people is visible on the company's website due to vulnerabilities.

Head of Security Department of SearchInform Alex Drozd warned that after leaks there are always calls from scammers. They call the victim and introduce themselves as company employees and try to find out information about billing information.

The interest of fraudsters in the data of courier services may be associated with an increase in demand for their services during the coronavirus pandemic and self-isolation.
The company also recalled that recently, cases of detection of fraudulent sites that act on behalf of CDEC have become more frequent.

It should be noted that in recent weeks, there has been an increase in phishing sites: online cinemas, online stores, training courses, legal advice, government portals.  Earlier, E Hacking News reported that Russia has bypassed the USA in hosting for phishing resources.

The sites of the online action in honor of the victory in the Great Patriotic War were attacked by hackers


Sites where the online campaign Immortal regiment was broadcast, as well as the hotline’s telephone number, were subjected to repeated hacker attacks on May 9, the press service of the All-Russian public civil-patriotic movement Immortal Regiment of Russia reported on Sunday.

Recall that on May 9, 2020, Russia celebrated the 75th anniversary of the Victory in the Great Patriotic War.

"Immediately before the festive date, the website of the broadcast of the victorious procession, the site of the movement Immortal Regiment https://www.polkrf.ru/, the site of the movement Victory Volunteers, whose participants helped organize the procession, as well as the hotline’s telephone number, were repeatedly attacked hackers," said the press service.

The first attack took place from 6 to 9 am Moscow time, hackers made more than 9 million requests to the site. The attack power was 18.5 thousand requests per second. Because of this, the processor capacity of the server was used up, and the site was threatened with a shutdown. Many users complained about problems downloading the broadcast.

Specialists were able to stop this attack, eliminate the vulnerability and quickly restore the site.
"646 unique IP addresses were used for the attack. 64% of the servers involved in the DDOS attack are located on the territory of European countries, 27% on the territory of North America, 3% in Asia," found the developers.

The second attack of similar power occurred at 11 am. Specialists were able immediately to prevent the attack, eliminate vulnerabilities, and restore the normal operation of the site. that the majority of IP addresses used for the attack were located in Europe (64%). Another 27% of addresses were attacked from North America.

The all-Russian action Immortal regiment for the first time in history is completely held in an online format in connection with the coronavirus pandemic.

Russia recognized as the leader in posting fraudulent resources on the Web


According to the results of last year, Russia seized the first place from the United States in terms of
the placement of fraudulent Internet resources, found out in the international company Group-IB, which specializes in repelling and preventing cyberattacks.

If in the previous three years, most of the blocked phishing resources were located in the United States, in 2019, Russia took first place in this indicator. Hosting services in Russia received 34% of blocked phishing resources, in the US 27%. Panama is in third place, it accounted for 8% of blocking.
The company also indicated that in 2019, the total number of blocked phishing resources increased three times, from 4.4 thousand to 14,093.

According to the Group-IB, earlier scammers stopped their campaigns after they were blocked and switched to other brands. Now they continue to work, replacing the blocked pages with new ones. They also complicated and expanded the mechanisms for implementing phishing attacks.

At the same time, the scammers revised their goals: the number of phishing resources for attacks on cloud storage doubled over the year and the number of fraudulent pages targeting users of Internet service providers tripled. This is due to the desire to get personal and payment data of users.

It is worth noting that Group-IB may require blocking resources as a competent organization that cooperates with the Coordination Center of RU domains.

Kaspersky lab reported in November 2019 that cyber fraudsters have developed a new method of corporate phishing to steal personal data from banks. For example, Bank employees receive an invitation to pass certification with the requirement to enter a username and password from their work email. As a result, fraudsters get access to their correspondence, which may contain files with personal data of credit institution clients.

Russians began to click on scam sites 10 times more often


According to the study of Kaspersky Lab, at the beginning of 2020, the number of attacks on Russians through scam resources increased 10 times to 15 million, and the number of such pages doubled to 10 thousand. The rapid increase is associated with the spread of the coronavirus. Fraudsters actively exploit the theme of the pandemic: from fake promises to pay benefits or refunds for a small cash contribution to the sale of personal protective equipment.

If every click to a scam page entailed deception of at least one user, then the potential amount of damage in the first quarter of 2020 could exceed 3 billion rubles ($40,5 million). Experts did not say how much money the Russians lost on scam resources during this period.

Senior content analyst at Kaspersky Lab Tatyana Sidorina believes that the popularity of scam resources has increased, as Russians have begun to spend more time at home, on the Internet. In addition, users are offered various big money compensations, for the withdrawal of which they need to pay a small commission.

She stressed that the scam resources disguised as state lotteries began to be actively used at the beginning of 2020, 219 resources were discovered. Kaspersky Lab noted that last year, separate statistics on lotteries were not even kept.

In order to minimize the damage from fraud, the Stoloto state lottery is already actively cooperating with law enforcement agencies and conducting an information campaign, said Varvara Basanovich, the organization's operating Director. She stressed that it is impossible to win the lottery without buying a ticket, and the tax is paid after receiving the money, and not in advance.

The head of Analytics and Special Projects at InfoWatch, Andrey Arsentiev, expects that after exiting the self-isolation regime, mass frauds with tourist trips to Russian resorts can start, as well as sellers of drugs for restoring strength, immunity and mental health can become active.

Moscow has denied accusations of stealing coronavirus-related developments


Accusations of the British authorities against Russia of allegedly stealing coronavirus developments by Russian hackers are "typical corona - madness" and a new round of information warfare, said Oleg Morozov, member of the Federation Council Committee on Foreign Affairs.

According to the Senator, the West this time did not miss the information occasion to call Moscow an enemy, despite the fact that the charges do not have any basis.

“The pandemic is another reason to embed this informational novelty in the "holy" fight against "terrible” Russia. This is like a virus that is invisible, but about which everyone is aware - so are Russian hackers. This topic is the modern information virus,” said Mr. Morozov.
The discourse began when cybersecurity experts warned that hostile states were trying to hack the databases of British universities and research institutions to steal research related to COVID-19, including the development of vaccines.

According to them, Iran and Russia are behind the hacking attempts, experts say that China is also a likely criminal. However, all attacks were unsuccessful, writes The Guardian.

Now dozens of British universities and institutions with biomedical potential are working on COVID-19 research, from new diagnostic tests to experimental treatments.

Oxford University, which is working on vaccine development and has recently started human trials, has already asked the NCSC to protect its research.

Recall that digital passes began to operate in Moscow and Moscow region on April 15. More than 900 thousand permanent digital passes were issued, and about 400 thousand one-time passes are issued daily. Specialists believe that the system of electronic tracking of people is being introduced into mass use in Moscow right now. And the epidemic is a good reason for such actions.
In addition, resources with a video message were revealed in North Ossetia, the author of which, speaking about the situation with COVID-19, said that states want to introduce artificial intelligence into people 's bodies through chips, through anonymization of a person, through biometrics, through distance learning.

Email of the Pskov Churchman Tikhon was hacked


The Churchman Tikhon (Mr. Shevkunov), who is called "Vladimir Putin's Confessor" in the media, told about the hacking of his mail. Now blackmailers are threatening to publish information of many years

"A few months ago it turned out that my email was hacked for many years. My private and business correspondence began to be published on the Black Mirror website. In parallel, these materials were published on other telegram channels. I was asked to pay ten million rubles to suspend publication. I, of course, refused," said Tikhon.

The attackers, according to the clergyman, demanded to pay 10 million rubles ($132,000) to suspend the publication. The Churchman answered hackers that he can put all the information of his mail in open access if they will donate the same amount to the Pskov diocese.

Tikhon said that he did not want to "accept the terms of blackmailers and encourage dirty business." Shevkunov added that he did not pay attention to the hack at all and commented on it only because of many questions from the media. "I know that the competent authorities are looking for hackers, but whether they find them or not, we will see," said the Metropolitan.

"There is the COVID-19 virus, there are computer viruses, and there are such viruses in our society. They affect both those who steal other people's letters, wanting to make money on it and those who eagerly read other people's letters," stated the Churchman
Tikhon.

It is worth noting that letters from his hacked mail continue to be published so far. In particular, recently an audio file of his conversation with the filmmaker Nikita Mikhalkov was published