Search This Blog

Showing posts with label Russia. Show all posts

IBM: Cyber attacks on Linux systems of Russian government agencies will increase

The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import substitution. Businesses that have started actively using the cloud against the background of the pandemic face increased costs: attackers can hack their cloud environments and use them for mining cryptocurrencies and DDoS attacks.

According to the IBM report on the main information security risks in 2021, the number of attacks on cloud environments and open-source Linux operating systems will increase this year. Users of Russian operating systems on Linux can also suffer, said Oleg Bakshinsky, a leading information security adviser for IBM in Russia.

The attackers began using the extensible computing power of Linux-based cloud environments, said Mr. Bakshinsky.

The customer can enable the service in their cloud settings, and at times of peak loads, their resources will be expanded for an additional fee. Attackers take advantage of this by gaining unauthorized access to the victim's cloud environment, increasing the company's costs for paying for cloud services.

The authorities have already acknowledged the problem. So, to check the security of operating systems based on Linux, the Federal Service for Technical and Export Control of Russia will create a research center for 300 million rubles ($4 million).

Cybersecurity experts also confirmed the growing interest of hackers in Linux systems. Check Point records about 20 attacks on Linux-based cloud environments in Russia, which is 3.45% of the total number of such attacks worldwide.

The main targets of the attackers, according to Nikita Durov, technical director of Check Point in Russia, are the financial industry and the government.

Alexander Tyurnikov, head of software development at Cross Technologies, is convinced that attacks on cloud environments "will not be so large-scale as to lead to the collapse of state and commercial systems."

The head of Microsoft announced evidence of the involvement of Russian intelligence in the cyber attack

Approximately 100 US companies and nine government agencies were affected by the hack using Orion software of SolarWinds, which is blamed on "Russian hackers." The real scale of the cyberattack became known during a hearing of the US Senate.

According to Microsoft president Brad Smith, "at least a thousand very skilled, very capable programmers" worked on the SolarWinds hack. "This is the largest and most complex operation we've seen," noted Smith.

The head of Microsoft compared the SolarWinds software to a health care system. According to him, the hacking of this program by the attackers was similar to the robber turning off the alarm for all residents instead of just one apartment where he wanted to enter. "Everyone's safety was threatened. That's what we're up against," added Smith. He added that hackers could use up to a dozen different ways to break into the networks of their victims.

In addition, the President of Microsoft said during the hearing that the company has evidence of the involvement of Russian intelligence in a massive cyber attack on the systems of US departments of the federal government and commercial companies in December 2020.

"At this stage, we have solid evidence that points to Russian intelligence, and no indications that would lead to anyone else," stressed Smith.

At the same time, the head of Crowdstrike specializing in cybersecurity, George Kurtz, said that his company had no information about Moscow's involvement in the attack.

The head of the cyber security company FireEye, Kevin Mandia, said at the hearing that the hackers used tools similar to those used by Russia in the attack. "The tools used in the hacking are not similar to those used by China, North Korea or Iran," noted he.

Earlier, E Hacking News reported that more than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. Press Secretary of the Russian President Dmitry Peskov said that Moscow was not involved in hacker attacks on US government agencies and companies.

Experts listed the methods used by fraudsters to obtain personal data

As noted by experts, information leakage in large companies does not often happen, but data theft can occur through contractors

Scammers learn personal data of Russians from gaps in the security of companies or from their informants in them, from social networks of citizens, as well as through phishing sites.

"Often, a person can simply share their name and phone number, for example, on social networks. Such data can also be collected from data leaks," said Sergey Golovanov, a leading expert at Kaspersky Lab.

He clarified that information leaks in large companies do not often happen, as they pay great attention to their cybersecurity. However, data theft can be carried out through contractors who do not always have the necessary resources to ensure security when processing personal data. Also, according to the expert, leaks can occur from small online stores or other services where customers are asked for such information.

As Anastasia Barinova, deputy head of the Group-IB Computer Forensics laboratory, noted, today, fraudsters are actively searching for insiders, including in banks, insurance companies, and financial organizations, since their schemes using personal data are now successful and effective.

“Criminal groups, including fraudulent call centers, can monetize this data, taking advantage of opportunities to steal and withdraw funds,” explained the expert.

In addition, Russians fall into the trap of fraudsters, filling out a form of personal data on a phishing site or publishing photos of documents and bank cards on Internet resources.

Golovanov said that scammers often combine information about potential victims from several sources and use it to gain people's trust. The expert recalled that personal data alone is not enough to conduct financial transactions on behalf of the victim. In this regard, he urged not to disclose bank card details or other confidential information to anyone under any circumstances.

Russia Accused by Ukraine for Major Cyber Attacks


Ukraine on Monday alleged major attacks against the Ukrainian security and defense website by unidentified Russian Internet networks but did not provide specifics of any losses or mention who it felt was responsible for the attack. Kyiv, Ukraine's capital, previously described Moscow with major cyberattacks against Ukraine as part of the "hybrid war," which Russia opposes. 

“Kyiv has previously accused Moscow of orchestrating large cyber attacks as part of a “hybrid war” against Ukraine, which Russia denies. However, a statement from Ukraine’s National Security and Defense Council did not disclose who it believed organized the attacks or give any details about the effect the intrusions may have had on Ukrainian cybersecurity.” reported The Reuters agency. 

The Ukrainian National Security and Defense Council however has not released a statement that states that the Ukrainian Cyber Security is believed to coordinated or provides specifics about the consequences that intruders may have had. According to a contact, the attacks began on Feb. 18 and threatened web pages belonging to Ukrainian Security Service, the Council itself, and several other state agencies and strategic businesses. 

“It was revealed that addresses belonging to certain Russian traffic networks were the source of these coordinated attacks,” the Council said. 

“The council added the attacks attempted to infect vulnerable government web servers with a virus that covertly made them part of a botnet used for so-called distributed-denial-of-service (DDoS) attacks on other resources,” concludes Reuters. 

The Council reported that these attacks are intended to infect compromised state web servers with malware that has transformed them into part of a DDoS network. A DDoS attack is a cyber attack in which hackers aim to inundate a network with an extraordinary amount of information traffic so as to paralyze it. 

"It is obvious that it's connected with the latest pro-active efforts by the Service toward protecting national interests and countering Russia, which has been waging its hybrid war against Ukraine, including in the information domain," the official reported. Since Russia annexed Crimea from Ukraine in 2014 and participated in a continuing war in the eastern Donbass region of Ukraine, Russia and Ukraine have been at the loggerhead.

The Russian created Clubhouse for Android in one day

The former developer of the Android version of the application of the Russian social network VKontakte Grigory Klyushnikov created Clubhouse for Android and posted it in the public domain

The creator and former developer of VKontakte for Android, Grigory Klyushnikov, created an open-source version of the Clubhouse app for Android OS and published it on the largest web service for hosting IT projects and their joint development, GitHub. Klyushnikov announced this on his Twitter account.

The Clubhouse app is a social network based on voice communication without the possibility of recording and further dissemination of what is happening. It was launched in 2020 but became particularly popular in the Russian segment of the Internet in February 2021. The platform is only available to users of the iOS operating system. To use it, you must receive an invitation from an already registered user.

It took Klyushnikov a day and a half to develop the project, and he devoted most of his time to the interface and logic around the Agora SDK, the voice infrastructure that Clubhouse uses.

"I got tired of waiting for the clubhouse for android, and I wrote my own in one day," said Klyushnikov.

The description on GitHub says that the main functions work in the application. It's possible to join rooms, chat, view people's profiles, and subscribe to them. The app doesn't have moderation, notifications, or room creation.

Users can download and install the app's APK file. In turn, developers can import the program into Android Studio and click "run".

Klyushnikov wrote that he created the app in a day and a half, while he does not exclude that the official Clubhouse can block users of the Android version.

In addition, the developer advises using an iOS device for registration, and authorization on Android in an already created account.

It is worth noting that the new social network Clubhouse is popular with Russian financiers.  So, on February 17, VTB Bank organized a discussion "Startups against corporations: war or peace?". Experts from large companies and startups discussed working together.

Russian state systems are in danger because of Internet Explorer

This year, many government agencies will have to spend several hundred million rubles on updating their information systems due to the termination of support for Internet Explorer by the American corporation Microsoft. The fact is that most government information systems used an outdated version of the browser to log users in.

Experts believe that if nothing is done, the systems will continue to work, but will not receive updates, which will make them vulnerable to hacker attacks.

For example, this will affect the system of control over the volume of turnover of alcoholic and alcohol-containing products in the Russian Federation, the system of the Federal Treasury, and the Supreme Court.

All of these information systems work only in the Internet Explorer browser on the Windows operating system. When they were created, only Internet Explorer supported the necessary cryptographic security requirements. But many years have passed since then: Microsoft will stop supporting Internet Explorer version 11 from August 17, 2021, and support for older versions has been discontinued since January 12, 2016.

According to the expert, the lack of updates carries a serious risk of data leakage and the availability of services. This increases the risk of hacker attacks and narrows the circle of potential users. The problem is large-scale - to solve it, it will be necessary to rewrite the software of state information systems, which will take from one to three years, and it will cost hundreds of millions of rubles.

Experts believe that Microsoft even assisted import substitution in Russia. According to them, the departments will deal with the issue of their compatibility with domestic operating systems, solving the problem with the work of state information systems without Internet Explorer.

"Taking into account the requirements for import substitution, the best course for departments will be to switch to open-source browsers, for example, from the Chromium and Firefox families", said Yuri Sosnin, Deputy General Director of the Astra Linux group of companies.

According to Timur Myakinin, the head of the software development department of the IT company Jet Infosystems, the departments still have enough time to abandon the old technologies.

The press secretary of the Russian president denied Russia's connection with the hackers who attacked France

As the press secretary of the President of the Russian Federation noted, the report of the French special services "contains accusations of committing certain cybercrimes by a certain group of hackers"

The press secretary of the President of Russia Dmitry Peskov considers absurd the wording from the report of the French special services about the involvement of the Russian Federation in cyber attacks on enterprises of this country.

"If I understand correctly, they did not accuse Russia, but a certain group of some hackers who, as they say, maybe related to Russia. This wording is a little absurd, and here it is impossible to say that Russia was accused of something," Mr. Peskov told reporters on Tuesday.

He once again stressed that the report "contains accusations of committing certain cybercrimes by a certain group of hackers."

Peskov noted that Moscow "did not, does not, and cannot have any involvement in any manifestations of cybercrime." "In this context, I would like to remind you that it is Russia that constantly speaks about the need for international cooperation in countering cyber security," concluded he.

On Monday, the French National Agency for the Security of Information Systems (ANSSI) of France published a report according to which French businesses have been subjected to cyberattacks since 2017. At the same time, the report does not specify what damage was caused to enterprises and what exactly the hackers did.

The agency concluded in this report that "this campaign is very similar to previous campaigns based on the principles of hacker group Sandworm". A number of Western countries associate the Sandworm group with Russia.

It is worth noting that cybersecurity experts have reported on the activity of the Sandworm group since 2008 when they were accused of DDoS attacks on facilities in Georgia. In October 2020, the US Department of Justice charged six Russian citizens with working for the Sandworm group, participating in attacks on companies and hospitals in the United States, Ukraine's power systems in 2016, the French presidential election in 2017, and the Pyeongchang Winter Olympics in 2018.

Accusations against "Russian hackers" periodically appear in the West. Russia has repeatedly denied such accusations.

Yandex Suffers Data Breach, Exposes Email Accounts


Russian internet and search organization Yandex declared on Friday that one of its system administrators had enabled unapproved access to a huge number of client mailboxes. The organization found the breach internally, during a standard check of its security team. The investigation uncovered that the employee’s activities prompted the compromise of almost 5,000 Yandex email inboxes. This employee was one of three system administrators, who had the access privileges to offer technical support for mailboxes, said Yandex.

“A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures,” said Yandex’s Friday security advisory. “This will help minimize the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement.” 

As indicated by Verizon's 2020 Data Breach Investigations Report (DBIR), internal actors were behind 30% of breaches (with the dominant part, or 70%, coming from external actors). An insider threat could leave organizations spiraling from financial or brand damage – but additionally an absence of ensuing trust from clients. In a recent January case, for example, a former ADT employee was found adding his own email address to the accounts of attractive women, so he could have around-the-clock access to their most private moments. In December, a former Cisco Systems employee was condemned to two years in prison, subsequent to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Furthermore, in October, Amazon fired an employee who shared clients' names and email addresses with a third party. 

“Yandex’s security team has already blocked unauthorized access to the compromised mailboxes,” the organization says, adding that the proprietors have been cautioned of the breach and that they need to change their account passwords. Because of the occurrence, Yandex will make changes to the administrative access procedure to expand the security of client information. As indicated by the organization, payment details have not been affected. While this information breach deserves serious scrutiny, Yandex confronted a graver threat in the past, when Western intelligence agencies compromised their systems with Regin malware. 

The assault occurred between October and November 2018, and it targeted technical information regarding user account authentication, Reuters learned at that point. Yandex recognized the assault and said that it was detected and neutralized before it brought on any harm.

Russian explained why hackers steal personal data of CD Projekt RED employees

 Hackers have broken into the Polish development studio CD Projekt RED, the authors of the sensational game Cyberpunk 2077, and threaten to publish the source codes of the video games, as well as the personal data of the company's employees. Moreover, the attackers have already fulfilled the first part of the promise: the source code of several games of the Polish studio has appeared in the public domain. It is likely that cybercriminals will also reveal the personal data of employees. Alexey Kubarev, Head of the Solar Dozor Business Development Group at Rostelecom-Solar, spoke about why hackers hunt for such information and how they use it.

"The main goal of hackers is to profit from the spread of malicious attacks and fraud. Personal data can be both an end goal - it can be sold, and an intermediate goal - it can be used for the implementation of attacks," explained Kubarev.

According to the specialist, the most demanded information in the cybercriminal world is personal data related to the financial sector, for example, the bank's customer base.

The expert claims that fraudsters buy personal data on the Darknet. "There, the databases are placed by hackers, either who hacked the resource with the database, or received it from insiders."

Attackers figure out the employees they are interested in and, in various ways, make them provide either data or technical access to it.

According to Kubarev, a person cannot influence the protection of personal data that he provides to companies, since the companies that process them are responsible for the security of data.

"So, you should be careful about any letters and websites that require you to enter data about yourself and check whether they really belong to the official domain of the company. In addition, attackers can use social media to collect information, so it would be better to minimize the information with personal data in your accounts or restrict public access to them, if possible," concluded he.

The Central Bank conducted remote anti-hacker exercises for the first time

The Central Bank of the Russian Federation summed up the results of the cyber exercises held in November-December 2020, designed to test the information security systems of Russian financial organizations.

The intention to launch cyber training for the Russian banking sector was announced in 2019 by the Central Bank of the Russian Federation. According to the organizer, the exercises should be held in the format of stress testing for resistance to cyber threats once every two years.

22 organizations voluntarily participated in the past cyber-trainings. According to Vyacheslav Kasimov, Director of the Information Security Department of Credit Bank of Moscow, various situations of responding to incidents were practiced and procedures for interaction with the Bank of Russia were tested.

According to Mikhail Ivanov, Director of the Information Security Department of Rosbank, "participation in cyber training is primarily an opportunity to demonstrate its reliability to the regulator".

The Bank of Russia's audits are aimed at ensuring that banks comply with the established requirements and determine whether their infrastructure is designed and implemented correctly in terms of cybersecurity.

As Vitaly Zadorozhny, head of the cybersecurity department of Alfa-Bank, explains," they check the level of cyber-hygiene in the organization, but they do not allow determining how effectively the bank will operate when attacked.”

Artem Sychev, the First Deputy Director of the Information Security Department of the Central Bank, said that cyber training makes it possible to quickly identify the risks of financial organizations.

At the same time, the Bank of Russia has recently fined 17 banks for non-compliance with the requirements of the information security system. 

At the same time, the consequences for those tested with the new approach of the Central Bank are getting tougher. If a fine is issued based on the results of the checks, then the Bank of Russia may potentially worsen the risk profile of the credit institution based on the results of the cyber studies.

Russian experts spoke about the most common fraud schemes on the Internet

One of the trends of the last year, continuing in 2021, was the exploitation of the COVID-19 theme. Denis Legezo, a senior cybersecurity expert at Kaspersky Lab, said that several reports on targeted attacks on research centers dealing with the COVID-19 problem have been published over the past six months.  

One popular type of online fraud is phishing. Last year, Kaspersky Lab found over 7,400 resources. According to experts, scammers are engaged in the distribution of links among Internet users, the addresses of which are difficult to immediately distinguish from the names of real Internet resources. In some cases, the name of the platform is specified correctly, but a word is added to it that should not be in the original, for example, instead of

Another common type of fraud is a scam. So, scammers offer users to take a survey or take part in the promotion for a reward. However, users need to pay a small commission, usually about $5. The victims of fraud do not receive any payments, and the commission goes to the scammers.

Denis Legezo noted that ransom attacks will become more frequent.

"Attackers encrypt company data and demand a large ransom, otherwise they promise to put all the data in the public domain," added he.

In addition, SIM-related attacks are activated. An attacker reissues the SIM card, using fake documents or colluding with an employee of mobile phone stores, inserts it into his phone, and withdraws money from the victim's account via SMS commands. 

Most often, the victims of fraud are educated people aged 18-42 years with two diplomas and even an academic degree.

Russia will adopt the state OpenRAN standards for the development of 5G

Already in the spring in Russia, within the framework of import substitution, national standards for telecommunication equipment Open Radio Access Network (OpenRAN) will appear. The standards will accelerate the development of domestic solutions for 5G networks.

Russia will be the first in the world to adopt the OpenRAN architecture as the basis for a national standard. Russian OpenRAN standards are created on the basis of specifications developed by the international O-RAN alliance (which includes major global telecom operators). Russian standards will be harmonized with the solutions created in the OpenRAN paradigm.

According to experts, the cost of network solutions for cellular operators will decrease by ensuring the compatibility of equipment from different manufacturers, which is important for each mobile subscriber.

"In the context of the development of 5G networks, the technology may be in demand, as it will reduce capital expenditures on the construction of infrastructure", said Daria Kolesnikova, a representative of Tele2 cellular communications. 

The operators support the initiative, but they are not yet ready to use an open network architecture as there is currently no commercially available equipment based on the OpenRAN Alliance specifications.

However, experts expect the commercial launch of OpenRAN no earlier than in three to five years due to concerns related to information security and compatibility of existing solutions. So far, the entire infrastructure of operators is built on imported equipment, and the transition to open standards is associated with risks of unstable network operation.

"Open RAN is a key technology for modern mobile networks, it will enable faster deployment of 5G networks", said Olga Baranova, Chief Operating Officer of Orange Business Services in Russia and the CIS. However, the formation of national standards requires the participation of all market players: telecom equipment manufacturers, vendors, operators, content providers, specialized associations and alliances, scientists, equipment and software developers, as well as representatives of relevant ministries.

The FSB recorded an attempt to encrypt the data of patients in hospitals in Russia

The deputy director of the National coordination center for computer incidents (NCCI) Nikolay Murashov during a speech at the information security forum stated that for the first time in 2020, the Special Services recorded attempts by hackers to introduce malicious software into the information resources of Russian medical institutions in order to encrypt user data.

According to him, there were also hacker attacks on the information resources of the Central Election Commission and Civic Chamber of the Russian Federation.

Murashov said that the special services managed to prevent attacks on the services of state structures.

In total, over the past year, the NCCI has stopped the work of more than 132 thousand malicious resources. At the same time, according to Murashov, the main sources of cyber attacks on Russian resources are located outside the country: 67 thousand foreign malicious resources and 65 thousand such resources in Russia were blocked by the Center for the year. The attacks were carried out from Turkey, the Netherlands, and Estonia and were aimed at state authorities and industrial enterprises.

In general, according to Murashov, remote work has complicated the protection of personal data, as attacks began to be carried out through insufficiently protected remote access centers and vulnerable software. NCCI specialists also registered the sending of phishing messages, most often, card data were stolen through phishing.

The National coordination center for computer incidents has been recording for several years that the main sources of hacker attacks on Russian organizations are located abroad.

In late January, the NCCI center warned of possible cyberattacks from the United States. The threat of attacks in the Center was associated with accusations against Russia from Western countries of involvement in hacker attacks on American government resources, as well as with threats from them to carry out "retaliatory" attacks on Russian critical information infrastructure.

According to the Investigative Committee, in general, the number of cybercrimes over the past seven years in Russia has increased 20 times, and every seventh crime is committed using information technology or in cyberspace.

The NCCI was created in 2018 by order of the FSB to combat the threat of hacker attacks on Russia's infrastructure.

Putin instructed to develop additional requirements for foreign IT companies

Russian President Vladimir Putin instructed his administration and the government to develop proposals for additional requirements for foreign IT companies operating in RUnet. The order of the Russian leader was published on the Kremlin's website on January 28.

It is noted that such an order was given by the head of state following the meeting of the Presidential Council for the Development of Civil Society and Human Rights, held on December 10, 2020.

According to the text, "the Administration of the President of the Russian Federation should prepare together with the government of the Russian Federation and submit proposals to establish additional requirements for foreign technology companies operating in the Russian segment of the information and telecommunications Internet network, including companies that open representative offices on the territory of the Russian Federation".

The deadline for completing the order is August 1.

In addition, Putin instructed the government to develop a draft concept for the protection of human rights in the digital space, which includes measures to improve the digital literacy of Russian citizens and train them in information security and digital hygiene skills. This order must also be implemented by August 1.

On January 22, the Public Chamber of the Russian Federation announced its intention to send a letter to the State Duma with a request to legally oblige foreign IT companies to open their representative offices in Russia.

Earlier, the Deputy Chairman of the Security Council, Dmitry Medvedev, called it possible to disconnect Russia from the global network. At the same time, he noted that Moscow is ready for such a scenario. According to him, Russia can ensure the autonomy of its Internet segment.

The number of crimes with bank cards in Russia has increased by 5.5 times

Last year, 510.4 thousand crimes committed using information and telecommunications technologies were registered in Russia. According to the data of the Ministry of Internal Affairs, this figure is 73.4% more than it was in the previous year.

In 2020, cybercriminals used bank cards, the Internet, and a telephone to commit crimes. In particular, during the year, the number of acts involving the use of plastic cards increased by a record 453.1%, reaching 190.2 thousand. In 2019, according to the Ministry, there were only 34.4 thousand. 

The Central Bank confirmed an increase in the number and volume of transactions without the consent of bank customers in 2020.

The director of the company Anti-Phishing Sergey Voldokhin confirmed that massive phone fraud, malicious banking applications for smartphones and fake payment system sites have become a real problem in 2020. According to him, with the beginning of the pandemic and the transition to remote work, cyber fraudsters have received new opportunities for attacks. "Judging by the volume of thefts, banks and financial companies were not ready for a large-scale impact on their customers", added he.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, fraud trends are likely to continue in 2021.

"But a significant increase in their number is unlikely, as financial organizations and telecom operators are actively fighting such schemes, and the news agenda has made citizens wary of suspicious calls", noted he.

According to Pavel Utkin, a leading lawyer at Parthenon, the problem of phone fraud with plastic cards will disappear by itself when banks establish control over the personal data of customers.

The banks noted that in order to minimize attacks, they have already implemented comprehensive anti-fraud systems, as well as information campaigns among customers about new types of fraud and methods of countering them.

Earlier, E Hacking News reported that Sberbank is the most targeted organization in Europe by hackers.

Medvedev mentions about the possible disconnection of Russia from the global network

Disconnecting Russia from the global network is possible, but the authorities have a plan of action in this case, said the Deputy Chairman of the Security Council Dmitry Medvedev.

Medvedev said that Russia has the technical capabilities to ensure the autonomous operation of the Russian segment of the Internet, but no one would like to take it to such extremes.

"Technologically, everything is ready for this. At the legislative level, too, all decisions have been made. But once again I emphasize: this is not easy, and I would really not want it,” stressed he.

Medvedev acknowledged that the isolation of the Russian segment of the Internet is only a backup plan in the extreme case if Russia is disconnected from the global network. "Of course, we have a plan for how to act in such a situation. The Internet, as you know, appeared at a certain time, and, of course, the key management rights are located in the United States of America. So potentially, Russia's disconnection from the global network can happen," said Medvedev. 

The politician recalled the constant talk about disconnecting Russia from the international interbank system for transmitting information and making SWIFT payments. "They constantly frighten us with this. We were even forced to create our own system for the transfer of information if suddenly this happens so that electronic messages can be exchanged. The same thing can potentially happen with the Internet, and then we will not have access to the main nodes of this network," said the deputy head of the Security Council.

The Deputy Head of the Security Council recalled that against the background of such risks, a law on the Russian segment of the Internet was adopted so that it could be managed autonomously.

Nevertheless, the deputy head of the Security Council urged to be realistic and understand that if the Runet is isolated, it will create big problems.

Earlier, E Hacking News was reported that Russian business expressed fear about the isolation from the global Internet.

Sberbank is the most targeted organization in Europe by hackers, says Herman Gref

 At the moment, Sberbank is more often than other institutions in Europe is subjected to hacker attacks, but successfully repels them, said the head of the credit institution Herman Gref speaking at a plenary session in the Federation Council with a presentation on artificial intelligence (AI).

“We are the most attacked institution in Europe. Every day, artificial intelligence inside our Cyber ​​Security Center analyzes billions of events. During this entire period of time, we did not allow a single penetration into our systems,” said Mr. Gref.

Gref stressed that the AI protects not only the credit institution itself but also its customers. According to the banker, citizens who use the services of Sberbank are protected in 97% of cases: the systems recognize that a person is trying to transfer funds to a fraudster.

"In 97% of cases, our algorithms recognize fraud, stop these transactions, contact the person, the person confirms that he made this transaction, and we tell him that it was a fraudster," added Gref.

According to the head of Sberbank, in cyber attacks, scammers use artificial intelligence technologies, in particular, deepfake technologies, which allow simulating the face and voice of the client.

"Scammers can call from your phone that belongs to you, speak with your voice. And this is a gigantic threat. It is extremely difficult for a normal person to fight this, and therefore powerful systems for protecting a person from such fakes should come to the rescue,” noted Gref.

According to the Bank of Russia, in the first nine months of 2020, fraudsters stole about 6.5 billion rubles from bank customers from their cards and accounts. Sberbank estimates that since the beginning of 2020, fraudsters have called customers about 15 million times. Sberbank recorded more than 3.4 million customer complaints about phone fraud in the first half of the year, which is 30 times more than in 2017 and more than twice as much as in 2019.

"The number of fraudulent calls in Russia reaches 100 thousand per day", said Stanislav Kuznetsov, deputy chairman of the bank.

Earlier, E Hacking News reported that according to Sberbank cyber criminals are using Artificial Intelligence in banking Trojan which is quite difficult to recognize.

The Russian pleaded guilty to cybercrime charges in the United States

 Kirill Firsov admitted his guilt in trying to obtain secret information about the clients of a certain company for fraudulent purposes

A hearing on the sentencing of Russian citizen Kirill Firsov, who pleaded guilty in the United States to data theft, will be held on April 12.

As noted, before the announcement of the punishment, the court will be presented with additional materials about the case. Firsov agreed to attend the meeting via videoconference.

Recently, the Russian has reached an agreement with representatives of the prosecutor's office. Firsov pleaded guilty to trying to fraudulently obtain confidential information about the clients of a certain company. He could be sentenced to up to 10 years in prison and ordered to pay a fine of up to $250,000.

The prosecution agreed not to seek the most severe punishment for the Russian. He waived the right to insist on a trial and to challenge the charges in question.

Recall, the US authorities detained Firsov on suspicion of stealing the personal data of California residents for their further sale with the aim of using them in false identity cards. The Prosecutor's Office of the Southern District of California names Firsov the administrator of the platform DEER.IO.

The US authorities claimed that this platform is based in Russia. This resource was allegedly used to sell information stolen by hackers, including personal data and information about bank accounts.

As follows from the materials, the site operated from 2013 to 2020, the income from illegal sales amounted to $17 million.

Firsov said that most of his victims were Russians, but about $1.2 million was earned by selling information about Americans. This fact allowed the FBI to pursue Firsov and detain him upon arrival in the country.

The Russian was arrested on March 7 at the John F. Kennedy Airport, in New York. Three days earlier, the FBI made a "test purchase" on his website, acquiring information about 1,100 gamers for $20 in bitcoins.

Russians Warned for US-led Cyberspace Threat Ensuing Solar Wind Orion


On Thursday evening, the Russian government released a security notice to Russian firms warning of possible US-led cyber-attacks following the SolarWinds incident. In retaliation for SolarWinds hacking which has breached networks of a variety of US federal agencies including the Defense Department and top-tech businesses, the Russian government has warned corporations around the world of an imminent cyberspace threat. 

At least 250 federal agencies and leading US businesses have suffered from Russian-backed hackers by filtering into the surveillance and control platform 'SolarWinds Orion.’ The response of the Russian government comes after earlier statements from the current Biden administration.

New officers from the White House said that they are reserved with the freedom to respond to cyberattacks, and they would want to do so in answer to the questions about their plans for SolarWinds. The secretary of the press said that “We’ve spoken about this previously… of course we reserve the right to respond at a time and manner of our choosing to any cyberattack.” 

The reaction from Moscow to this statement was given hours later by the Federal Security Service, an internal security and intelligence body in Russia, the National Coordinating Centre for Computer Accidents. It took the form of a protection newsletter. 

The brief statement included a list of 15 best practice safety measures that companies have to follow to remain safer online, and cited the statements of the Biden government which are considered as a threat. The best practice in the warning is to include factory safety guidance and few businesses and even the least qualified safety, as noted by the experts. 

In reaction to Biden's hostile declaration earlier in the day further security warnings were released. In the SolarWinds incident, Russia has declined its stance. Following the event of SolarWinds, the Biden administration has dedicated $9 billion to cyber defense. Recently, at least 24 large corporations, including tech giants including Intel, Cisco, VMware, and Nvidia have been hacked. 

In Orion applications sold by the IT management firm SolarWinds, the alleged Russian hackers built and collected the confidential data of a number of U.S. government departments and firms. The original report was that 18,000 government and private networks were hacked by Russian hackers.

Experts found a vulnerability in the application of the Moscow State Services

Specialists of the company Postuf reported a vulnerability in the application of the Moscow State Services, with which it was possible to gain access to the account, knowing only the user's mobile number.

This made it possible to get all the information that the user specified on the site: full name, e-mail, year of birth, medical insurance number, list of movable and immovable property, information about the foreign passport, about children, students in schools, etc. Knowing the number of the medical insurance number and the year of birth, it was possible to get access to medical information: which doctors a person visits, what prescriptions are written to him, the history of attachment to clinics, etc.

"The vulnerability made it possible not just to view, but also to change the data", said the founder of the company Postuf Bekhan Gendargenoevsky.

The expert notes that it is impossible to cause serious harm by knowing the data from the portal, but personal data can be used by hackers for phishing attacks.

"It is impossible to steal money directly [with such information], although hackers can use their knowledge in social engineering and try to steal bank card data from a person," said the computer security specialist.

He also noted that since the system has no restrictions on the number of requests for access to accounts, requesting the so-called beautiful numbers, it was possible to get information "about a number of well-known personalities who, as a rule, have such numbers."

A representative of the Moscow Department of Information Technology did not confirm the information about the vulnerability, stressing that authorization in the Moscow State Services mobile application without specifying a password is impossible.

State Services is a federal state information system. It provides individuals and legal entities with access to information about state and municipal institutions and organizations, and the services they provide in electronic form.