Search This Blog

Showing posts with label Russia. Show all posts

Hacker to stand trial for stealing and distributing Russian Railways data


The investigating authorities completed a criminal investigation into the theft of data from Russian Railways employees. This was reported by the press service of the Investigative Committee of Russia.

According to the Committee, in June 2019, the accused, using illegally obtained accounts of two employees of Russian Railways and 96 unique IP addresses, was able to get to the internal website of the state company. There, he copied several hundred thousand photos and information of the Russian Railways management, as well as other employees of the organization. Later, he posted the data on one of the sites that have hosting in Germany.

Investigators were able to identify the computer genius. It turned out to be a 26-year-old IT specialist from Krasnodar, who admitted his guilt. It was possible to establish the identity of the attacker through joint work with the K department of the Ministry of Internal Affairs of Russia and the security service of Russian Railways. In December 2019, he was charged under the article "illegal receipt and disclosure of information constituting a trade secret".

The leak of data of Russian Railways employees became known in August 2019. They were published on the website infach[dot]me, which allowed users to anonymously publish personal data of other people. Among the data of Russian Railways employees published on the site were their names, phone numbers, positions, photos in the uniform and pictures of the insurance documents. The attackers added a note to the publication "Thank you to Russian Railways for the information provided by carefully handling the personal data of their employees". Later, the information was hidden.

Later, Ashot Hovhannisyan, the founder and technical Director of DeviceLock, a company specializing in preventing data leaks from corporate computers, said that unknown people had posted personal data of 703 thousand people for free access. He also suggested that the leak occurred from the database of the security service of the state company. According to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people.
After the leak, Russian Railways assured that the passenger data was not stolen.

Most corporate networks in Russia are at cyber risks


Most (81 percent) of corporate and government structures networks were infected with malicious software. This is the conclusion was made by Positive Technologies specialists after analyzing the internal traffic of state organizations, industrial enterprises and other structures. IT analysts sound the alarm because employees of Russian companies and government agencies download movies from torrents, communicate via messengers and use simple passwords, increasing vulnerability.

Experts said that among the most common viruses are miners who mine cryptocurrency secretly from the owners and unauthorizedly display advertising software. A quarter of the networks are openly infected with spyware.

The company also reported that employees of 94 percent of Russian companies and government agencies download movies from torrents, communicate via messengers and use simple passwords like 12345. Positive Technologies also includes remote access to corporate resources as a risk factor. Experts explain that the employee's computer can be hacked and fraudsters will get access to the corporate network through it.

Analysts have noticed that it is extremely difficult to distinguish the actions of employees who run Tor, VPN and proxy servers from the actions of hackers because in both cases the same technologies are used. So hackers can steal data from the corporate information system without being noticed.
Sergey Zolotukhin, the trainer of the Group-IB computer forensics laboratory, explained that underestimating the level of development of cybercrime, a lack of attention to modern technologies and a low level of knowledge in this area affect the level of protection of companies from cyber threats.

Earlier, on February 10, it became known about a new type of fraud with Bank accounts of Russians. Scammers call the potential victim and ask which branch the client will come to close the account. The owners report that they did not make such a request to the Bank, after which they are offered to transfer all funds to a secure account.

Deputy of the State Duma of the Russian Federation: it is necessary at the legislative level to protect the data of Russians on Facebook


Andrey Alshevskikh, the State Duma Deputy, said that the threat to the personal data of Russian users of the social network Facebook is real. The Deputy notes that it is necessary to take appropriate security measures at the legislative level.

The day before it became known that the hacker group OurMine hacked two official Facebook accounts on Twitter. On the night of February 8, an appeal appeared on these pages stating the vulnerability of Facebook to hacker attacks. It was also said about the weakness of the Twitter security system.

"As for Facebook, this is not the first case and, something tells me, not the last. It is necessary to deal with such cases in detail and take concrete steps at the legislative level, make amendments to existing laws, and adopt new ones to protect the data of Russian citizens," said the Deputy.

Alshevskikh recalled that the threat to the personal data of Russians who use Facebook was mentioned repeatedly. Therefore, a law was adopted providing for the storage of personal data of citizens of the Russian Federation in Russia, however, some companies do not want to comply with it.

"We need to force Facebook to comply with Russian law," said Alshevskikh. Recall that earlier Roskomnadzor started administrative proceedings against Facebook and Twitter, which did not provide a localization report at the indicated time. Refusal to localize, according to Russian law, faces a multimillion-rubles fine. In the case of the first violation, legal entities may be charged up to 6 million rubles ($94,000), in the case of a second violation - from 6 to 18 million rubles ($94,000-$282,000). Court hearings have already been scheduled and will take place on February 13 in a Moscow court.

Earlier, CEO of a detective agency and speaker on cyberattacks Vladimir Golovin recommended that those who are concerned about the safety of their personal data stop using Facebook.

CEO of a detective agency and speaker on cyber attacks: users should understand that Facebook is leaking their data


Numerous Facebook leaks in 2013 and 2016 put users in a position where they are not responsible for their security. This opinion was expressed by the General Director of the detective agency and speaker on cyber attacks Vladimir Golovin.

The Cybersecurity team at Check Point Research found out that Internet attacks were most often carried out on Internet users to obtain their personal data via Facebook for the last quarter of 2019. A social network is not able to protect its customers from online fraud.

Experts told about such a fraud scheme as "phishing", which consists of the theft of the username, password and other personal data. Hackers operate through social networks or other platforms where people leave information about themselves. As a result, it turned out that Facebook has become the leader among platforms that are hacked by scammers. The second line is occupied by the Yahoo service, and in third place is Netflix.

According to Golovin, when a user leaves their data somewhere, their security depends on him only by 50%.

"If you want to give your personal data, then use Facebook. If not, you don't need to use it at all," said the speaker.

According to him, today people have the wrong attitude to personal data, so it is worth starting the fight with this. Many people do not understand the danger they face when leaving personal information on unverified sources.

Golovin notes that Facebook continues to do the same, leaking user information.
"Therefore, in the field of information security and data storage, all these are political games," he concluded.

It is worth noting that, in addition to the constant leak of personal information, foreign sites continue to brazenly violate Russian laws by refusing to transfer servers with Russian data to the territory of the Russian Federation. Ruslan Ostashko, editor-in-chief of the online publication Politrussia, said that it is necessary to register the possibility of blocking the activities of Facebook and Twitter at the legislative level.

Data from more than half a million clients of Russian microfinance organizations has been put up for sale


The base of more than 1.2 million MFIs clients, which is in the top 10 on the market, is up for sale. It affects more than one company. Bistrodengi, Zaymer, Ekapusta found their customers in this base. According to experts, the data is collected from different places. Information can be used by fraudsters to make online loans.

The database includes full names, phone numbers, email addresses, dates of birth and passport data of Russians. The seller of the database does not disclose the name of the organizations. whose data he had, but most of the customers who answered the calls reported that they applied for loans to the Bistrodengi company.

Elena Stratieva, Director of Microfinance and Development, said that internal audits were carried out on the first day after the announcement was revealed.

She stressed that the level of data matches with the databases of individual companies is quite low, which may indicate a leak on the part of an agent that aggregates data for many financial institutions at once.

At the same time, according to her, the database includes not only data of individuals who were approved loans in 2017-2019, but also those who were refused. According to Federal law, MFIs do not store this much time.
It was also noted that the fact of data leakage from any MFIs or from several MFIs has not yet been established.

In turn, Olesya Bobkova, managing Director of Lime Zaim MFO, expressed the opinion that customer data could get into the network because of unscrupulous webmasters who still have user data in their databases. For example, most of these data sales ads contain inaccurate, outdated, and incomplete data that are not enough to use or harm customers. However, according to Bobkova, some hackers do not lose their attempts to monetize this database and bring information to black markets and forums.

Group of 10 hackers was convicted for stealing gasoline and selling


The court issued a verdict on February 3 in the case of theft of fuel at Rosneft gas stations.
The court and investigation found that there were ten people in the hacker group, two women and eight men. They divided criminal roles, came up with a scheme using special equipment and software in order not to top up gasoline at gas stations.

Attackers stole at "Rosneft-Kubannefteprodukt" gas stations. They launched the equipment and modified the information on the computer, which gave them the opportunity not to top up the fuel to customers. They sold the surplus again and divided the profits.

The damage to Rosneft gas stations amounted to more than 1.7 million rubles ($27,000). Its size was calculated based on the price of spare parts that were damaged by attackers in the fuel dispensers.
A criminal case has been opened on the creation, use and distribution of malicious computer programs. The court found the defendants guilty. Depending on the role of each, they were assigned from 1.5 years to 4 years in prison with fines of 200 to 500 thousand rubles ($3,000-$8,000).

Earlier, EhackingNews reported that employees of the Ministry of Internal Affairs in the Khabarovsk region detained 13 employees of one of the companies engaged in retail and wholesale of petroleum products. The hackers introduced the virus into the control system of gas stations. This allowed hackers to steal part of the product purchased by customers.

It is worth noting that in 2018, the FSB found viruses in dozens of gas stations in the South of Russia that allow to not top up fuel. The creator and distributor of viruses was Russian hacker Denis Zaev. In August 2019, Zaev hid several times from law enforcement agencies and was on the Federal wanted list, and then hid on the territory of Georgia. In total, 24 defendants are involving in this criminal case.

Hackers used the websites of Russian government agencies to extract cryptocurrency


According to the deputy head of the National Coordination Center for Computer Incidents of the FSB, Nikolai Murashov, encryption viruses decreased their activity last year and were replaced by malware. In particular, these programs have changed for crypto-jacking or hidden cryptocurrency mining.

Murashov noted that the software for hidden mining uses up to 80% of the free power of the device, and the user may not know about it. According to him, the seizure of server capacities of large organizations for the purpose of mining cryptocurrencies threatens to severely reduce their productivity and harm their main activities.

Murashov said that hackers attack not only large companies but also ordinary users, for example, by mining through a browser while visiting infected web pages. Browser companies have already begun to struggle with this problem. So, in April of last year, the Mozilla Firefox introduced protection against crypto-jacking.

In addition, the number of installations of shadow miners on computers of ordinary users has increased. Last year alone, more than 50,000 such incidents were recorded.

"The scope of activities of shadow miners expanded over the past year. Hackers started using new software that is difficult to track because of the special code structure. Some applications are developed specifically for government servers and gaining control over them. Programs use computing power for mining, but administrators can only notice this during a detailed audit," said Murashov.

In Russia, the most high-profile incident last year was an incident with miners who mined cryptocurrency on the computers of the nuclear center in Sarov. The attackers, who turned out to be employees of the organization, used the equipment for their own purposes for several years.

Companies around the world are being attacked by ransomware viruses and crypto-jacking. Recently, a cybersecurity company Proofpoint, reported that in 2019, more than half of all public and private organizations in the United States were subjected to virus attacks and phishing. In this regard, regulators are beginning to take decisive action.

The website of the Echo of Moscow radio station reported a two-week hacker attack


For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.

According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected.

"We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo.

He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located remotely," explained Venediktov.

In addition, office computers were unexpectedly attacked, due to which Echo Moscow could not receive news from news agencies. "It is very important that they attack Internet communication channels, including from the satellite from which our regional partners receive the signal. These are very experienced, very powerful DDoS attacks. As experts tell us, very large structures have such capabilities," he said, adding that the radio station's specialists have already learned to repel all these attacks.

However, according to Venediktov, the radio station is losing subscribers and advertisers. The Editorial Board drew the attention of the shareholders to this fact, and "the shareholders are worried".

Alexander Baranov says Russia has nothing to do with the cyberattack on the friendly Austrian Foreign Ministry


The hacker attack that the Austrian Ministry of Foreign Affairs underwent prompted European countries to take active measures to defend against such attacks. At the same time, the EU accuses Moscow of the attack, which makes no sense, given the friendly relations between Russia and Austria. Alexander Baranov, head of the Department of Information Security at the National Research University, commented on the situation.

According to the expert, anti-Russian accusations once again show the policy of Western "hawks" who regularly make groundless statements to undesirable countries.
"These accusations are completely groundless and are not supported by any arguments," Baranov said.

He stressed that Russia has absolutely no interest in attacking the Austrian Foreign Ministry. In addition, Austria supports the implementation of major projects, such as the Nord Stream 2 gas pipeline.

"This is one of the friendliest countries in the European Union, I think. Therefore, I do not see any sense to attack its foreign Ministry, especially since the country is small and it does not play a decisive role," the expert believes.

In his opinion, the provocation is obvious in order to worsen relations between the countries.
"One of the most famous methods of hackers is to carry out an attack from the territory of States that have nothing to do with it. Most often it is China or India," Baranov explained.

The expert reminded that it is now almost impossible to track the end user if he uses an anonymizer. It is possible that the European security forces were able to establish any facts, but they are not able to make them public because of the secrecy.

He added that European politicians enjoy their impunity by regularly making unfounded accusations.
"Representatives of Russia have repeatedly asked for facts, but there is nothing, there is only empty talk," the expert concluded.

A hacker attack on the Austrian Foreign Ministry occurred in early January. In Vienna, they believe that the incident has a Russian trace while recognizing the absence of any evidence.

Earlier, the Austrian newspaper DiePresse reported that a number of EU countries decided to form a group to protect themselves from cyber attacks from Russia. Vienna will work together with Germany, the Czech Republic, Belgium and Cyprus on this issue. These States consider themselves to be "victims of a Russian cyber-espionage".

More than half of Russian companies are concerned about the protection of personal data of employees and customers


The antivirus company ESET studied the state of information security in the Russian business sector, interviewing dozens of IT Directors and business owners. According to ESET research, different types of cyber threats affected 90% of Russian businesses. 60% of Russian IT managers are seriously concerned about the safety of personal data.

"The discontinuation of Windows 7 will play a role. Many Russian companies, despite the risks, will continue to use the operating system in the workplace. This will increase the risk of infection with new viruses, compromise and loss of corporate data," said the ESET representative. In addition, on January 14, 2020, support for the Windows 2008 and Windows 2008 R2 server systems was completed. They are used by many small and medium businesses. According to Ruslan Suleymanov, the Director of Information Technology Department of ESET Russia, this year, powerful and frequent DDoS attacks on the corporate sector and deepfakes will remain a trend.

Elena Ageeva, a consultant for the Information Security Center Jet Infosystems, notes that the development of cloud technologies will contribute to an increase in the number of attacks on cloud services.

According to InfoWatch, in Russia, ordinary employees have been and remain the main threat to the personal information of company customers. They account for more than 70% of the violations leading to leaks.

Andrey Arsentyev, head of the InfoWatch Analytics and Special projects Department, believes that phishing attacks will be further developed in 2020.

According to Dmitry Stetsenko, the head of the Kaspersky Lab’s group of system architects, attacks, almost undetected by standard antiviruses, through supply chains and BEC (Business Email Compromise) are gaining more and more popularity. After infecting the system, attackers prefer to use legal IT tools to develop attacks, which also complicates data protection.

Yevgeny Gnedin, head of Analytics at Positive Technologies, believes that attacks to steal information will prevail over attacks with the aim of direct financial theft. "Especially if the company does not provide ongoing monitoring of information security events and the investigation of cyber incidents," said the representative of Positive Technologies.

Russian experts warn the danger of charging the phone in public places


The number of charging stations at airports, bus stops, metro stations and other public places in Russia has been growing rapidly in recent years. However, using such USB-inputs is not safe because attackers can access data stored in the phone or download malware through them. Today in Moscow you can charge your gadgets at airports and train stations, in metro trains, buses, at public transport stops, and in shopping and entertainment centers.

According to Sergey Nikitin, Deputy head of Group-IB, standard USB cables contain four wires: two for data transfer and two for charging. The problem is that hackers embed a special device in the charging wire, or add a small computer to the charger itself. When people connect a gadget to charge, they connect it to some other device.

"Attackers can thus gain access to your device," said the expert. Nikitin gave an example of one of these attacks: a small computer sends malicious code to the gadget, runs it, and so the hacker gains access to the data of the smartphone. An expert at Jet Infosystems Georgy Starostin noted that cybercriminals can download photos from victim's phones for blackmail or infect the device with a virus.

According to him, charging stations in public places carry other risks, the company providing the service can also install additional equipment. According to him, this way it will collect user data for further analysis and sale to advertisers.

The Avast press service said that information is transferred via USB ports in the same way as to the computer. If there are any vulnerabilities in the USB phone software, hackers can gain full control of the connected phone.

Experts advised users to try to avoid charging stations in public places. Avast offered to buy a portable power supply for charging the gadget or USB cables in which the data wires are removed.

The Russian Embassy in Sweden responded to the Swedish Minister's statement about "Russian trolls"


The Russian Embassy in Sweden reacted to an interview with Swedish Minister of Energy and Information Technology Anders Igeman to the TT Agency, in which he said that "Russian trolls" who are opponents of 5G technology attacked his Facebook.

Russia is open for cooperation with Sweden, especially with those of its representatives who are not looking for "Russian trolls". The embassy of the Russian Federation in Sweden wrote about this on Tuesday on its Facebook page.

"We would like to assure the Minister of the fallacy of his opinion that the development of 5G technology in our country is associated with a negative impact on public health. On the contrary, we are open to cooperation with Swedish partners in this area, especially with those who do not suffer, as Anders Igeman, from paranoia in search of "Russian trolls"," said the Embassy.

Anders Igeman said on Monday that an information attack was committed on one of his posts on Facebook organized by opponents of the development of the country's fifth generation of mobile communication 5G. Almost 2 thousand comments were left to this message instead of several hundred. As the Minister himself noted, the content of most of the comments suggests that someone is interested in creating a negative information background around the topic of the development of a new generation of communication. Igeman believes that the "Russian trolls" did this.

"We are especially pleased that Anders Igeman connects the increased interest in his publication about 5G with our country. Judging by the scope of the reaction, almost all Russians who speak Swedish responded to the recent post of Minister!", wrote the representatives of the diplomatic mission.

The Embassy promised to subscribe to the updates of the Swedish Minister and to closely monitor his activity in social networks.

At the same time, representatives of the Embassy expressed hope that Sweden will consider Russia not a threat, but a potential partner.

The Internet isolation law will save the Russian Federation from isolation from the World Wide Web


In 2019, Russia took a number of measures to ensure the security of the information sphere, which in recent years has become the main means of foreign intelligence services to spread lies. First Deputy Chairman of the Federation Council Committee on Foreign Affairs Vladimir Dzhabarov noted that Russia should ensure security in the cyber environment to exclude any possibility of using the global Network against the interests of the state.

"Now it is important not just to control, but to understand and prevent any attacks against the government. The upcoming year will be aimed at ensuring security in the field of IT technologies not only in Russia but also around the world," said the Senator.

He explained his point of view on the example of the law on the isolation of the Runet which came into force on November 1, 2019.

Dzhabarov stressed that the document was adopted not to isolate Russia from the World Wide Web, but to protect the Runet from external threats and various technological disasters that could endanger the reliable functioning of Russian life support systems. In other words, to ensure the independence of the Internet in the country.

“If we feel that we are being blocked, we will take retaliatory measures. We have many rivals. First, of course, the NATO countries, because everything depends on security,” the politician concluded.
In addition, there was a bill introduced by members of the Federation Council to the State Duma. The document proposes to block users of e-mail services and messengers that distribute information prohibited by Russian law. Such activities pose a direct threat to society and the state. Vivid examples are social networks such as Facebook and Twitter, which are the main sources of misinformation. The draft law is currently under consideration.

Earlier, the head of the National Values Protection Fund Alexander Malkevich said that Russia needs a cybersecurity strategy, and announced a forecast for the development of this sphere for 2020. He noted that the state has made a big step forward in countering cyber attacks, but there is still much to do. In his opinion, all the relevant structures should unite to repel any attacks on the cyber borders of the Russian Federation.

The Russian President created a new Department for information security


Russian President Vladimir Putin signed a decree increasing the number of departments of the Ministry of Foreign Affairs of Russia from 41 to 42.  According to the Facebook page of the Department, the new 42nd Department of the Russian Foreign Ministry will deal with international information security, including the fight against the use of information technologies for military-political, terrorist and other criminal purposes.

The decree came into force on December 27, 2019.  The number of employees of the Central office of the Russian Foreign Ministry increased from 3,358 people to 3,391 people. The decree establishes a staff payroll for a year in the amount of 3,521,914.7 thousand rubles ($57,000).

Employees of the Department will have to propose measures to improve legislation to make it easier to cooperate with other countries and international organizations on the topic of information security.

"The main idea of the department is the development of generally accepted rules for conducting a cyber environment and for a collective response to challenges,” said Maria Zakharova, an official representative of the Russian Foreign Ministry.

Earlier, at the end of 2018, the Permanent Representative of Russia in Vienna, Mikhail Ulyanov, announced that a new information security division would appear in the structure of the Ministry of Foreign Affairs. He noted that the decision was made due to the fact that information threats have recently become more relevant.

Recall that on December 28, it became known that the UN General Assembly adopted a resolution proposed by Russia to combat cybercrime.  The US did not support the initiative, considering the document redundant, as there is already an agreement on cybercrime, it's the Budapest Convention

The American side believes that the resolution is beneficial to Russia to create the necessary "type of control over the Internet space."

The Russian Foreign Ministry called the adopted resolution a new page in the history of the fight against cybercrime, stressing that the document actually secured the digital sovereignty of States over their information space.

Kremlin commented on the plans of the US cyber command


Member of the State Duma Committee on International Affairs, Elena Panina, considers the tactics of countering possible "interference in elections", which the US cyber command is developing, as direct aggression against Russia.

Earlier, the Washington Post reported that the US cyber command is developing information warfare tactics against high-ranking Russian officials and businessmen in case Moscow tries to interfere in the 2020 elections. The goal of the cyber command may be representatives of the Russian elite.

"Attempts by the American side to present these plans as "defensive", as a possible response to the case of "interference in the American elections" look ridiculous. In fact, we are talking about the threat of direct aggression against Russia in the information space," said Panina.
According to her, the cynical nature of these actions is manifested in the fact that the United States decided to publicly blackmail Russian political and business elites, threatening to hack e-mail and invade personal space.

She believes that the purpose of public disclosure of such plans is an attempt to intimidate the Russian political class. "Such actions are more typical for a criminal group than for a legal State," stated Panina.

In addition, a member of the Federation Council Committee on Foreign Affairs, Sergei Tsekov, stated that there is nothing original in the published plans for conducting an information war.

"The United States is always waging an information war against Russia. This is the meaning of life for the American community. So there is nothing original in this statement. As for countering Russian" interference " in the elections, the Americans have already achieved a 100% effect. Russia has never interfered in the election process and is not going to," said he.

The Senator also expressed the opinion that the effect of any American tactics of conducting an information war against Russia "will be very weak".

"Russian society is consolidated and understands very well the nature and mentality of the American community. So we do not give in to any propaganda on their part," concluded Tsekov.

Recall that US intelligence agencies accused Russia of interfering in the election campaign before the 2016 presidential election. Later, a commission was formed to investigate these circumstances, led by special prosecutor Robert Muller, the former head of the FBI. 

90% of Russian entrepreneurs faced external cyber threats, says ESET


The antivirus company ESET conducted a comprehensive study on the state of information security in Russian companies, interviewing dozens of IT Directors and business owners.
According to the study, 90% of Russian companies faced external cyber threats and about 50% faced internal ones. Among external cyber threats spam (65%), malware (47%) and encryptors (35%) are leading.

The distribution of malicious software is closely linked to the activity of spammers and phishers who seek to lull the employee's vigilance and force him to follow a malicious link or download a dangerous file. At the same time, many respondents noted that often viruses, Trojans and other malware got on devices because of the human factor - employees used unverified external drives or installed unwanted software.

In addition, 7% of respondents experienced the loss of corporate smartphones, tablets or laptops with confidential information by employees.
It is worth noting that specialists from the CIS often face internal problems of information security. At the same time, Russian companies often had to repel more serious threats: DDoS attacks, phishing, encryptors.

Every fifth Russian company suffered from accidental data leaks due to a lack of knowledge of the security rules for employees working with confidential information. At the same time, Russian IT managers are concerned about the protection of personal data of employees (60%), which is also due to the tightening of the relevant norms of Russian law.

90% of respondents reported that they use anti-virus solutions, 45% control the work with external drives, 26% implement financial protection systems and 28% fight against DDoS attacks. In addition, managers are increasingly turning to third-party companies for audits to ensure information security (15%). At the moment, according to experts, outsourcing security is one of the trends in cybersecurity.

At the end of 2019, 5% of Russian companies are not satisfied with the state of information security and would like to increase the budget. Moreover, with the growth of the number of computers, the level of dissatisfaction and the desire to increase the budget for information security are growing.

Russians learned to circumvent the ban on anonymity in the Network


Russians learned to circumvent the ban on anonymity on the Internet using online services. Services give the customer a phone number for rent for a small amount for a few hours.

Information security experts found that the requirement of mandatory identification of users of messengers by phone number provoked the growth of anonymous verification services. Such resources can be used to spread malicious software or other fraud.

According to the technical Director of Qrator Labs Artem Gavrichenkov, such services provide users with mobile numbers for rent, among them, for example, sms-reg.com, getsms.online, smska.net, simsms.org and others. It costs from 3 to 300 rubles ($0.04 - 5), the rental period is from 20 minutes to several hours. Anonymous verification is available for Mail.ru, Vkontakte, Odnoklassniki, Avito, Yula, WhatsApp, Viber, Telegram, Facebook, Twitter, Yandex, Badoo, Mamba and others.

According to the expert, mobile operators of different countries use services, but judging by the errors in the English version of the sites, the services are aimed at a Russian-speaking audience.

Gavrichenkov is sure that the rented numbers can also be used to distribute illegal content or sell drugs on social networks and messengers.

"The services exploit gaps in government-approved rules for identifying users of instant messengers and social networks by phone number", said Mr. Gavrichenkov. Recall that on May 5, a government decree on the obligation of the owners of Messengers to identify the users of their resources by telephone number came into force in Russia.

The use of anonymous numbers can lead to increased fraud. So, using the generated accounts, anonymous users can make fake likes at posts to lure other users. Most often it is the posts that sell non-existent goods. The situation is the same with malicious applications.

To block all numbers of anonymous Internet portals it is not possible as their list is very quickly updated.

Russian quality system made recommendations for the safe use of IP cameras


The Russian Quality System study says that wireless IP cameras that are used at home, in cafes and other public places can be hacked by attackers to obtain confidential data.

The organization found that cameras have many vulnerabilities, as well as other devices that connect to the Network, for example, smart refrigerators, coffee makers. Specialists of the Russian quality system reported numerous cases in which personal data fall into the hands of hackers due to the hacked Wi-Fi cameras. Hackers can connect to the cameras of a cafe or restaurant and see the victim’s keyboard and their passwords.

In addition, there was a case of hacking the casino’s Wi-Fi cameras when any person with sufficient technical skills could connect to them and observe the casino’s work from the inside, seeing people’s cards.

The vulnerability of wireless cameras is associated with the quality of software that manufacturers save on and the lack of data encryption. In addition, cameras are often managed from accounts for developers who use standard logins and passwords.

Often, the owners of the cameras themselves do not change the data for connecting to the camera, leaving the default passwords and thereby simplifying access to it.

"The cameras are often not thought out in terms of security, so it’s unlikely that they can completely protect themselves from hacking," said the hacker, who wished to remain incognito.

To reduce the risk of hacking IP cameras, the Russian quality system is advised not to save on them and buy cameras with data encryption. It is worth paying attention to the websites of manufacturers, as it is important that the camera model is supported at the moment. The page to which the recording from the camera is broadcast must be protected by the HTTPS protocol.

Experts also advise changing standard passwords, making them complex and limiting the number of devices from which you can connect to the camera.

Insider Threat : Employees of Russian banks are massively recruited to get data


In Russia, there are 73 services that recruit insiders in Russian banks. This information was shared by Darknet researcher Anton Staver.

"Many groups providing such services is due to the amount of work that falls on them," explained Staver. According to the researcher, services that recruit Bank employees receive up to 50 orders a day, which is enough for the existence of an entire industry.

The expert said that customers of such data are usually competitors of banks, jealous spouses of customers, as well as hackers and scammers. Scammers often asked to choose a list of victims with the big account balance. At the same time, according to Staver, recruitment is most often “carried out by specialized structures”.

The expert noted that recruiters receive from customers about 15 thousand rubles ($240) for one employee of the Bank. During the work, the recruiter receives the search criteria, after which the client receives the contacts of the necessary person in Telegram or Jabber. It takes about 5-7 days to search for an insider.

Pavel Krylov, who runs a company specializing in the investigation of cybercrime, agrees with the research data. "Fraudulent schemes using personal data are now successful and effective, so attackers are actively looking for insiders in banks," said the expert. He also noted that various criminal groups taking advantage of theft and withdrawal options use schemes with recruitment for monetization.

The cost of recruitment ranges from 7 thousand to 100 thousand rubles ($112-$1600) and depends on the complexity of the task. If the security service of the Bank works effectively, the price will be much higher. Employees are usually hired through social networks, instant messengers, personal contacts, LinkedIn.

Hackers using government websites of Russian Federation for mining


Cybercriminals used to generate cryptocurrencies not only computers of ordinary Internet users but also the resources of large companies, as well as the websites of government agencies of the Russian Federation. This was announced at a press conference on Monday by Nikolai Murashov, the Deputy Director of the National Coordination Center for Computer Incidents (NCCCI).

"Cases of cryptocurrency mining with the help of infected information resources of state organizations have been identified. In this case, attackers infect web pages, and mining is carried out at the moment they are viewed pages in the browser,” said Murashov.

He noted that the cost of most virtual coins is very high, so there are a lot of people who want to earn money easily. "Up to 80% of the free power of a computer can be used to generate virtual coins, and the legal user may not even know about it," said the Deputy head of the NCCCI. He noted that the seizure of servers of large companies for mining purposes threatens to significantly reduce their productivity and significant damage to the business.

Murashov at a press conference also said that in 2019, about 12 thousand "foreign information resources were blocked, which were used by attackers to damage our country."  In addition, according to him, in the Russian Federation at the request of foreign partners in the current year, the activities of more than 6 thousand malicious resources were stopped.

According to Murashov, users should pay attention to the security of their computers to counter such attacks. The fact of infection with malicious software should serve as a signal that the computer is poorly protected and can become a victim of any attackers.

Murashov noted that two Russian citizens were prosecuted for mining cryptocurrencies through infected computers of organizations.

"In Russia recently there were two cases of criminal prosecution of persons who used seized computers for mining cryptocurrencies," said he.

One of them is a resident of Kurgan, who used almost an entire bot network in various regions of the country. In the second case, a criminal case was initiated on the fact of using the site of company Rostovvodokanal for mining.