Search This Blog

Showing posts with label Russia. Show all posts

Russian experts says the number of cyber threats increased during COVID-19

Cyber attack prevention experts recorded a sharp increase in the number of cyber threats and outlined the main trends in computer crimes during the COVID-19.

The report was presented at the international forum of the Academy of Management of the Ministry of Internal Affairs of the Russian Federation "Strategic development of the system of the Ministry of Internal Affairs of Russia: state, trends, prospects".

The main conclusion of the study is the rapid growth of computer crime, primarily financial fraud using social engineering, as well as the exploitation of the COVID-19 theme in malicious mailings, switching operators of encryption viruses to large targets, as well as active recruitment of new participants to criminal communities.

According to the Ministry of Internal Affairs, one of the main trends of digital transformation is the development of remote methods of committing crimes, crimes have gone from offline to online. Almost 70% of registered crimes related to illegal arms trafficking in 2020 were committed using the Internet - remotely and anonymously. The same applies to the illegal sale of drugs, counterfeit money, securities and documents.

Throughout 2020, Group-IB recorded an increase in the number of financial scams using social engineering - vishing, phishing -the victims of which were mainly Bank customers.

At the same time, the fraud implementation schemes themselves have not actually changed. The main motive of cybercriminals is the same: stealing money or information that can be sold. Now it is popular to sell fake digital passes, send messages about fines for violation of quarantine, fake courier sites, fraudulent mailings on behalf of the Zoom video conferencing service.

This year has given birth to even more groups and partner programs, as well as new collaborations. So the operators of the QakBot banking Trojan joined Big Game Hunting, and recently the FIN7 group, which actively attacked banks and hotels, joined the REvil ransomware partner program. The size of the ransom has also increased significantly: cryptolocker operators often ask for several million dollars, and sometimes tens of millions.

United States Charged Six Russian Intelligence Officers with Involvement in An Unrestricted Huge Hacking Campaign

 


With involvement in an 'unrestricted huge hacking campaign', which incorporates the famous Petya ransomware attacks which have focused mainly on Ukraine in 2015, as of late, the Justice Department has charged six Russian intelligence officers. 

Residents and nationals of the Russian Federation (Russia)the six officials were also in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

 

The government claimed that the group that had attacked Ukraine has likewise hacked different computers promoting the 2018 Winter Olympics in South Korea. It likewise hacked and leaked emails of people related to Emmanuel Macron's 2017 campaign for president of France. 

Besides this, they additionally focused on the companies exploring the poisoning of former Russian operative Sergei Skripal two years ago in Britain. 

All the six hackers are GRU officers; the government said that for over two years, they had battled tirelessly to recognize these Russian GRU Officials who interweaved in a global campaign of hacking, disruption, and destabilization, representing the most dangerous and destructive cyber-attacks ever.

The GRU burrowed into three electrical administration systems and cluttered circuit breakers remotely, it was one of the first cyber-attacks and had a cyber firm that consistently focused on critical infrastructure.

The authorities had at first scrutinized and reprimanded North Korea for the strike yet later found that the GRU utilized North Korean hacking tools to throw off the experts. 

That is the motivation behind why the special agent of FBI Michael Christman insisted that the warrant is the result of over two years of strong investigation by the FBI, a position that was kept up by an agent who worked the case.

Here are the names and the acts done by the hackers referenced below: -

 

The FBI has regularly indicated that Russia is very equipped for a cybersecurity adversary, and the information uncovered in this statement shows how omnipresent and harming Russia's cyber activities are. 

While Russia is probably not going to capture the detainees, it is unlikely that they will attain any trial too.

Expert opinion: how the digital currency of the Bank of Russia will change the future of the country

Announcing the possible appearance of the digital ruble, the Russian Central Bank joined dozens of world Central banks that have begun research and experiments in the field of creating national digital currencies.

Yevgeny Marchenko, Director of E. M. FINANCE, was one of the first to share his opinion on the issue. The expert is sure that the introduction of the digital ruble is necessary to increase the convenience of payments for citizens.

Also, among other advantages for citizens and banks, the introduction of the electronic ruble will allow the Bank of Russia to better regulate the country's economy.

The official representative of the Garantex cryptocurrency exchange, Tatyana Maksimenko, noted that it will be increasingly difficult to conduct gray and black schemes since cash flows will be under control — both foreign and domestic.

According to independent expert Leonid Khazanov, the digital ruble is primarily beneficial to the Bank of Russia and the Federal Tax Service. According to him, it will be possible to more effectively control the movement of cash flows in the country and it will be easy to identify any user who has an electronic wallet, which means complete transparency of all transactions. And no one can create several accounts or disguise themselves in any way, each legal entity and individual can only have one e-wallet.

Experiments by Central banks in a number of countries with the national digital currency reveal unsolved problems: for example, the inability to control cross-border movements or the potential use of anonymizers that make it difficult to track payments. The fate of digital currencies, including the ruble, depends on whether regulators will be able to close these gaps.

United States rejected Putin's offer to cooperate on cybersecurity

The US authorities for the first time publicly responded to the proposal of Russian President Vladimir Putin to resume cooperation in the field of international information security. US Assistant Attorney General for National Security John Demers called the Kremlin's initiative "nothing more than false rhetoric, cynical and cheap propaganda.” And Secretary of State Mike Pompeo said that Russia is dismissive of public security and international stability in cyberspace.

On September 25, Vladimir Putin invited the US authorities to resume cooperation in the field of international information security, which began in 2013 but was frozen due to disagreements over Ukraine and Russia's alleged interference in the 2016 US presidential election.

The President of the Russian Federation then stated that the dialogue in the cyber sphere should not be a "hostage" of political disputes, and proposed a four-point program for restoring cooperation.

In a statement, the Russian President said that "the risk of a large-scale confrontation in the digital sphere is one of the main strategic challenges of our time." "Special responsibility" for preventing cyberwarfare lies, as the Kremlin said, "on key players in the field of international information security," that is, primarily on Russia and the United States.

On October 7, in an interview with the Russia TV channel, Vladimir Putin complained that there was no response to his proposal from the United States. "Unfortunately, as with a number of our other initiatives, there is no response to this, I believe, very important topic, although there are continuing complaints against us about our hyperactivity in the information sphere, interference in elections there, and so on, which have absolutely no basis,” said Mr. Putin.

The Russian Embassy denies the US charge of six Russians in hacking

The Russian Embassy in Washington denies US accusations against Russian citizens of hacking and destabilizing activities around the world

Russia has not been and is not engaged in carrying out cyberattacks in the world, said the Russian Embassy in Washington. The Department believes that the accusation of Russians in hacking is aimed at warming up Russophobic sentiments.

Earlier, the US Department of Justice and the FBI brought charges against six Russians of involvement in a series of hacker attacks and the spread of malware in order to attack the infrastructure of other countries. In particular, they are charged with spreading the NotPetya virus in 2017. It is alleged that these individuals are GRU employees. 

The Russian Embassy said that Russia "has no intention of engaging in any destabilizing operations around the world", as this does not correspond to foreign policy and national interests.

"It is quite obvious that such information occasions have nothing to do with reality and are aimed only at warming up Russophobic sentiments in American society, at deploying a "witch hunt" and espionage,” said the Embassy. According to the document, the US authorities are destroying Russian-American relations and artificially imposing on the Americans "a toxic perception of Russia and everything connected with it."

According to the US Department of Justice, the damage to the United States from the actions of Russian hackers amounted to more than $1 billion. They attacked companies and hospitals in the United States, Ukraine's energy systems, the French presidential election, and the Winter Olympics in Pyeongchang. US Secretary of State Mike Pompeo said this shows Russia's disregard for public security and international stability in cyberspace.

Russian military companies were reportedly attacked by hackers from North Korea

North Korean hacker group Kimsuky has reportedly conducted several attacks on the Russian military-industrial complex in order to obtain military and technological secrets of Russia

According to the cybersecurity company Group-IB, attacks by hackers from the Democratic People's Republic of Korea on the Russian defense industry took place in the spring of 2020. North Korean cyber criminals sought to obtain data from aerospace and defense companies, as well as from enterprises that produce artillery equipment.

Telegram-channel SecAtor reported that Rostec was among the companies that were attacked. RT-Inform, a subsidiary of Rostec that deals with information security, did not confirm or deny these data, but noted that the number of cyber attacks on the resources of the state corporation increased from April to September.

"Most of the attacks were poorly prepared and did not pose a significant threat when they were exposed, but this could only be preparation," said RT-Inform.

Experts believe that in this case, hackers from the DPRK will soon launch new, more well-prepared attacks.

Kimsuky is also known by the names Velvet Chollima and Black Banshee, it is engaged in cyber espionage. According to Group-IB, North Korean hackers previously attacked facilities in South Korea, but then engaged in enterprises in the production of artillery equipment and armored vehicles in Russia, Ukraine, Slovakia and Turkey, using fraudulent mailings.

According to Denis Legezo, a cybersecurity expert at Kaspersky Lab, some fraudulent emails from North Korean groups contain information about vacancies in the aerospace and defense industries. He believes that this indicates the interest of hackers in industrial espionage.

As reported by E Hacking News, in September in Russia there were cases of attacks by the Chinese hacker group Winnti on software developers for banks, as well as on companies in the construction sector. Winnti has previously repeatedly hacked the networks of industrial and high-tech companies from Taiwan and Europe, but the group's activities have not yet been reported in Russia.

UK National Cyber Security Centre Reveals Russia’s Plan to Disrupt Tokyo Olympics

 

The UK National Cyber Security Centre recently revealed that in an attempt to completely disrupt the 'world's premier sporting event' the Russian military intelligence services were coming up with a cyber-attack on the Japanese-facilitated Olympics and Paralympics in Tokyo. 

The Russian cyber-reconnaissance work covered the Games organizers, logistics services, and sponsors and was in progress before the Olympics was delayed due to Covid-19. 

The proof is the first indication that Russia was set up to venture as far as to disrupt the summer Games, from which all Russian competitors had been prohibited on account of diligent state-sponsored doping offenses. 

The Kyodo news agency said a senior Japanese government official had specified that Tokyo would think about housing a protest with Moscow if cyber-attacks were affirmed to have been carried out by Russia. 

Japan's chief government spokesman, Katsunobu Kato, said the country would do all that is conceivable to guarantee that the postponed Games would be liberated from any and every cyber-attacks. 

“We would not be able to overlook an ill-intentioned cyber-attack that could undermine the foundation of democracy,” Kato stated, including that Japanese authorities were gathering data and would keep on imparting it to other countries. 

The UK government announced with what it reported with 95% certainty that the disruption of both the winter and summer Olympics was carried out distantly by the GRU unit 74455. 

In PyeongChang as well, as indicated by the UK, the GRU's cyber unit endeavored to camouflage itself as North Korean and Chinese hackers when it focused on the opening ceremony of the 2018 winter Games, smashing the site to stop spectators from printing out tickets and crashing the WiFi in the arena. 

The key targets additionally included broadcasters, a ski resort, Olympic officials, services providers, and sponsors of the games in 2018, which means the objects of the attacks were not simply in Korea.

The foreign secretary, Dominic Raab, stated: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.” 

Included later that, “the UK will continue to work with our allies to call out and counter future malicious cyber-attacks.” 

These allegations of the UK are believed to be a part of an endeavor to disrupt Russia's cybersecurity threat through maximum exposure and stop any interruption of a rescheduled summer Games next year.

The Central Bank of Russia considers the introduction of the digital ruble as a new form of money

The Bank of Russia announced that it is studying the problem of issuing a digital ruble. The initiative has been discussed for several years, and there has always been a lot of controversy around it

The Central Bank is considering the possibility of issuing a digital ruble in Russia in order to increase the competitiveness of the domestic economy. On October 13, the regulator presented a report according to which the so-called digital ruble will become an additional form of money along with cash and non-cash.

It is expected that such a payment system will appear in 2021.

The digital ruble can be used for online payments, as well as in offline mode, without access to the Internet and mobile communications. The Central Bank indicated that the digital ruble will increase the stability of the Russian payment system,  but additional infrastructure will be needed for its turnover.

According to the regulator, the digital ruble can make payments faster, easier and safer. At the same time, its use will reduce the cost of payment services, money transfers, and increase competition among financial organizations.

While cash has a unique number, and non-cash money exists in the form of records on accounts, the digital ruble will receive a unique digital code that will move from one user to another when paying.

The Central Bank will become the Issuer of the digital ruble. The digital ruble will be stored in a special electronic wallet. The regulator emphasizes that its digital currency is an equivalent form of national currency. All three forms of the ruble will be equal and equivalent to each other.

This currency will be introduced into circulation gradually. As the head of the State Duma Committee on the financial market Anatoly Aksakov noted, the law on digital financial assets was adopted in July. The document will come into force on January 1, 2021.

Russia considers the accusations by the Norwegian authorities of the cyber attack as a provocation

 Russia considers the accusations by the Norwegian authorities against it in the cyber attack a deliberate provocation. This statement was made on Tuesday by the Russian Embassy in Norway on Facebook.

"We regard the incident as a serious deliberate provocation that is detrimental to bilateral relations,” said the statement.

"Millions of cyber attacks are made annually on Russian state Internet resources (including foreign institutions in Norway) from abroad (for example, 77 million attacks were made on the Foreign Ministry website in January-September 2018), but this does not give the right to accuse the authorities of the countries of their possible origin,” stressed the Embassy.

They pointed out that "in May 2020, a note was sent to the Norwegian Foreign Ministry setting out the procedure for dealing with computer incidents - there are official channels for investigating them." "There was no reaction at the time, which indicates the reluctance of the Norwegian authorities to conduct a dialogue. The question is why did we create specialized response mechanisms and create a legislative framework together with European countries? We expect explanations from the Norwegian side,” said the diplomatic mission.

The head of the Federation Council for International Affairs, Konstantin Kosachev, called the Norwegian government's accusations unsubstantiated. According to him, Oslo did not offer to discuss the incident at the expert level.

Earlier on Tuesday, Norwegian Foreign Minister Ine Eriksen Soreide claimed that Russia was behind the cyber attack on the country's Parliament in August 2020.

On September 1, the Parliament of the Kingdom reported that it had been subjected to a cyber attack, as a result of which unknown hackers gained access to the email of a number of deputies and employees of the legislative body. Later, the Norwegian Police Security Service (PST) said it would investigate whether "any state" was behind the cyber attack that occurred on August 24.

Russia A Suspect of Norwegian Parliament Cyber Attack?

 

In September, Norwegian authorities said that email accounts of a few authorities had been undermined during a cyber-attack, and some data had been downloaded. In any case, the full extent of the harm brought about by the hack was not yet not revealed. 

Now the nation outrightly blames Russia for this cyber-attack on the email system in the Norwegian parliament. 

Earlier this year in a report, Norway's military intelligence agency had already warned that Russia was attempting to cause more friction in the nation through purported influence operations, aimed toward debilitating public trust in the government, election process as well as the media. 

National legislatures are a 'key source’ of policy-related data, as are oftentimes targeted by hacking campaigns. In August, Norway ousted a Russian diplomat on suspicion of spying. Russia fought back similarly by removing a Norwegian diplomat just days later. 

Foreign Minister Ine Eriksen Soreide took it a serious occurrence influencing the nation's "most important democratic institution” “Based on the information available to the government it is our assessment that Russia stood behind this activity" she said without giving any evidence. Although Moscow rejected the claim, calling it a "serious and wilful provocation." 

Ms. Soreide of course said in a statement that Norway's security and intelligence services were "co-operating closely to deal with this matter at the national level." Because of it, Russia's embassy in Oslo hit back at the "unacceptable" declaration, saying no proof had been introduced. 

However, when we look at things from Norway’s perspective, it is very clear as to to to why they did what they did. The evidence of which lies in the past events that involved both the countries. 

One being when Norway had arrested a Russian national in 2018 who was said to have been suspected of gathering information on the country's parliamentary network. 

Although the individual was later released due to an of. Likewise, in January this year, the personal details of several German politicians, including Chancellor Angela Merkel, were stolen and published online. 

And just the previous year, Australia's cyber intelligence agency accused China after hackers had attempted to break into the Australian parliament, something which the Chinese authorities had denied.

Money stolen from bank accounts of Russians twice as much as last year

In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled.

According to the Prosecutor General's Office, now every fifth fact of theft is associated with the theft of funds from accounts.

The Central Bank said that hacker attacks are more frequent in 2020, but the effectiveness of attacks on banks has not increased. Fraudsters are now increasingly trying to deceive citizens using social engineering, so the number of calls has increased four times. At the same time, new criminal schemes have not appeared, but now criminals have begun to actively use the topic of COVID-19.

Vitaly Trifonov, Deputy head of the Group-IB Computer Forensics Laboratory, explained the reasons for the increase in attacks: "On the one hand, this is facilitated by the gradual digitalization of life, when more and more people make purchases online, pay with a card and use an ATM less. On the other hand, there are simple and working fraud schemes that do not require special skills or investment”.

Moreover, in the past year and a half, cases of theft of money from citizens using social engineering methods have become more frequent in Russia. According to a study by Digital Security, when files are transferred via email and cloud services, metadata about them is saved and used by fraudsters.

Group-IB spotted a new fraud scheme to steal money from Zoom users


Under the guise of receiving monetary compensation "in connection with COVID-19" or for subscribing to the service, users are lured to fraudulent sites where money and Bank card data are stolen

Group-IB has documented a new Zoom scam to steal money and user data. This was reported by the press service of the company.

The study began after users complained about the emails they received from the Zoom service. They offered to get compensation "in connection with COVID-19" and provided a link to fraudulent sites where the victim's money and Bank card details were stolen. Analysts from the Group-IB's Computer Emergency Response Team (CERT-GIB) found that the emails were sent not from a fake domain, but from an official service.

"The thing is that when registering, Zoom offers the user to fill out a profile - specify "First name" and "Last name", providing the ability to insert up to 64 characters in each field. Fraudsters use this opportunity by inserting the phrase: “You are entitled to compensation in connection with COVID-19" and indicate a link to a fraudulent site,” explained the company.

After clicking on the link, users were asked to enter the last 4 or 6 digits of their Bank card number. Fraudsters calculated "compensation" for the user: from 30 thousand to 250 thousand rubles ($385 - $3,200). But to get this money, the victim had to pay a small amount "for legal assistance in filling out the questionnaire" - about 1 thousand rubles ($12). So, users entered card data on such resources, but as a result, they lost both money and Bank card data.

According to the Deputy head of CERT-GIB Yaroslav Kargalev, the Zoom service needs to implement a more thorough verification of the data that the user enters when registering an account, as well as completely prohibit the use of third-party links in the profile. Since the beginning of 2020, CERT-GIB has recorded the appearance of about 15.3 thousand domains containing the name Zoom - the surge in registration occurred during the period of remote work.

Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election


Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The intelligence, according to FB, might be leaking suspicious documents before the U.S presidential elections. According to FB, the suspended accounts contained fake users and identities and were suspended for 'coordinated inauthentic behavior.' The company associated all these accounts to Russian intelligence and hackers linked to St. Petersburg organization based in Russia.

The U.S officials accuse the group of meddling with the 2016 U.S presidential elections and votes. As per now, the Russian authorities haven't responded to these allegations. Neither did the Russian foreign aid ministry when asked for the comment regarding the issue. Since the beginning of its rivalry with the U.S, it is common knowledge that Russia has always denied allegations of interference in the U.S. According to Russia, the country doesn't meddle with the domestic policies of the U.S, and it has nothing to do with the presidential elections.
There was no solid proof whether the fake accounts leaked the hacked documents, but suspending these accounts helped us prevent any future leak, says Nathaniel Gleicher, head of security, Facebook. "Our team watches for the threats and trends that we need to be ready for, and one that we are very aware of ... is a hack-and-leak operation, particularly in the next 6-8 weeks. We want to make sure that the accounts are down to prevent their ability to pivot them to facilitate a hack-and-leak around the U.S. election," told Nathaniel to Reuters. 

Reuters reports, "Facebook said the networks were small with only a handful of accounts on its website and photo-sharing service Instagram, some of which posed as independent media outlets and think tanks. The accounts had a combined total of around 97,000 followers. While some of the activity did target audiences in Britain and the United States, the networks were predominantly focused on countries in the Middle East and bordering Russia, such as Syria, Turkey, Ukraine, and Belarus, Facebook said."

Russian authorities prohibit modern Internet protocols because they make it difficult to block websites


 The Ministry of Digital Development of Russia wants to ban the use of experimental encryption protocols DNS over TLS, DNS over HTTPS and ESNI in Russia, which can be used to bypass access blocks to prohibited sites. Experts warn that to implement such a ban, it will be necessary to block the servers of Google, Cloudflare and Cisco.

On September 21, the Ministry submitted for public discussion a bill that prohibits the use of encryption protocols in the Russian Federation, which allow to hide the name of an Internet page or site. In particular, the Ministry believes that this will help to increase the effectiveness of blocking sites that are prohibited in the territory of the Russian Federation.

According to the head of the Ministry of Digital Development Mister Shadaev, all the advantages of the new DNS request encryption protocols for users are obvious, "but we must understand that their wide distribution will also allow us to bypass all existing filtering and blocking systems for prohibited sites, including sites that contain illegal content."

"Mozilla decided last year to enable DoH Protocol in Firefox by default. DoH Protocol is also already included in the Google Chrome browser. Naturally, all this creates opportunities for many users of these browsers to go to blocked sites and bypass the parental control mode. I don't think that many parents would be very happy about this," the Minister explained the need to develop the bill.

So, mister Shadaev gave an example when, at the request of the UK government, Mozilla agreed not to include the DoH function in its browser by default for users in this country. The head of the Ministry of Digital Development noted that this was done largely under pressure from the public and the Association of British Internet service providers. 

Russian-speaking hackers attacked Russian companies and demanded ransom

Group-IB recorded a successful attack by the criminal group OldGremlin on a Russian medical company. The attackers completely encrypted its corporate network and demanded a ransom of $50,000.

Russian-speaking hackers from the OldGremlin group attacked several Russian companies, despite the ban: among cybercriminals, there is an unspoken rule "do not work on RU".

According to experts, since the spring of 2020, hackers from OldGremlin have conducted at least nine attacks on Russian companies. It is noted that they send malicious emails allegedly on behalf of the Russian media holding RBC, the Russian metallurgical holding, the Minsk Tractor Plant, the Union of microfinance organizations and other individuals and enterprises. Under various pretexts, attackers are asked to click on the link and download the file. After trying to open it on the victim's computer, the backdoor malware TinyPosh runs.

This time a large Russian medical company became the victim of the criminals. After gaining access to the computer of one of the employees, they deleted the organization's backups, and also spread the TinyCrypton ransomware virus on the computers of the employees. As a result of their actions, the work of regional branches of the medical company was stopped. Then the hackers demanded a ransom: they wanted to get 50 thousand dollars in cryptocurrency for restoring access.

"The lack of a strong communication channel between organizations that resist cybercrime, as well as the difficult political situation, lead to the emergence of new criminal groups that feel safe," said Rustam Mirkasymov, head of the dynamic analysis of malicious code at Group-IB. The expert also stressed that businesses often underestimate the threats posed by cybercriminals, and do not use the necessary means of protection. 

Russia is planning to create a working group to protect the digital rights of citizens

The Presidential Council for the Development of Civil Society and Human Rights is planning to create a working group. Its specialists will protect the digital rights of Russians

In Russia, a group will be created whose task will be to protect the digital rights of citizens. This was announced by the head of the Presidential Council for the Development of Civil Society and Human Rights Valery Fadeev.

Members of the working group will try to understand how to minimize the damage from progress in the field of IT technologies, he explained.

According to him, the process of digitalization has not only a positive impact but also a negative one. "Digitalization cannot be stopped, progress, of course, cannot be stopped. As with any powerful technological or technical process, there are always various negative sides, negative aspects, and they accumulate, “ said Fadeev at the round table "Digital threats to human rights".

Negative examples include bullying on social networks and surveillance of people through city surveillance cameras.

"Today there was a message in the media that Anna Kuznetsova filed a lawsuit. The girl conducted an experiment – she bought online from someone for 16 thousand rubles ($213) information about where she was last month, providing her photo. Two days later, she received information from Moscow cameras,” said Mr. Fadeev.

Examples like these show that there is a security problem in the digitalization space. People are no longer protected and cybercriminals take advantage of this. Another problem is a fraud, which has begun to actively manifest itself on the network. Therefore, the main task of the working group is to understand how to minimize the damage from progress in the field of IT technologies.

Criminals sending malicious emails claiming to be from the rector of Moscow State University

A malicious program that steals passwords was sent out in mid-September by scammers in letters claiming to be from the rector of Moscow State University. The recipients were financial, industrial, and government organizations in Russia.

The mailing, as noted in the company Group-IB, was held in the period from 9 to 16 September.

"In the letter, the attackers, on behalf of rector Viktor Sadovnichy, ask recipients to read the attached document “ A description of the budget for 2020” and promptly send their commercial offer,” reported the company's press service.

The texts of the letters are illiterate and contain stylistic errors. In addition, the order of words and sentences indicates that fraudsters use an automatic translation program. The authors of the letter were too lazy to change or check all the links in the template before sending them out. Probably, similar attacks have already been carried out on behalf of other universities, most likely foreign ones.

The addresses of Moscow State University were indicated as the sender in the letters. In fact, the correspondence was sent from the hacked mail server of the Hotel Alfonso V in the Portuguese city of Aveiro. The hotel has already been notified of the break-in.

All the scammers’ emails contained an archive called "Request for a commercial offer" with an executable .exe file inside. After it was launched, a malicious program was installed on the user's device that could steal usernames and passwords.

"In the future, hackers can use them to gain access to email accounts or crypto wallets, for financial fraud, espionage, or sell stolen data on hacker forums,” said Group — IB.

According to Vasily Kuzmin, Deputy head of the information technology department of Moscow State University, neither the rector nor the University administration ever send letters with such content.

Russian cloud storage will protect user data before elections


The creation of the Russian cloud services will allow protecting confidential data of not only ministries or departments, but also of ordinary Internet users, said political analyst Yuri Samonkin.

MTS group of companies announced the launch of a cloud service with an increased level of protection. It is assumed that the new service will be in demand among government organizations, ministries, departments and private companies that carry out government orders, said Oleg Motivilov, Director of MTS cloud business. According to him, the new system meets all the requirements of the law on personal data protection.

Russia is one of the leaders in the development of Internet technologies, said Yuri Samonkin, President of the Eurasian Institute of Youth Initiatives. He believes that the current realities of the Internet dictate the need to create new digital solutions, such as cloud storage.

According to him, many Russians use Western social networks and other Internet resources. Therefore, the issue of protecting their personal data, which is often "leaked", is very relevant.

On the eve of the upcoming elections, the issue of cyber defense is becoming even more acute. It is necessary to protect from external interference not only the personal data of the voters themselves but also the servers of the relevant departments.

"State and municipal portals should be located not on Western servers, but on domestic ones. This will avoid information leakage and hacking", concluded Mr. Samonkin.

Earlier, E Hacking News reported that Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. 

Russia has fallen to 13th place in the world ranking of the stability of Internet segments

According to Qrator Labs, a company specializing in ensuring the availability of Internet resources and countering DDoS attacks, Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. Experts attribute this to the continuing expansion of the market of Internet operators and the slow transition to the new IPv6 protocol, which allows using more IP addresses.

The rating of the stability of the national segments of the Internet has been calculated since 2016 among 249 countries of the world. According to the rating, Russia took the 13th place this year, the year before the Russian Federation took the 11th place.

Experts believe that the use of a more advanced version of IPv6 by network operators along with the IPv4 Protocol can increase the stability of Internet segments. Then in case of problems with one Protocol, the other will work.

According to Google, just over 30% of users in the world use the new Protocol, while in Russia this figure is slightly more than 5%.

The problem is that Russia does not have a universal program for switching to IPv6. "It is difficult to force current market participants to switch to a new Protocol, because they will have to upgrade equipment and hardware and software systems, and this is a serious expense," said Andrey Vorobyov, director of the Coordination Center for .ru / .РФ domains.

The global five countries are led by Brazil, Germany, Switzerland, Ukraine and the United Kingdom. Next in the ranking are the Netherlands, Canada, the United States, France and Liechtenstein. Four newcomers, Liechtenstein, Japan, Indonesia and Argentina, entered the top 20 this year, while Luxembourg, Czech Republic, Ireland and Bulgaria left. Hong Kong dropped eight positions in a year.

DDoS attacks from the USA, UK, Ukraine were recorded during the voting in the Russian Federation

Andrey Krutskikh, special representative of the President of Russia for international cooperation in the field of information security, said on Monday at a conference on cybersecurity that the sources of DDoS attacks on Russian government agencies during the voting on amendments to the constitution were recorded from the United States, Great Britain, Ukraine and a number of CIS countries.

He noted that in 2020, attacks with the aim of affecting critical infrastructure and electoral processes have become commonplace.

"For example, during the voting period on amendments to the Constitution of the Russian Federation (June 25 - July 1 this year), there were large-scale attacks on the infrastructure of the Central Election Commission and other state bodies of Russia. Sources of DDoS attacks with a capacity of up to 240 thousand requests per second were recorded from the United States, Great Britain, Ukraine and a number of CIS countries,” said the special representative of the President of the Russian Federation.

According to Krutskikh, in 2020, the problems that all countries face in the information space are growing like a "snowball". Thus, the volume of illegal content, including terrorist content, distributed on the Internet is increasing, and the implementation of destructive actions of states in the information space is becoming the norm.

"The concepts adopted in some countries for preemptive cyber strikes and offensive actions in the cyber sphere do not add the optimism,” stated Mr. Krutskikh.

It is interesting to note that during the six days of voting, officials reported one major attack, it occurred on the evening of June 27. Artem Kostyrko, head of the department for improving territorial administration and developing smart projects of the Moscow government, explained that hackers tried to influence the system through a service for monitoring online voting.