Search This Blog

Showing posts with label Russia. Show all posts

Russians Warned for US-led Cyberspace Threat Ensuing Solar Wind Orion

 

On Thursday evening, the Russian government released a security notice to Russian firms warning of possible US-led cyber-attacks following the SolarWinds incident. In retaliation for SolarWinds hacking which has breached networks of a variety of US federal agencies including the Defense Department and top-tech businesses, the Russian government has warned corporations around the world of an imminent cyberspace threat. 

At least 250 federal agencies and leading US businesses have suffered from Russian-backed hackers by filtering into the surveillance and control platform 'SolarWinds Orion.’ The response of the Russian government comes after earlier statements from the current Biden administration.

New officers from the White House said that they are reserved with the freedom to respond to cyberattacks, and they would want to do so in answer to the questions about their plans for SolarWinds. The secretary of the press said that “We’ve spoken about this previously… of course we reserve the right to respond at a time and manner of our choosing to any cyberattack.” 

The reaction from Moscow to this statement was given hours later by the Federal Security Service, an internal security and intelligence body in Russia, the National Coordinating Centre for Computer Accidents. It took the form of a protection newsletter. 

The brief statement included a list of 15 best practice safety measures that companies have to follow to remain safer online, and cited the statements of the Biden government which are considered as a threat. The best practice in the warning is to include factory safety guidance and few businesses and even the least qualified safety, as noted by the experts. 

In reaction to Biden's hostile declaration earlier in the day further security warnings were released. In the SolarWinds incident, Russia has declined its stance. Following the event of SolarWinds, the Biden administration has dedicated $9 billion to cyber defense. Recently, at least 24 large corporations, including tech giants including Intel, Cisco, VMware, and Nvidia have been hacked. 

In Orion applications sold by the IT management firm SolarWinds, the alleged Russian hackers built and collected the confidential data of a number of U.S. government departments and firms. The original report was that 18,000 government and private networks were hacked by Russian hackers.

Experts found a vulnerability in the application of the Moscow State Services

Specialists of the company Postuf reported a vulnerability in the application of the Moscow State Services, with which it was possible to gain access to the account, knowing only the user's mobile number.

This made it possible to get all the information that the user specified on the site: full name, e-mail, year of birth, medical insurance number, list of movable and immovable property, information about the foreign passport, about children, students in schools, etc. Knowing the number of the medical insurance number and the year of birth, it was possible to get access to medical information: which doctors a person visits, what prescriptions are written to him, the history of attachment to clinics, etc.

"The vulnerability made it possible not just to view, but also to change the data", said the founder of the company Postuf Bekhan Gendargenoevsky.

The expert notes that it is impossible to cause serious harm by knowing the data from the portal, but personal data can be used by hackers for phishing attacks.

"It is impossible to steal money directly [with such information], although hackers can use their knowledge in social engineering and try to steal bank card data from a person," said the computer security specialist.

He also noted that since the system has no restrictions on the number of requests for access to accounts, requesting the so-called beautiful numbers, it was possible to get information "about a number of well-known personalities who, as a rule, have such numbers."

A representative of the Moscow Department of Information Technology did not confirm the information about the vulnerability, stressing that authorization in the Moscow State Services mobile application without specifying a password is impossible.

State Services is a federal state information system. It provides individuals and legal entities with access to information about state and municipal institutions and organizations, and the services they provide in electronic form.


Russian hackers hacked the first level Olympiad in a second

A new Olympic season has begun in Russia. Many competitions have been moved online due to the COVID-19 pandemic. The first level Olympiad allows the winner to enter the university without exams.

It turns out that the hacker could theoretically ensure admission to the best universities in the country, putting graduates in unequal conditions.

SQL injections and XSS vulnerabilities were discovered on the site, which make it is possible to influence the results of the competition. As a result, according to the hacker, it is easily possible: 1) find out the tasks in advance and change the answer data during the Olympiad; 2) see the sessions and data of other users; and 3) massively upload user information, including personal information (information from the passport, registration, phone, e-mail).

"SQL injection is one of the easiest ways to hack a site. Indeed, in a very short period of time and by replacing several characters, an attacker can gain access to all personal data of the Olympiad and to all tasks," said Oleg Bakhtadze-Karnaukhov, an independent researcher on the Darknet.

According to the researcher, most likely, there was not enough time to detect such errors during the programming of this site, although it takes little time to find and fix them.

"If the site contains vulnerabilities, then a command in a specific programming language can be inserted, for example, in a link, and the page will display information that was not intended for users initially," explained Dmitry Galov, Cybersecurity Expert at Kaspersky Lab.

According to Alexei Drozd, head of the information security department at SearchInform, the reason may be design errors, as a result of which the site, for example, poorly checks or does not check incoming information at all.

"Unfortunately, when developing websites and applications, security issues are always in the background. First, there is a question of functionality," concluded Alexey Drozd.


Russian IT company reportedly lost contract in USA because of serving sites with content from Trump supporters

The CEO of the Russian provider DDoS-GUARD Evgeny Marchenko explained why the American CoreSite refused to work with his company.

DdoS-Guard, a company registered in Rostov-on-Don, has lost access to partner data centers in the United States. The reason for this was the fact that the company provided services to protect the websites of supporters of Donald Trump. This is reported by the Telegram channel Mash.

According to the founder of the company, Yevgeny Marchenko, the formal reason was to provide hosting to a site associated with the Hamas movement.

"The story began in November last year. One of our partners found out that we are working with a website related to the Hamas movement, which is banned in the United States. We immediately stopped cooperation, but the story was continued at the beginning of the year," said Marchenko.

Already on January 7, CoreSite announced that cooperation with DDoS-Guard was terminated, explaining the same reason - cooperation with Hamas.

"We conducted an internal investigation and found out that one of our partners distributed information to supporters of the current President Trump. Moreover, the content was distributed by a Canadian company. It all looks like an attempt to find at least some Russian company and by any means make a scandal that suggests that Russians support Trump," added Marchenko.

Also, the owner of DdoS-Guard noted that Hamas is now quietly working with the American company.

The DDoS-Guard company has already been repeatedly accused of supporting not entirely legitimate sites, but no measures were taken against them.

DDoS-Guard was founded in 2011 by Evgeny Marchenko and Dmitry Sabitov. The company provides traffic filtering services to protect against DDoS attacks to retail and corporate customers on the basis of its own network of filtering nodes located in several countries. DDoS-Guard also acts as a provider of secure hosting services. The company's head office is located in Rostov-on-Don.

Recall that almost all IT companies are against US President Donald Trump. The reason was the attack by his supporters on the Capitol, which took place on January 6. Many felt they were prompted to do so by Trump's words. After that, his accounts were blocked on almost all major social networks.

Hackers accessed thousands of surveillance cameras, network devices and even the displays on the platforms of Russian Railways

 A user of the Habr website discovered a vulnerability that allows him to penetrate the video surveillance system of Russian Railways. According to him, during the day, the holding's specialists managed to close it. Information security experts said that now Russian Railways needs to conduct an audit of internal systems to make sure that the attackers who gained access could not go further.

Specialists of Russian Railways closed the vulnerability that allowed access to video cameras and internal services of Russian Railways, as follows from the blog of one of the Habr users. Earlier, on the morning of January 13, the author of the blog published an article about how he managed to gain access to the Russian Railways system by exploiting a vulnerability in its perimeter. According to him, the problem was related to non-changed passwords installed by default on MikroTik routers.

"The vulnerability could allow attackers to block all cameras on the railways in a week, which would cost the holding at least 130 million rubles ($1,8 million), and the restoration of video surveillance would take at least a month," warned the hacker.

Russian Railways were unable to promptly confirm information about the vulnerability and its elimination and stressed that illegal access to computer information is a criminal offense.

"After changing the accounts of Russian Railways, it is necessary to check for traces of outsiders in its infrastructure, conduct a large-scale audit of all IT systems, as well as review existing threat detection scenarios", recommended information security expert Alexey Lukatsky.

MikroTik routers, which, according to the author of the blog, are used by Russian Railways, belong to the segment of home and office equipment, and users often leave default passwords on such devices and on video cameras of any manufacturer. Attackers often use this in automated DDoS attacks.

Russian Railways had security problems before: in August 2019, the personal data of 703 thousand employees of the state monopoly were publicly available, and in November 2020, the database of the Russian Railways Bonus website "leaked" to the network.

The Russian expert explained why scammers distribute free SIM cards

 

SIM cards that are distributed on the street without signing a contract are most likely issued to someone else. Most often, they are used to establishing control over your account in a service. According to Dmitry Pudov, Deputy General Director for Technology and Development of the Angara Group of information security companies, the use of such a SIM card can turn into various troubles.

"It is better to refuse such offers and certainly not to use these SIM cards. The main argument is that you can't prove that this SIM card belongs to you. Accordingly, from the point of view of the law, you are not a subscriber and do not have any rights," explained the expert.

Fraudsters can reissue the card and then all calls and SMS messages will be sent to the new SIM card. Now there are a lot of services and applications that use SMS to restore access in case you forget your password.

"Be prepared to lose access to these services if you use free SIM cards", warned the expert.

Many Internet services still use SMS for delivery and other confidential information. However, for several years now, short text messages (SMS) have been recognized as an unreliable means of communication. Increasingly, this method of data transportation discredits itself and leads to various incidents.

According to Mr. Pudov, attackers will try to establish control over your accounts, they will request a password reset and, if the password comes to the number of the SIM card issued to you, they will get access to it. Then the only question is how they can benefit from this: monetize the traffic of your social network account, send your friends a request to "urgently help with money", use your account to send phishing messages.

"Previously, this attack was actively used to intercept online banking confirmation codes to steal money, even if the SIM card belonged to you. Using banking Trojans or other hacking methods, hackers obtained the victims 'online banking credentials, and then a duplicate SIM card," concluded Pudov.

The data of 1.3 million Russian Hyundai customers are on sale

The database, which contains information about 1.3 million Russian owners of Hyundai cars, is put up for sale on Darknet. This is reported by Telegram-channel "Information Leaks".

According to him, the data of 1.3 million registered users of the hyundai.ru website were put up for sale. The database contains the full names, phone numbers, email addresses and home addresses of the automaker's customers, as well as information about the vehicles they purchased, spare parts orders and participation in the brand's marketing activities.

Ashot Hovhannisyan, the founder of the DLBI data leak intelligence service, said in an interview that the database with Hyundai customer data is sold for about $2 thousand. According to him, the seller of the database has a high rating and has not previously been seen selling fake data. Hovhannisyan clarified that the latest data on user operations contained in the "testers" of the database refers to 2019.

The seller of the database, as other interviewed information security experts told, has a good reputation, so the leak is similar to the real one. One of the interlocutors claims that the seller of the base is a Russian who lives in Moscow.

According to Hovhannisyan, the database is a "dump" of the SQL server that serves the site of the Russian office of Hyundai, so most likely the source of the leak was a vulnerability in this server found by an automatic scanner or a backup copy of the data accessed by cybercriminals.

According to KELA analyst Viktoria Kivilevich, the seller of the database has many ads in which he offers databases of other companies in the same format, so it is likely that the hacker massively scans vulnerable networks, "selects those that are more delicious" and exploits vulnerabilities.

Security Expert listed the largest data leaks of Russian residents in 2020

Founder of DLBI data leak intelligence service Ashot Hovhannisyan spoke about the most large-scale database leaks in the Russian Federation in the past year.

According to him, one of the most high-profile cases of data leakage in Russia occurred at the end of 2020. In December, a database of more than 100 thousand lines containing personal data of Moscow residents who had recovered from COVID-19 was made publicly available.

In November more than 1.3 million lines of data of Russian Railways Bonus customers appeared on the black market, containing the e-mail address and user ID, an encrypted password, the date of registration and last login, as well as service data.

"In June, there were data leaks from clients of the SuperJob.ru portal and the Skyeng online school of English, each of which was about 5 million lines and contained the full name, gender, date of birth, phone number, email address and other data," said Mr. Hovhannisyan.

He also recalled that in April there were leaks of 12 million records of Russians who issued microloans in various microfinance organizations in 2017-2019. At the same time, “almost a million lines of data of clients of the loyalty program of the retail chains K-Ruoka and K-Rauta appeared on the Internet, containing their full name, e-mail address, mobile and home phone numbers, gender, date of birth, date of filling out the questionnaire, numbers loyalty cards".

“Finally, the largest leak of nearly 600 million lines of data of customers of the Premium Bonus service, which was discovered in March 2020, containing personal data of customers of the service, was the largest leak this year. It provides loyalty programs to popular cafes and restaurants, for example, Mu-Mu, Jean Jacques, Pizza Empire”, concluded the expert.

US Intelligence Task Force Accuses Russia Of Cyber Attack

 

Previously, US President Donald Trump had accused China of malicious security incidents; security experts and officials have suspected China to be involved in the recent cyberattacks on the US government and several other organizations in the nation but now other members of his administration are pointing out the finger at Moscow. 

In a joint statement on 5 January, the intelligence bodies said, "the attack believed to be an 'intelligence gathering' attempt, rather than cyber warfare, as touted by multiple lawmakers including President Donald Trump. Currently, it is also being observed that cyber-attack which attempted to sabotage online privacy and information has affected fewer than ten US government agencies along with several other organizations outside government”. 

 A collective report of government organizations, the UGC, also called Cyber Unified Coordination Group which has been set up to deal with the recent attack, stated that the Advance Persistence Threat (APT) actor which is responsible for the cyberattack was “likely Russian in origin”. It also said other government organizations that are collaborating for the collective report, are the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Office of the Director of National Intelligence (ODNI), and the National Security. 

The intelligence stated that the research regarding this is still going on to understand the scope of the data compromised during cyber attacks. According to the committee, the hacking attempts were initially made in March 2019 when the updated version of the IT network management tool called Orion was compromised. 
The report says those thousands of people who had installed this hacked tool across American territory, many of whom worked in important US federal agencies. Besides non-government organizations, a major part of the US government was compromised during the recent cyber attacks such as the Treasury and Department of Commerce, and the National Telecommunications and Information Administration.

"This is a serious compromise that will require a sustained and dedicated effort to remediate. Many organizations have to scour their systems for signs that they may have been compromised. The incident sent shockwaves across the US partly because the breach was undiscovered for many months and was potentially far-reaching in terms of who it might have affected. It also suggested a degree of sophistication and stealth which was widely seen as a trademark of hackers from the SVR", Russia's foreign intelligence agency, the Intelligence committee said in a statement.

Russian experts give tips on how to prevent personal data leakage

In Russia, the number of cyber attacks increased by almost a quarter in the first quarter of 2020, said Anton Kukanov, head of the Russian Quality System (Roskachestvo) for Digital Expertise, citing Positive Technologies data.

The expert also clarified that about 13% of fraudulent links were related to the topic of the coronavirus pandemic. He drew attention to the fact that almost half of all stolen information in the first quarter of 2020 were usernames and passwords.

According to Anton Kukanov, the main purpose of scammers is not the personal data of users, but payment information.

"They use phishing campaigns, social engineering techniques, and a wide range of malicious programs for this purpose, such as keyloggers that record and transmit passwords, remote access programs that allow a hacker to control the device," said Mr. Kukanov.

The expert advises not to click on suspicious links and not to use sites with illegal content in order to prevent fraudsters from stealing logins and passwords. In particular, resources with free movies, including new products, or games that users love so much, can actually be "monetized" by viral software.

"It is also not recommended downloading applications on third-party sites. You need to do it exclusively in official stores, otherwise, you can quickly "catch" the virus. However, there is a risk of "infecting" the gadget through the official store, although less", noted Anton Kukanov.

Moreover, a specialist from Roskachestvo advises looking at the rating of the application before installing it and read reviews without fail in order not to download an application with a virus.

He also recommended paying attention to the permissions that are requested by installed applications. For security reasons, according to Kukanov, it is better to reject those that contradict the meaning of the application.

SolarWinds Attack Update: Russian Hackers Breached 250 US Agencies and Top Companies

More than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. The attackers gained access by hacking into 'SolarWinds Orion' management and monitoring software. The hack was much worse than what I expected, says US Senator Mark Warner according to New York Times report. The scale of the attack keeps increasing, it's evident that the US government failed to detect the attack. As per the report, companies like Amazon and Microsoft who offer cloud-based services, now investigate further to find evidence. 

The report suggests that Russian hackers compromised multiple supply chain layers to breach more than 250 networks and gain access. According to Microsoft, hackers exploited the SolarWinds software which allowed them to copy user accounts of the company, some of which were top-level individual accounts. Microsoft found unusual activity in a few company accounts and upon investigation, it found that hackers used one account to access source code in multiple source codes repositories. Besides this, Microsoft confirms that the account didn't allow hackers to change code or modify engineering systems. 

The further investigation cleared that no other unusual activities were found. During the investigation, these accounts were tested and then restored. Earlier assumptions suggested Russian actors breached more than 18000 public and private networks (including government agencies).  According to the reports, it suggests that few breached SolarWinds softwares were modified in Eastern Europe. Cybersecurity experts and federal officers currently investigate if the large scale attack operated from areas where Russian intelligence is deeply embedded. 

CISA (Cybersecurity and Infrastructure Security Agency) has alarmed US federal agencies to either shut down all the exploits SolarWinds applications or update the hacked SolarWinds Orion software. E-Hacking News earlier reported "currently, Microsoft hints to “a very sophisticated nation-state actor” as the attacker, cybersecurity experts, and the U.S government has alleged Russia for orchestrating the SolarWinds attack. The cyberattack also revealed a listing of susceptible companies. However, Microsoft didn't disclose how much the hackers were able to view the source code and what the hackers did with it. "

Russians ‘InfoWarrior’ Hackers New Game Changer for the Geopolitical Agenda?

The worse cyber attack of the year 2020 on SolarWinds which was allegedly carried out by Russian state-backed threat actors is signs of advancement in different ways as Moscow is seemingly improving its technical abilities that might pose a bigger threat of cyber espionage globally. 

The attack has compromised many important departments of the U.S. government, big tech companies, hospitals, and universities, showing a big loop of online intrusion, which is illustrating how cyber espionage operations have become a left-hand job for Russian ‘infowarrior’. Should it make the West more concerned about the security of its government or should the whole world consider these attacks as a new normal? 

Russia’s diplomatic relation with the West has always been bitter since the World Wars, and even today the situation continues to border on bitterness. Moscow sees the cyber attacks as a cheap and effective way to achieve and win its geopolitical aspirations, and therefore Russia is unlikely to take a step back from such tactics, whilst facing U.S. sanctions or countermeasures. 

Bilyana Lilly, a researcher at think tank Rand Corp said, “Such operations are a relatively inexpensive and effective way to conduct geopolitics that is crucial for Russia, which is facing considerable economic and demographic challenges and whose economy is smaller than Italy’s. 

Referencing from an article in a Russian military journal, “the complete destruction of the information infrastructures” of the U.S. or Russia could be carried out by just one battalion of 600 “info warriors” at a price tag of $100 million’’. 

It’s been an ardent task for the West to vehemently retort to Moscow’s growing cyber abilities. Washington’s vengeance measures including sanctions, diplomatic expulsions, property seizures, and even big threats such as expulsion from the world-leading economic organizations appear to have little to no impact on its operations. 

Pavel Sharikov, a senior fellow at the Russian Academy of Science’s Institute for U.S. and Canadian Studies said, “Russia doesn’t see sanctions as an instrument of pressure but as an instrument of punishment. The Russian government says, ‘Yes we understand that you don’t like what we are doing, but we don’t really care”. 

Notably, US officials and tech companies have accused the Russian regime of cyber espionage attacks on multiple occasions, including attempts to intervene before the 2020 election. The WSJ discovered how Moscow’s cyber espionage and trolls have enlarged their 2016 toolbox with a new stratagem. 

Inferring from a paper co-written by Rand’s Ms. Lilly, “in recent years, so-called information confrontation has become an established part of Russia’s military doctrine”. In 2019, Gen. Valery Gerasimov, Russia’s General Staff chief, said that in modern warfare, cyberspace “provides opportunities for remote, covert influence not only on critical information infrastructures but also on the population of the country, directly influencing national security.” 

According to the authorities, Moscow is trying to advance its geopolitical agenda by using its cyberattack tactics; the initial target was ex-Soviet countries. It was in 2007 when Russia-backed hackers attacked Estonia which compromised websites government, bank credentials, and newspapers. 

Following up, Ukraine and Georgia have also been attacked. In most cases, states’ media firms, and election infrastructures have been targeted. “Russian state-backed hackers set their sights on the West. In 2014, they penetrated the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified schedule, U.S. officials said. 

According to the German authorities, in 2015, they got into the German parliament, in what experts described as the most significant hack in the country’s history’’. 

Interestingly, that's not all, Russia was accused of its interference in the French elections and the ‘Pyeongchang’ Winter Olympics and for the NotPetya malware attacks on the corporate webwork. And now, the Western administration is accusing Russia of cyber espionage attacks against the COVID-19 vaccine supply chain. Russia has denied its involvement. 

Russian hackers gained access to the source codes of Microsoft programs and systems

Microsoft believes that hackers who previously attacked US government departments and businesses have gained access to internal information about its software code.

Microsoft is among the clients of the US firm SolarWinds, whose systems were hacked earlier this year. On December 17, Microsoft representatives admitted that "malicious SolarWinds code was detected in its ecosystem, it was isolated and removed."

The company's specialists reported that "one account was used to view program code in a number of repositories."

As it became known earlier, the Orion software of SolarWinds was hacked in March of this year. Hackers managed to inject the virus into the Orion update, which was then downloaded and used by thousands of SolarWinds customers, including leading government agencies, as well as more than 400 major American companies.

In a joint statement released last week, the Office of the US Director of National Intelligence, the FBI and the Infrastructure and Cybersecurity Agency said they had documented a major attack on the federal government's computer networks.

US Secretary of State Michael Pompeo outlined the version according to which Russia was involved in the attack. Meanwhile, US President Donald Trump stressed that the media exaggerated the scale of the incident.

Press Secretary of the Russian President Dmitry Peskov said that Moscow was not involved in hacker attacks on US government agencies and companies.

Experts agree that by raising the topic of cyber attacks, the new US administration is preparing the ground for another package of anti-Russian sanctions. This can be both the introduction of sanctions and a cyber attack, for example, on the main state institutions, says Konstantin Blokhin, a researcher at the Center for Security Research of the Russian Academy of Sciences. And the fact that Trump did not blame Russia does not mean a change in Washington's foreign policy.

A similar point of view is expressed by the political scientist-Americanist Mikhail Sinelnikov-Orishak. "This is a great reason to accuse Moscow of interfering in internal affairs, to justify any measures, since it is impossible to determine exactly who is behind these attacks. In addition, this is a good justification for allocating additional funds from the budget for the cyberspace," said the political scientist.

Experts listed the possible goals of cyber criminals who hack websites

According to Positive Technologies, in 2020, cybercriminals have become increasingly interested in hacking sites: in seven out of ten cases, the purpose of an attack is to gain access to a resource, including for its further sale to another attacker.

The company's experts, to find out the most popular targets of hacking sites, examined more than 80 million messages on the ten most active forums in the shadow segment of the Internet, which provide services for hacking sites, buying and selling databases, and accessing web resources.

According to Positive Technologies analyst Yan Yurakov, since March 2020, interest in the topic of hacking sites has been identified. He also explained that this trend could lead to an increase in the number of companies represented on the Internet, which was provoked by the pandemic.

In seven out of ten requests related to hacking sites, the main goal is to gain access to a web resource. Attackers can not only steal confidential information but also sell access to a web application.

In another 21% of cases, the purpose of hacking a site is to extract and obtain databases of users or clients of the attacked resource. According to Positive Technologies, competitors and spammers who collect lists of addresses for targeted thematic mailing lists aimed at a specific audience are primarily interested in acquiring such information.

For about 4% of hackers, the main goal is not to hack the site itself, but to place malware on it. About 3% of customers are looking for a hacker to remove certain data from the site after hacking, and 2% sell ready-made programs and scripts for hacking.

Recently it became known that the list of pre-installed Russian software for smartphones, tablets, computers and Smart TV will include an application that combines sites with free access. Since April 1, the Ministry of Digital Industry has been conducting an experiment to provide residents of Russia with free access to 371 sites.

The Ministry of Internal Affairs of Russia is creating a cyber police

 Deputy Interior Minister Igor Zubov noted that the number of cybercrimes has increased significantly in the context of the coronavirus pandemic

The Ministry of Internal Affairs of Russia organizes cyber police in its structure, the corresponding decision has already been made by the head of the department, Vladimir Kolokoltsev.

"Today we can talk about the phenomenon of influence on the mass consciousness of young people in terms of changing their behavior in a destructive way. Therefore, this part of the work requires very serious attention. We are making serious changes directly in our structures. The Minister of Internal Affairs Kolokoltsev Vladimir made the decision on the creation of cyber police, it is a question not of one day, it will take a lot of time, demands both money, and equipment, and changes of qualification of employees" said he.

Zubov also noted that in the context of the coronavirus pandemic, the overall crime rate in Russia remained the same, but the number of cybercrimes increased significantly.

"For a number of reasons, this is the impact of digitalization of society, and the fact that people, being isolated, have more opportunities to draw on the Internet various knowledge, including criminal plan, and try themselves in this," added he.

Zubov said that once he tried to file a complaint with a district police officer about an Internet crime, but the officer did not understand anything. Accordingly, here we are talking about concentrating all competent people in one place and investigating cybercrime.

At the same time, the ex-adviser to the president doubted that the Ministry of Internal Affairs will be able to provide such specialists with decent wages since professionals in the IT-sphere are highly paid employees.

Earlier this year, it was reported that the investigative Department of the Ministry of Internal Affairs created units to combat IT crimes. This measure has become necessary, as police investigators increasingly have to investigate crimes of this kind.

US Cyberattack: More than 50 Companies Suffer A Massive Breach

FireEye, the cybersecurity firm responsible for finding out about the massive hacking campaign against the US government says that 50 organizations have suffered major breaches from the attack. According to BBC, "Several other organizations around the world, including in the UK, are understood to have been targeted by hackers using the same network management software." FireEye CEO, Kevin Mandia said a total of 18,000 organizations had suffered an attack, out of which 50 have suffered a major data breach. 

Among the targets include DHS(Department of Homeland Security), The US Treasury, and state and defenses.  Mike Pompeo, US Secretary of State, says Russia is responsible for the attack. Whereas former US President Donald Trump suspects China behind the cyberattacks. Trump took to Twitter last Saturday and said that he believes China is responsible for the attack against the US. According to FireEye, the hacking breach is very serious and consistent. The US officials believe that the attack is the work of SVR, a Russian foreign intelligence agency. 

According to Mr. Mandia, these might be the same hackers that the US encountered in the 90s and the early 2000s. It all started when the hackers breached SolarWinds Orion, a Texas-based firm. In the SolarWinds supply chain hack, a "big" telecommunications company, various government organizations, and a fortune 500 company have been the targets of the breaches. The news comes a day after Microsoft agreed that it had informed its 40 customers of a breach in its Defender antivirus software. Mr. Pompeo has a firm belief that Russia is engaged with this activity. He alleges Russia for undermining the US government and says Russian President Putin is the real risk. 

"Hackers managed to gain access to major organizations by compromising network management software developed by the Texas-based IT company SolarWinds," reports BBC news. The access could have allowed the hackers to take a high degree of control over the networks of organizations using that software, but appears to have been used to steal data rather than for any disruptive or destructive impact, it further says.

SolarWinds Cyberattacks, Microsoft's Turn?

 

The United States is witnessing major cyberattacks, multiple government departments’ agencies are being targeted including treasury and commerce departments, homeland security and now Microsoft is the latest victim of a cyber attack. 

The ‘SolarWinds hack’ has emerged as one of the biggest cyberattacks against the US government, its agencies, and several other private companies, so much so that it has been said the world is under global cyber attack.  

According to Microsoft’s president, Brad Smith, more victims are expected to surface as investigations continue. 

Government departments and private organizations all across the globe are facing difficulties in disabling the compromised SolarWinds products from their systems. 

Intelligences investigating the matter, have named the hack ‘Sunburst’, saying that it will take years to fully decipher these cyber-attacks including the attack vectors and the origin. In this regard, Smith further stated, “We should all be prepared for stories about additional victims in the public sector and other enterprises and organizations.” 

Furthermore, he said that Microsoft has already notified 40 of its security customers that its products are being found to be compromised. The malicious actors are seen to be targeting them “more precisely and breaching the security through additional and sophisticated measures". Experts have predicted the continuity of the attacks, saying more victims are likely to come up. 

As per the researchers, approximately 80 percent of these customers were located in the United States, while others were from Mexico and Canada in North America, Spain, Belgium, and the United Kingdom in Europe, and UAE and Israel in the Middle East. 

Attackers have targeted the government agencies, security and other technology firms, and private organizations of the abovementioned nations. 

However, above all, the campaign is “effectively an attack on the United States and its government and other critical institutions,” Smith warned. So far, six federal entities have been attacked: the Department of Energy, The Pentagon, the National Institute of Health, the Department of Homeland Security the Department of Treasury, and the Department of Commerce. 

The information about the attack has come from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as the agency warned government and non-government agencies that there could be additional initial-access vectors, beyond the SolarWinds Orion platform. 

Sources from Reuters told that the malicious actors used Microsoft’s Azure cloud as part of their attacks, however, a Microsoft spokesperson denied this by saying that “there are no indications that our systems were used to attack others’’

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

 

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel. 
 
The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.  
 
FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities. 

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds   used to monitor the health and performance of networks.  
 
Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.  
 
As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign." 
 
Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".  
 
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.

The European Commission added VKontakte and Telegram to the list of pirate sites

VKontakte is surprised by the decision of the European Commission to include the social network in the list of resources that contribute to online piracy, the company has been interacting with copyright holders for many years and quickly restricts access to controversial content

The European Commission has published a new list of resources that promote piracy and can benefit from it. The list for the first time included the Telegram messenger and the social network VKontakte.

The list is formed on the basis of reports from groups of right holders. According to the European Commission, Telegram users, including using public channels, "exchange illegal content, in particular music, books, news publications, films and TV programs." In addition, subscribers share links to other sites that host pirated content.

The social network "VKontakte" is also included in the list due to many complaints from copyright holders. Users of the social network can have unauthorized access to books, as well as to movies and TV shows, in particular through the built-in video players.

Both Telegram and VKontakte objected to their inclusion in the"piracy watch list". Telegram told the European Commission that it "does not tolerate any malicious content on its platform" and removes it within 24 hours. VKontakte also noted that it is fighting piracy. In particular, the social network indicated that the copyright holder can complain about copyright infringement through an electronic form. According to VKontakte, its employees processed more than 1.36 million such complaints, most of which ended with the removal of content.

"We are surprised by the inclusion of VKontakte in this list, as for many years we have been actively interacting with copyright holders in various areas," said the press service of the social network.

According to them, the company signed agreements with the world's largest copyright holders of music products, including Universal Music, Sony Music, and Warner Music, The Orchard, Merlin Network, Believe Digital.

Massive Cyberattack On US Government Exposes Shortcomings, Russia Named Top Suspect

Not long ago, US agencies had confirmed a massive data breach that compromised their networks. The problem persists, and US federals are still grappling to comprehend the extent of the breach. The data breach is linked to a large-scale hacking campaign that the experts have associated with Russia's operations. "The broad Russian espionage attack on the US government and private companies, underway since spring and detected only a few weeks ago, is among the most significant intelligence failures of modern times," reports The New York Times

As of now, various firms are investigating the issue, and a cybersecurity agency Fireye on Wednesday revealed that the malware has a "killswitch" that allows the software to shutdown. However, even if the malware is deactivated, the infected systems can remain susceptible to hackers' attacks. Besides this, currently, US federal agencies are under a lot of pressure to take strict action against Russia. In reality, the officials are still trying to address the exploited vulnerabilities and officially find the threat actor. 

The attack has exposed the vulnerabilities and shortcomings of the US cyber defenses. The news appears at a delicate time when the Biden administration has just taken over the office. President Joe Biden's administration is currently meeting with various agencies to look for options for dealing with this alarming threat. The Biden staff came to know about the massive intrusion on Monday, says DHS and Infrastructure Security Agency. US cybersecurity experts and officials say that the incident should be a warning to both the US government and private sector organizations because foreign actors will keep charging more damage in the future. 

"House and Senate Intelligence Committee aides received a phone briefing on the hack from administration officials on Wednesday, but the full extent of the breach remains unclear, according to sources familiar with the briefing. The Biden transition team was also briefed on the attack this week, an official from the Department of Homeland Security's cyber arm told CNN. The official declined to provide additional details about what was discussed," reports CNN.