Search This Blog

Showing posts with label Russia. Show all posts

The Russian government plans to create a unified video surveillance system

The Russian government wants to create a single video surveillance system that will unite smart cameras in Russian cities. The devices will be able to recognize faces and license plates. The project will help to quickly respond to crimes, and in some cases, prevent them. The personal data of ordinary people is promised to be reliably protected.

The development of the project and the installation of cameras is estimated at 250 billion rubles ($3,500,000), and the implementation may take five years. Previously, the project was estimated at 97 billion rubles ($1,350,000).

Now the cameras in Moscow send video to the Data Processing Center, and in the new system, they will recognize suspicious situations themselves and only then send the video to the Data Processing Center.

It is expected that different cameras will be installed in the cities, depending on the tasks. A face recognition system will be needed somewhere and there will be cameras with powerful computing modules. In other places, there will be enough cameras with motion sensors.

According to the expert, the system will make it possible to better detect violations, respond promptly to them, and in some cases even predict them.

The emergence of a unified video surveillance system may raise fears that personal data will be sent to smart cameras. The CEO of Lab.Ag and the developer of many government sites, Artem Geller, explained that such an outcome is inevitable because the cameras are aimed at fixing the physical data of people.

"Of course, they will process the physiological aspects such as face, gait, clothing, license plate. But don't forget that cameras are already doing this,” Geller added.

Cybersecurity specialist Sergey Vakulin recalled the experience of video surveillance systems in China, where there is also a face recognition function, but each person is assigned his own identification number. And only then this data is encrypted, but even with such a process, there are vulnerabilities.

"The biggest problem is that a lot of data is stored and transmitted using a global network. And devices connected to the global network are more vulnerable," Vakulin added.

According to Vakulin, it is too early to worry about possible hacking and data leaks. He explained that each system has cybersecurity specialists, testers who detect bugs.

Putin called the accusations of launching a cyber war against the United States unsubstantiated

 Russian President Vladimir Putin said that the US accusations against Russia, including cyber attacks and election interference, are groundless, the US side has never provided any evidence.

"We are accused of a variety of things: interference in elections, cyber attacks, and so on. And they [the accusers] did not bother to provide any evidence. Just baseless accusations," he said, calling statements about Russia's involvement in cyber attacks in the United States a farce.

"The issue of cybersecurity is one of the most important today because all sorts of shutdowns of entire systems lead to very serious consequences, and this is possible," the Russian leader said in an interview with the program "Moscow. The Kremlin. Putin" of the Russia-1 TV channel.

According to Putin, the Russian Federation will be ready to extradite cybercriminals to the United States if the American side also extradites criminals to Russia.

He stressed that such agreements are expressed in the relevant interstate agreements, where the parties undertake certain obligations.

"And they are in the vast majority of cases equivalent. Both sides assume the same obligations," Putin explained.

On June 4, Putin called the accusations of cyber attacks on American companies made against Moscow ridiculous and suggested that the situation could have been provoked to increase disagreements in connection with the upcoming meeting with US President Joe Biden. The press secretary of the Russian leader Dmitry Peskov assured that Moscow will promptly consider the appeals of the American side in connection with the hacker attack on the JBS enterprises if such requests are received. He also stressed that Russia does not have data on the organizers of cyber attacks on JBS.

Putin did not rule out that Western intelligence services, including American ones, may conduct activities against Russia in the cyber sphere.

"I am not afraid of this, but I do not rule out that it may be so," the Russian leader said.

“What the US is afraid of may pose a threat to us. NATO has declared cyberspace a war zone. They are planning something, and this cannot but worry us," the Russian president added.

Cisco Smart Install Protocol is Still Being Exploited in Cyber-Attacks

 

Five years after Cisco issued its first warning, the Smart Install protocol is still being utilized in assaults, and there are around 18,000 internet-exposed devices that might be targeted by hackers. Smart Install is a plug-and-play configuration and image-management technology from Cisco that allows new switches to be deployed with zero-touch. Smart Install can be extremely important to organizations, but it can also be a significant security concern. 

A Smart Install network consists of a group of networking devices known as clients that are served by a common Layer 3 switch or router that serves as a director. You can use the Zero-Touch Installation process in a Smart Install network to install new access layer switches without the help of the network administrator. The director acts as a central management point for client switch images and configuration. When a new client switch is added to the network, the director immediately recognizes it and determines which Cisco IOS image and configuration file should be downloaded. 

The function remains enabled and can be accessed without authentication once a device has been set up via Smart Install. Malicious actors have been able to remotely target devices with Smart Install enabled, including reloading devices, loading a new operating system image, and running arbitrary commands with elevated privileges. 

After an exploitation tool was made public in 2016, Cisco issued a warning on the misuse of Smart Install. In 2017 and 2018, the company sent more alerts, identifying hundreds of thousands of vulnerable devices, including those in critical infrastructure organizations. In 2018, it was revealed that hacktivists targeted the Smart Install function in assaults on Cisco switches in Iran and Russia as part of an ostensibly pro-US attack, as well as a state-sponsored cyberespionage group affiliated to Russia. 

In 2016, the number of networking equipment vulnerable to Smart Install assaults surpassed 250,000, but by 2018 it had reduced to 168,000. The Shadowserver Foundation is still keeping track of the number of potentially susceptible devices, reporting that almost 18,000 are currently online, including many in North America, South Korea, the United Kingdom, India, and Russia. 

Last month, Lumen Technologies' Black Lotus Labs cybersecurity unit discovered that a hacktivist group had compromised at least 100 internet-exposed routers belonging to both public and private sector entities, most of which were based in the United States.

Experts mentioned main loophole of Russian companies in cyber attacks

 According to experts of the cybersecurity company BI.ZONE (a subsidiary of Sberbank), the main reason for successful cyberattacks on Russian companies is an access control vulnerability that allows attackers to connect to an organization's systems and, as a result, then leads to data leakage.

"The vulnerability of access control was recognized as the main reason for unauthorized access to data of Russian companies. The company for strategic digital risk management BI.ZONE recorded this problem in 61% of organizations where they managed to gain access to confidential data," the company said.

According to BI.ZONE, this number was 67% last year. "A slight improvement may be due to an increase in the quality of creating in-house applications," experts say.

Yevgeny Voloshin, director of the BI.ZONE expert services unit, explained that attackers, having hacked the administrator's account, gain access to the company's systems and use this gap to steal data. At the same time, most often it is possible to crack the account by brute-force passwords.

"This problem lies in the incorrect division of access in internal corporate applications. For example, a regular user can also work with functions that should only be available to the administrator. Attackers, having hacked his account, connect to the internal infrastructure, and then use this gap for data theft and other fraudulent actions," notes Yevgeny Voloshin.

BI.ZONE experts recommend using complex passphrases with punctuation marks and other characters, rather than just a single word. Also, the vulnerability problem may be related to access to certain types of data without additional user authentication.

Earlier, E Hacking news reported that most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

The white hat hacker has estimated the probability of a hacker attack on the websites of Internet giants

There is no need to worry about the security of Russian systems after a global failure in the work of world sites, since the servers of all state institutions are located on the territory of Russia

Information security expert Denis Batrankov explained that the problem of modern systems is that many companies do not have the opportunity to create their own office to host their servers there. As a result, they order servers from other hosting providers where they host their product. All responsibility in this case falls on the hosting provider, but the risk of failures increases significantly.

Vakulin illustrated his opinion with an example of Amazon Web Services hosting.

"Many sites are hosted by Amazon Web Services, including small and medium — sized businesses. Since there was a large and large-scale failure, then all the sites that were generally hosted on this platform go down after it", the hacker said.

The expert believes that, despite the recent attacks on the American pipeline company Colonial Pipeline and World’s Biggest Meat Supplier JBS, Russia should not worry too much about industrial safety.

"As for government agencies, their servers are located in Russia. The data is stored in our country. From a security point of view, everything has been done to prevent third parties from accessing this data", the expert said.

The programmer also drew attention to the fact that the State Duma was going to oblige foreign IT companies with an audience of more than 500 thousand people a day to open branches in Russia.

"This law can still be finalized to the point that all data will be stored on Russian servers," Vakulin said.

In conclusion, the programmer shared his vision of the future in the IT field. He believes that neural networks will control the servers.

"I carefully monitor how our technologies and knowledge of artificial intelligence and neural networks are improving," Vakulin said. " Most likely, neural networks will simply monitor everything in the future: they will be engaged in tracking the site. In 20 years, programmers and cryptographers will simply observe the work of artificial intelligence, somehow refine it, and it will already do the work for them."

Earlier, Internet users reported a global failure in the work of the sites of a number of media outlets, companies and social networks around the world. Problems were observed, for example, at CNN, Twitter, Guardian, Amazon, Reddit, New York Times. The problems occurred due to a failure in the work of the American cloud service provider Fastly. Within an hour, the problems were fixed.

The opposition has filed a lawsuit against Roskomnadzor on the illegality of slowing down Twitter in Russia


 The head of the Moscow municipal district Krasnoselsky Ilya Yashin, opposition leader Yevgeny Domozhirov, photographer Yevgeny Feldman and the capital's municipal deputy Vadim Korovin filed a class-action lawsuit against Roskomnadzor in connection with the Twitter slowdown. The plaintiffs claim that they themselves did not violate the laws, and believe that the measures of Roskomnadzor violate their rights

The plaintiffs ask the court to oblige Roskomnazdor to "stop using centralized response measures in the form of slowing down the speed and other restrictions on Twitter", and also to oblige the department "to exclude the service from the list of threats to the stability, security and integrity of the functioning of the Internet and the public communication network on the territory of the Russian Federation." According to the lawyer representing the plaintiffs, Stanislav Seleznev, the lawsuit was filed in the Tagansky Court of Moscow.

The plaintiffs claim that they "never published illegal content, did not call for violence, did not justify violence or discrimination." The lawsuit notes that the applicants were not in any way connected to the account owners responsible for posting allegedly prohibited information on Twitter. According to the lawyer, "the rights of each of the plaintiffs are largely affected by the applicable restrictions since the publication of media files is a significant part of their communication with the audience."

According to the statement of claim, interference in the normal functioning of the Twitter service by Roskomnadzor in the form of slowing down access to the entire service for all users throughout the Russian Federation constitutes an interference with the right of administrative plaintiffs to freely express their opinion.

On March 10, Roskomnadzor began to slow down access to Twitter on 100% of mobile devices and 50% of desktop devices. Roskomnadzor threatened Twitter that the social network will be blocked for a month if it does not delete posts with prohibited information. At the end of May, Roskomnadzor announced its decision not to block Twitter, as the moderators of the social network deleted more than 91% of the prohibited information. The department promised to partially remove the speed limit of Twitter.

It should be noted that earlier, Twitter has been fined almost 28 million rubles ($386.500) in Russia for not deleting illegal content according to court decisions.

The Russian expert assessed the demand of the State Department to stop cyberattacks on the United States

 "Moscow should not react to such statements until the United States is ready to seriously discuss the rules of conduct in cyberspace," said Dmitry Drobnitsky, an American political scientist, commenting on the statement of the head of the State Department Anthony Blinken that Russia allegedly has a duty to ensure an end to cyber attacks across the United States

"Mr. Blinken's words are a private statement. It is difficult to somehow assess it since the sphere of cybersecurity is not regulated in any way at the moment. At the same time, Moscow in general and the Russian president, in particular, have repeatedly offered the United States to consider this issue in a comprehensive manner, putting forward a number of initiatives, including at the UN level”, said political scientist-Americanist Dmitry Drobnitsky.

According to him, the world community needs an international agreement that establishes new rules of conduct in cyberspace, because it permeates absolutely all areas of life, and the consequences of hacker attacks on civilian and military infrastructure can be very serious. "But the Americans left our proposals unanswered", the expert added.

"Moscow should not react to such statements until the United States is ready to seriously discuss the rules of conduct in cyberspace and consider this issue as an international problem. Because in the absence of regulation, each country is forced to deal with cyber threats alone," Drobnitsky concluded.

Earlier, United States Secretary of State Anthony Blinken demanded that Russia stop cyberattacks on the territory of the United States. "I think it's the obligation of any country to do whatever it can to find these enterprises and to bring them to justice, including in the case of the attack on the Colonial Pipeline. The enterprise that was responsible [for] that attack, its leaders were in Russia, are in Russia, so I think there's an obligation on Russia's part to make sure that that doesn't continue," Blinken said.

Meanwhile, government sources on NBC have reported that United States President Joe Biden may instruct the US military to prepare "offensive cyber operations" against Russian-based hackers.

Ukraine Suspects Russia Behind a Spear Phishing Campaign

 

Three of the many Ukrainian cybersecurity organizations – the Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine - cautioned last week that Russia-linked cybercriminals were conducting "massive" spear-phishing campaigns against the Ukrainian government and private sector businesses. 

Also, one of the three agencies, the Ukrainian Secret Service has ascribed the attack to the Russian Federation's 'Special Service,' attributing this year's third cyber attack by Russian hackers. 

The spear-phishing campaign occurred at the beginning of June last week, following the Ukrainian Secret Service, Cyber Police, and CERT Ukraine warnings. 

The attackers sent out emails to the Police Department in Kyiv Patrol Police Department, cautioning recipients for the failure to pay local taxes. 

“Specialists of the Security Service of Ukraine established that in early June this year, mass e-mails were sent with the sender’s address changed. Messages, in particular, allegedly from the Kyiv Patrol Police Department contained malicious attachments and were sent to the addresses of several government agencies.” reads the alert published by the Ukrainian Secret Service. 

Recipients of the email were encouraged to install a RAR archive included within the E-mail, that would drop a double extension EXE file (filename.pdf.exe) to appear as a PDF file. 

Victims using the suspicious program would download a modified remote access software, RemoteUtilities, which would revert to remote command servers in Russia, Germany, and the Netherlands. “This allows the foreign intelligence service to remotely exercise full control over the PC,” the Ukrainian Secret Service said on Friday. 

Officials of CERT also noted that the operation last week used tactics similar to other attacks that happened in January and March this year. 

In February, the Government of Ukraine blamed an APT organization, a Russia - based gang, for the attacks on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). The hackers were designed to disseminate malicious documents to government authorities, according to Ukrainian officials. The SEI EB servers are used to communicate documents with Ukrainian government entities. 

The Ukrainian Security and Defense National Council reported that the attackers were conducting “the mass contamination of information resources of public authorities.” 

At the very same time, Ukraine accused Russia of significant offenses targeting Ukrainian security and defense sites on unspecified Russian Internet networks. However, the Ukrainian authorities have not provided any information regarding the attacks or the damage inflicted.

The Russian expert assessed the threat of the United States to launch "offensive cyber operations" against "Russian hackers"

"If the United States does carry out an "offensive operation", Russia will be able to both prevent it and respond symmetrically," said military expert Viktor Murakhovsky, commenting on reports about the US president's plans to instruct the US military to prepare "offensive cyber operations" against hackers based in Russia

"The US doctrinal documents say that in response to hacker attacks, they can use not only cyber weapons but also military means. However, I have little faith that the Americans, in response to an attack, would risk striking Russian territory with conventional weapons. Instead, they can carry out attacks on public networks and on local networks of Russian organizations," said Viktor Murakhovsky, a member of the expert council of the board of the Military-Industrial Commission of the Russian Federation.

In addition, according to him, the US authorities may declare some persons on the international wanted list and detain them on the territory of other states. "It is known that several Russian citizens have been charged by the US Department of Justice with participating in cyber attacks," the expert added.

"At the same time, it is extremely difficult to determine exactly where the attack was carried out. Therefore, such accusations are based on certain assumptions. However, if we talk about attacks on the cyber structure of foreign states, then DDOS attacks are used. Many Russian state information resources have already been subjected to such attacks," Murakhovsky said.

According to the expert, the problem lies in the fact that Russia proposes not to consider cyberspace, including social networks, as a battlefield. And the Americans do not agree with this view.

The expert suggests that if the United States does carry out an "offensive operation", then Russia will be able to both prevent it and respond symmetrically. "We have all the necessary technical means for this," he explained.

In addition, as Murakhovsky noted, Russia has specially trained cyber-military specialists under the control of the General Staff of the Russian Armed Forces.

On Friday, government sources told NBC that the President of the United States, Joe Biden, may instruct the US military to prepare "offensive cyber operations" against hackers based in Russia.

As the TV company points out, the head of the White House will resort to such measures if he fails to reach an understanding on the issue of hacking activity at the upcoming meeting with Russian President Vladimir Putin in Geneva on June 16.

The first users got SIM cards with Russian encryption

Voentelecom has started implementing SIM cards that should create a "trusted environment" on smartphones. The transition to such SIM cards may become mandatory for everyone with the development of 5G

One of the project participants, IDX (developer of identification services), told that Voentelecom is testing SIM cards equipped with Russian cryptography. So far, there are several hundred SIM cards and networks for the military in the experiment.

It should be noted that Voentelecom is a strategic telecommunications company of Russia, which fulfills the state defense order in the construction of military communications.

According to IDX CEO Svetlana Belova, Voentelecom is the first operator to start testing. It was the first to use a hardware security module on its network (HSM; it allows to implement domestic cryptography in telecommunications equipment used by mobile operators). Thus, Voentelecom has made its virtual mobile operator (MVNO) of the necessary security class.

"For various Russian payment applications such as SberPay, TinkoffPay, etc., foreign mobile operating systems, both iOS and Android, are untrusted environments, neither the FSB nor the bank can take responsibility for operations in them. Using a trusted SIM card, on which payment data will be stored, allows us to solve this problem,” said Svetlana Belova.

According to her, many users express dissatisfaction because of the need to provide their data in the public domain. A trusted SIM card allows to provide reliable information for business without disclosing data. For example, when buying alcohol or cigarettes, SIM card users can confirm that they are over 18 years old without disclosing the date of birth.

According to the representative of Voentelecom, the main target segments of their virtual operator are b2b and b2g.

It is worth noting that SIM cards with Russian encryption will work on imported chips. The developer is already testing chips from Samsung, although at first it was planned to use a domestic analog.

Work on the creation of trusted SIM cards began in 2013, its goal was to improve the security of domestic networks.

Every tenth significant IT system in Russia is infected with malware

 According to Rostelecom-Solar research, every 10th critical information infrastructure (CII) in the Russian Federation is compromised by malware. Even hackers with low qualifications are able to attack most of these IT networks: a significant part of the detected vulnerabilities have existed for more than 10 years, but organizations have not prevented them.

Vladimir Drukov, director of the Cyber Attack Monitoring and Response Center at Rostelecom-Solar, associates the presence of vulnerabilities in CII with the fact that the process of regular software updates has not yet been established in more than 90% of companies.

Kaspersky Lab experts agreed with the findings of the study. According to Anton Shipulin, Lead Business Development Manager at Kaspersky Industrial CyberSecurity, cybersecurity is still at a low level in most CII facilities.

"In terms of data protection, a large number of CII objects are currently in a "depressing situation", and there are no serious hacker attacks on them "by happy accident", but it is only a matter of time," added Fedor Dbar, Commercial Director of Security Code.

In addition, the number of hosts with the vulnerable SMB protocol has almost doubled. It is a network protocol for sharing files, printers, and other network resources that is used in almost every organization. Such vulnerabilities are particularly dangerous, as they allow hackers to remotely run arbitrary code without passing authentication, infecting all computers connected to the local network with malware.

The main problem in internal networks is incorrect password management. Weak and dictionary passwords that allow an attacker to break into an organization's internal network are extremely common. Password selection is used by both amateur hackers and professional attackers.

Moreover, the pandemic has also significantly weakened IT perimeters. Over the past year, the number of automated process control systems (APCS) available from the Internet has grown by more than 60%. This increases the risks of industrial espionage and cyber-terrorism.


The Secretary of the Russian Security Council spoke about the new information security strategy

The Secretary of the Security Council also reported on cyber security threats in the draft of the new National Security Strategy

The national security strategy needs to be updated, as the nature of threats in this area has undergone serious changes in recent years, said Secretary of the Security Council of the Russian Federation Nikolai Patrushev.

"The desire of the United States and a number of Western countries to maintain their global hegemony provokes the growth of interstate contradictions, leads to a weakening of the system of ensuring international security," Patrushev stressed.

According to him, both political and economic pressure are used to suppress Russia, attempts are being made to destabilize the country from the outside, to radicalize the protest movement, and to weaken the morality of Russian society. He also noted that the West is conducting a targeted campaign to falsify history, deliberately cultivating Russophobia.

Mr. Patrushev stressed that the double standards of a number of states hinder multilateral cooperation in many areas. "Such counterproductive approaches are increasingly spreading to new threats related to the emergence of previously unknown infectious diseases, ensuring international information security, and solving environmental problems," he said.

Patrushev also spoke about the security threats in the cyber sphere, which are reflected in the draft of the new National Security Strategy of the Russian Federation. "First of all, this is the use of information and communication technologies to interfere in the internal affairs of Russia, a significant increase in the number of computer attacks on Russian information resources, the desire of multinational corporations to consolidate control over the information resources of the Internet, as well as the large-scale dissemination of false information and the growth of crime using digital technologies," he said.

As the Secretary of the Security Council noted, "the more active manifestation of these threats has made it necessary to form a new strategic national priority." It became information security. "The implementation [of this priority] should ensure the country's sovereignty in the information space," concluded Patrushev.

Russian Man Convicted of $7 Million Digital Advertising Scam

 

A Russian person was found guilty in the United States of using a bot farm and hiring servers to create fraudulent internet traffic on media sites, causing businesses to pay inflated advertising rates. 

Prosecutors said Aleksandr Zhukov, 41, was the brains of the Methbot operation, in which 1,900 servers were used to generate millions of bogus online ad views on websites such as the New York Times and the Wall Street Journal. According to the US, Zhukov gained $7 million from the scheme and channeled the money into offshore accounts around the world, citing a text in which he referred to himself as the "King of Fraud." 

The group allegedly called their plan "Metan," which is the Russian term for methane, while the FBI and prosecutors referred to it as Methbot, and later as Media Methane, which was the name of Zhukov's company with operations in Russia and Bulgaria. 

Zhukov and his colleagues negotiated deals with advertising networks to display their ads on websites, then received a commission for each ad that was viewed. According to prosecution filings, Zhukov and his collaborators instead established bogus sites and manipulated data centres to produce false users to make it appear like actual people were viewing the ads from September 2014 to December 2016.

"Zhukov represented to others that he ran a legitimate ad network that delivered advertisements to real human internet users accessing real internet web pages," according to a superseding indictment filed on February 12, 2020. 

"In fact, Zhukov faked both the users and the webpages: he and his co-conspirators programmed computers that they had rented from commercial data centers in the United States and elsewhere to load advertisements on fabricated webpages, via an automated program, in order to fraudulently obtain digital advertising revenue," it says. 

Victims of the scheme "included The New York Times, The New York Post, Comcast, Nestle Purina, the Texas Scottish Rite Hospital for Children, and Time Warner Cable," the Department of Justice said in a news release. 

On a temporary US arrest order, Zhukov was arrested in Bulgaria in November 2018. In January 2019, he was extradited to the United States and pleaded not guilty to the accusations against him.

Moscow has completed a large-scale study on the security of 5G

The press service of the Moscow Department of Information Technologies informs that the specialists of the Scientific-Research Institute of Metallurgical Heat Engineering (VNIIMT) completed research work on the security of mobile communications of all standards, including 5G.

Scientists have determined that the levels of the electromagnetic field created by mobile communication base stations of all standards, including the fifth generation, are safe for human health. 

For a year and a half, specialists conducted street measurements of electromagnetic field levels day and night in six residential districts of the capital, where 2G-4G communication standards are presented, as well as 5G in pilot zones. Laboratory measurements were carried out in full compliance with Russian and international standards and methods.

Scientists have determined the safe level of the electromagnetic field in the prospective use of 5G standard base stations, including in millimeter frequencies such as 28 GHz and 37 GHz. In addition, the staff also analyzed the international practice of applying sanitary norms, safety standards, and recommendations.

"Like many progressive cities, Moscow strives to develop a modern communication infrastructure. At the same time, the well-being of the residents of the capital remains a priority for us. On the eve of the commercial introduction of fifth-generation networks, we wanted to get scientifically based data and be sure that 5G is safe," said Alexander Gorbatko, deputy head of the Information Technology Department. 

He added that in February 2019, the department initiated fundamental research work, which gave a final answer to the question of the security of 5G networks. 

"As for the current sanitary norm in Russia of 10 µW/cm2, which is one of the strictest in Europe: measurements and laboratory studies have shown that even with its increase, the level of the electromagnetic field will still remain at a safe level for humans," said Sergey Perov, the Doctor of Biological Sciences, head of the Laboratory of electromagnetic fields of the VNIIMT.

The results of the study were sent to the Ministry of Health of the Russian Federation and to the Federal Service for Surveillance on Consumer Rights Protection and Human Wellbeing (Rospotrebnadzor) for final decisions.

It is worth noting that in Russia, investments for the development of 5G in 2021-2027 may amount to about 1 trillion rubles ($13.6 million).

5G is the fifth generation of mobile communications, operating on the basis of telecommunications standards following the existing 4G standards. Now the fifth-generation networks are already deployed in South Korea, China, the United States, and a number of European countries.

Ireland suspected Russian hackers of attacking the health service

 The National Cyber Security Centre of Ireland (NCSC) believes that the attack on the country's  Health Service Executive (HSE)  was most likely carried out by a group that is allegedly based in Russia.

The HSE said on May 14 that its IT systems were shut down after a hacker attack. The country's health ministry later announced that it was also cyberattacked on May 13.

On May 15, the American technology news site Bleeping Computer posted a message from hackers purportedly addressed to the HSE. In it, the attackers claim to have gained access to the HSE network more than two weeks ago. They are demanding a $ 20 million ransom for more than 700 gigabytes of personal data. The Irish authorities refused to pay the ransom.

According to local TV channel RTE, the Irish cybersecurity services believe that the attack was carried out by the Wizard Spider hacker group, which is allegedly based in St. Petersburg. It is reported that local officials have already contacted the Russian authorities. The Russian Ambassador to Ireland Yuri Filatov condemned the cyberattack and offered the government assistance in investigating the case.

The channel also reports that hackers provided the country's authorities with decryption keys, but in messages addressed to HSE employees, the attackers said that if they were not contacted, they would publish or sell personal data.

According to the channel, the attackers could have been pressured by the country or countries where they are based due to the damage done to the health care system in Ireland.

It is reported that the received keys are checked by an IT company hired by the HSE, and experts have reason to believe that the keys are genuine. However, they will not be used until they have passed a full malware scan. According to RTE, this is likely to take several days.

The West has repeatedly accused the Russian Federation of interfering in internal affairs and cyber attacks. Russia has denied all the charges, saying that Western countries have not provided any evidence. Moscow has repeatedly stated that it is ready for a dialogue on cybersecurity.


Experts reported a twofold increase in the activity of ransomware hackers in Russia

The authors of the study called the growth "staggering." Since the beginning of April, experts have been monitoring ransomware attacks on more than 1 thousand organizations on a weekly basis. At the end of the first quarter of 2020, this figure was below 600.

"So far, there is no reason to reduce the number of attacks", said Sergey Zabula, head of the group of systems engineers working with partners of Check Point Software Technologies in Russia.
According to him, a 100 percent increase in the number of incidents can be observed at the end of 2021.

"Attackers will continue to invent new, more sophisticated attacks to grow their businesses and steal large amounts of money. And if companies do not pay special attention to training their employees and improving the level of cybersecurity of the organization as a whole, the size of the damage will grow," the expert said.

"ESET data also indicates a twofold increase in the number of incidents involving encryption viruses in 2021", said Vitaly Zemskikh, the company's technical director for Russia and the CIS. According to him, this is due to the neglect of information security in many organizations.

"Moreover, ransomware viruses are one of the most understandable ways to commercialize efforts for hackers", added Kaspersky Lab cybersecurity expert Dmitry Galov.

In addition, it became known that in April 2021, the number of powerful DDoS attacks on game servers in Russia increased by 30 times. According to StormWall experts, DDoS attacks were carried out using a new incarnation of the well-known Layer7 botnet, consisting of 25 thousand infected Internet of Things (IoT) devices.

The famous Russian-language hacker forum has banned the mention of ransomware

XSS is a well-known forum where users discuss all kinds of vulnerabilities, exploits, malware, and ways to penetrate other people's networks. Ransomware was also actively discussed there, moreover, among the forum participants there are representatives of Ransomware groups who actively recruited new partners to work on the "Ransomware-as-a-Service" (RaaS) model.

The decision to ban the discussion of Ransomware was made personally by the forum administrator.

The administrator stated that Ransomware is usually not interesting from a technical point of view, while the main purpose of the forum is "knowledge".

"We are a technical forum, we learn, research, share knowledge, write interesting articles. The goal of Ransomware is only to earn money. The goals are not the same," the forum administrator wrote.

He noted that there is a degradation: newcomers see "crazy virtual millions" that are paid from time to time as a ransom for unlocking data, and think that they will be able to get them. Therefore, beginners "do not want anything, do not learn anything, do not code anything, even just do not think, their whole life is reduced to "encrypt - get $”.

The administrator of XSS Forum also said that there is too much PR around the topic, as well as "nonsense, hype, noise" and even politics. The topic of Politics is obviously related to the Ransomware attack on the Colonial Pipeline, which led to a large-scale crisis in the United States.

"The word "ransom" was equated with a number of unpleasant phenomena — geopolitics, extortion, state hacking. This word has become dangerous and toxic," the forum administrator said.

So he decided to ban everything related to Ransomware. Even old forum threads related to this topic will be deleted.

According to Alexey Vodiasov, technical director of SEC Consult Services said that Ransomware is really a way to make quick money with very little effort. It is possible that after the attack on the Colonial Pipeline, US law enforcement agencies may launch an intensive campaign against the cyber underground.

The White House believes that the attackers on the Colonial Pipeline are located in Russia

 The Russian authorities should take action against the hacker group DarkSide, which, according to Washington, is located in Russia and is involved in the cyberattack on the U.S. pipeline company Colonial Pipeline. This opinion was expressed on Tuesday by the press secretary of the White House Jennifer Psaki at a regular briefing for journalists.

She was asked whether Russia has any responsibility in connection with the fact that DarkSide is on Russian territory. "U.S. President Joe Biden said his intelligence community has not yet completed a comprehensive analysis of the incident. Moreover, according to the FBI, the attack is attributed to the hacker group DarkSide, located in Russia, so this country must act responsibly," noted Psaki.

"But, again, we will wait until our intelligence community to conduct a comprehensive analysis before we can report anything else on this," she concluded.

On Monday, Biden suggested that the criminal elements who carried out the hacking attack on the Colonial Pipeline may be in Russia. Brandon Wales, the Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Tuesday that FBI experts are confident that criminal elements, not authorities of any state, were responsible for the cyber attack.

Press Secretary of the Russian President Dmitry Peskov stressed that Russia had nothing to do with the cyber attack. He stressed that "the United States refuses to cooperate in countering cybercrime."

The Russian Embassy in Washington rejected "baseless fabrications by individual journalists" about Moscow's possible involvement in this attack.

Earlier, E Hacking News reported that the hackers who caused Colonial Pipeline to shut down the biggest US petrol pipeline last Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, as per the sources.

According to the two reports, the intruders, who are members of the DarkSide cybercrime group, took nearly 100 gigabytes of data from the Alpharetta, Georgia-based company's network in just two hours on Thursday.

Chinese hackers attacked a Russian developer of military submarines

Chinese hackers reportedly attacked the Rubin Central Design Bureau for Marine Engineering (СKB Rubin), which designs submarines for the Russian Navy, by sending images of a submarine with malicious code to its CEO. Experts believe the hackers are acting in the interests of the Chinese government.

According to cybersecurity company Cybereason, in April, Chinese hackers attacked the Russian CKB Rubin. The attack began with a fake letter that the hackers sent to the general director of CKB Rubin allegedly on behalf of the JCS “Concern “Sea Underwater Weapon – Gidropribor”, the State Research Centre of the Russian Federation.

The letter contained a malicious attachment in a file with images of an autonomous unmanned underwater vehicle. "It is very likely that hackers attacked Gidropribor or some other institution before that," the author of the Telegram channel Secator believes.

The RoyalRoad malware attachment used in the CKB Rubin attack is one of the tools that guarantees delivery of malicious code to the end system, which is most often used by groups of Asian origin, said Igor Zalewski, head of the Solar JSOC CERT Cyber Incident Investigation Department at Rostelecom-Solar.

Cybereason pointed out that the attack on CKB Rubin has similarities to the work of Tonto and TA428 groups. Both have been previously seen in attacks on Russian organizations associated with science and defense.

It is worth noting that the CKB Rubin traces its history back to 1901. More than 85% of the submarines which were part of the Soviet and Russian Navy at various times were built according to its designs.

According to Igor Zalevsky, the main Rubin's customer is the Ministry of Defense, CKB Rubin deals with critically important and unique information related to the military-industrial complex of the Russian Federation which explains the interest of cyber-criminals.

Experts believe that such attacks will gain momentum because specialized cyber centers are being created due to aggravation of information confrontation between states.

Information security expert Denis Batrankov noted that designers are attacked for the sake of industrial espionage mainly by special services of other states. "The problem is that we all use software, which has many hacking methods that are not yet known. Intelligence agencies are buying new vulnerabilities from the black market for millions of dollars,” added he.


Russian Actors Change Techniques After UK and US Agencies Expose Them

After the western agencies outed their techniques, Russian actors from the APT29 group responded to the expose by using a red-teaming software to get into the victim's network as a trusted pentesting exercise. Currently, NCSC (National Cyber Security Centre) of UK and the US have alarmed, that the SVR is currently exploiting vulnerabilities that are critical rated (a dozen of them) which also include RCEs in devices that range from VMware virtualization to Cisco's routers, as well as the famous Pulse Secure VPN flaw, along with other equipment. 

"The NCSC, CISA, FBI, and NSA publish advice on detection and mitigation of SVR activity following the attribution of the SolarWinds compromise," says the NCSC website. It found a case where the spies look for verification credentials in mails, which included passwords and PKI keys. Quite similar to MI6 with a bit of GCHQ, the SVR is a foreign intelligence agency of Russia and is as popular among the cybersecurity realm as APT29. 

Last month, UK and US agencies came together to expose the group's techniques, allowing cybersecurity research around the world to have a glance at the lethal state-sponsored attackers that might've attacked their network infrastructure. After finding the NCSC report, the SVR actors have changed their TTP to avoid getting further caught and also to escape any preventive measures that network defenders might've placed. Besides this, the group is also pretending to be an authorized red-team pentester, to avoid getting caught. The actors also got into GitHub and installed Sliver, an open-source red-teaming platform, to keep their access active. 

The Russian actors have become more active in exploiting these vulnerabilities. NCSC, in its blogpost, warned smart City infrastructure, public operators, to be alert of suspicious state-sponsored actors that intend to steal data. "Why the sudden focus on smart streetlights and all the rest of it? The risk in smart cities is the direct control of operational technology; industrial equipment such as CCTV, streetlights, and access control systems. We understand at least one UK council is removing some smart city gear after having thought of the wisdom of installing it," reports the Register.