Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

The Russian President created a new Department for information security


Russian President Vladimir Putin signed a decree increasing the number of departments of the Ministry of Foreign Affairs of Russia from 41 to 42.  According to the Facebook page of the Department, the new 42nd Department of the Russian Foreign Ministry will deal with international information security, including the fight against the use of information technologies for military-political, terrorist and other criminal purposes.

The decree came into force on December 27, 2019.  The number of employees of the Central office of the Russian Foreign Ministry increased from 3,358 people to 3,391 people. The decree establishes a staff payroll for a year in the amount of 3,521,914.7 thousand rubles ($57,000).

Employees of the Department will have to propose measures to improve legislation to make it easier to cooperate with other countries and international organizations on the topic of information security.

"The main idea of the department is the development of generally accepted rules for conducting a cyber environment and for a collective response to challenges,” said Maria Zakharova, an official representative of the Russian Foreign Ministry.

Earlier, at the end of 2018, the Permanent Representative of Russia in Vienna, Mikhail Ulyanov, announced that a new information security division would appear in the structure of the Ministry of Foreign Affairs. He noted that the decision was made due to the fact that information threats have recently become more relevant.

Recall that on December 28, it became known that the UN General Assembly adopted a resolution proposed by Russia to combat cybercrime.  The US did not support the initiative, considering the document redundant, as there is already an agreement on cybercrime, it's the Budapest Convention

The American side believes that the resolution is beneficial to Russia to create the necessary "type of control over the Internet space."

The Russian Foreign Ministry called the adopted resolution a new page in the history of the fight against cybercrime, stressing that the document actually secured the digital sovereignty of States over their information space.

90% of Russian entrepreneurs faced external cyber threats, says ESET


The antivirus company ESET conducted a comprehensive study on the state of information security in Russian companies, interviewing dozens of IT Directors and business owners.
According to the study, 90% of Russian companies faced external cyber threats and about 50% faced internal ones. Among external cyber threats spam (65%), malware (47%) and encryptors (35%) are leading.

The distribution of malicious software is closely linked to the activity of spammers and phishers who seek to lull the employee's vigilance and force him to follow a malicious link or download a dangerous file. At the same time, many respondents noted that often viruses, Trojans and other malware got on devices because of the human factor - employees used unverified external drives or installed unwanted software.

In addition, 7% of respondents experienced the loss of corporate smartphones, tablets or laptops with confidential information by employees.
It is worth noting that specialists from the CIS often face internal problems of information security. At the same time, Russian companies often had to repel more serious threats: DDoS attacks, phishing, encryptors.

Every fifth Russian company suffered from accidental data leaks due to a lack of knowledge of the security rules for employees working with confidential information. At the same time, Russian IT managers are concerned about the protection of personal data of employees (60%), which is also due to the tightening of the relevant norms of Russian law.

90% of respondents reported that they use anti-virus solutions, 45% control the work with external drives, 26% implement financial protection systems and 28% fight against DDoS attacks. In addition, managers are increasingly turning to third-party companies for audits to ensure information security (15%). At the moment, according to experts, outsourcing security is one of the trends in cybersecurity.

At the end of 2019, 5% of Russian companies are not satisfied with the state of information security and would like to increase the budget. Moreover, with the growth of the number of computers, the level of dissatisfaction and the desire to increase the budget for information security are growing.

In Berlin, Russian and German scientists discussed the danger of smart gadgets


By December 15, on behalf of President Vladimir Putin, the Russian government should prepare a Federal project "Artificial intelligence", which will prescribe tasks and measures to support the development of digital technologies in the country until 2030. Meanwhile, an inter-University conference was held in Berlin with the participation of Moscow specialists, aimed at attracting promising personnel to the Russian Federation for the development of the digital economy.

According to Pavel Izvolsky, the director of the Russian House of Science and Culture in Berlin, such events help to improve relations between Russian and foreign universities and research centers in the field of innovative digital technologies.

Nevertheless, talented students from other countries, even such economically and technologically successful ones as Germany, have a lot to learn in Russia. According to Izvolsky, such simple things for Russians, as paying for Parking from a mobile device or obtaining various certificates through the portal of public services, are not yet available for the Germans.

"In this sense, it's just a Stone Age," stated Izvolsky. The topics discussed were various, from the use of blockchain technologies in the banking sector and the introduction of intelligent transport systems in megacities to ensuring cybersecurity in the everyday sense when it comes to the use of gadgets by children.

The report of the leading content analyst of Kaspersky Lab Andrei Sidenko caused a great response. He talked about how the younger generation spends time on the Web, what threats are most often exposed and how parents react to it. For example, surveys have shown that for the first time children get access to smartphones from the age of three, and by the age of 11-14, 37 percent of young

Russians have personal gadgets. In the same studies, 85 percent of domestic teenagers answer that
they can not do without a mobile phone, and almost all the free time 15-18-year-old schoolchildren spend almost all their free time on the Internet. But every third parent does not know what exactly his child is watching on the Web. Children are in a rather vulnerable position: they share personal data, open "adult content", are subjected to cyberbullying or are involved in communication with dubious persons, and so on.

The discussion on digitalization in Berlin was the next in a series of international inter-University conferences that Rossotrudnichestvo (the Federal Agency for the Commonwealth of Independent States, Compatriots Living Abroad and International Humanitarian Cooperation) has already held in India, Indonesia and Iran. As a result of the past conferences, memorandums of cooperation between Russian and foreign universities were signed.

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

Rostelecom to setup honeypot to deal with hackers


The largest Russian provider of digital services and services Rostelecom offered telecom operators to set traps for hackers - honeypots.

The concept of creating a new cyberattack warning system was presented at a meeting of the Information Security working group as part of the Digital Economy national project.

It is known that we are talking about creating special software that will simulate the vulnerability of the server, seeing which hackers try to hack the network of companies. At this time, the program will record all the actions of the attacker and send them to specialists. Experts of Rostelecom are sure that in this way it will be possible to collect information about new methods of hacking.

Operators must set these traps themselves and exchange data with other companies. At the same time, Rostelecom's concept does not imply state financing of the project, and the company does not specify the cost of the entire system.

According to the head of the Russian research center Kaspersky Lab Yuri Namestnikov, businessmen will incur minor expenses. Basically, the money will be used to select specialists and improve servers and security.

IT-experts call telecom operators one of the most interested users of honeypots.  Positive Technologies expert Dmitry Kasymov said that telecom operator can’t be called secure in principle. "During the conduction security audits, we identify many vulnerabilities that allow attackers to leave subscribers without communication, listen to their conversations and intercept SMS, use communication services at their expense and even bypass the operator's billing systems.

These security flaws are already being exploited by hackers, even for stealing money from Bank accounts," explained he.

So, many Russian mobile operators supported Rostelecom's initiative to create a system of honeypots, as the infrastructure of these telecommunications companies still suffers from cybercriminals.

However, Kaspersky Lab experts warn that misuse of the honeypot concept can be dangerous. If you do not configure this type of system properly, it can become a source of additional threats to the network infrastructure.

Russian banks discovered a new virus to steal money


From this year, hackers began to use new viruses that can enter the bank’s application on a mobile device and withdraw money from the victim’s account. Two Russian banks have already reported on this type of fraud.

Hackers use a new type of attack for the Android operating system. Fraudsters disguise viruses as applications or distribute them as links. After downloading and installing such a file, the virus begins to perform its functions without the user's knowledge. The programs are able to automatically transfer money from the victim's account to cybercriminals through the available mobile banking application.
Group-IB specialists first discovered such an attack in the spring of 2019. Then the new mobile Trojan Gustuff was modified, which appeared in December 2018 and created by a Russian-speaking hacker. This type of virus, experts noted, threatened only 100 foreign banks.

A new type of Trojan attacked at least two Russian banks in 2019 - Moscow Credit Bank and Post Bank. Representatives of the first noted that there are few cases of theft. The second confirmed one-time problems and talked about preventing fraud.

"From July 2018 to June 2019, hackers were able to steal 110 million rubles (1,7 million $) with the help of Trojans for Android," reported Group-IB.
However, compared to the same period last year, the indicator fell by 43%. It is reported that now hackers have mainly switched to the international market and only in rare cases continue to modify the application to attack the Russians.

According to the representative of Group-IB, the activity of Trojans in Russia decreased after the detention of the owners of the largest Android botnets, as a result of which hackers switched to the international market.

"However, some attackers modify applications and sell Trojans for subsequent attacks on users in Russia. This is a rare practice."

Earlier, the head of the Computer Security Association, Roman Romachev, said that data leaks will continue until banks become responsible for this.

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

The data of Alfa-Bank's clients is sold on the black market


The data of Alfa-Bank credit card holders, as well as Alfa Insurance customers came up for sale in the Darknet. The bank confirmed the leak saying that it affects a few customers and does not pose a threat to the money in the accounts.

Seller who published the ad on a hacker forum said that he has up-to-date data on about 3,500 Alfa-Bank customers and about 3,000 Alfa Insurance customers. The ad was published on October 31, the seller registered there on the same day.

To verify the data, the seller suggested to look at 23 contracts. They contained the full name, mobile phone number, passport data, registration address, the amount of credit limit or issued insurance, the subject of insurance, as well as the date of conclusion of the contract. According to the seller, all contracts of Alfa-Bank are issued in October.

When the investigator tried to transfer money by phone number, in 11 of the 13 credit card contracts, the names and first letters of the surnames matched. Also he phoned up nine customers, most of them confirmed that they had recently issued a credit card at Alfa Bank. Fraudsters have already managed to make a call to one of the clients, after which he blocked the card.

Alfa-Bank confirmed the leak. "At the moment, it is reliably known about the illegal distribution of personal data of 15 clients. The occurrence of this situation is not the result of a violation of the protection of the corporate information system of the Bank, " - said the representative of the Bank.

According to him, the leak does not pose a threat to customer accounts, as it does not have data to access them.

Indeed, the contracts do not contain card numbers and CVV-codes, so fraudsters will not be able to get direct access to the money. However, they can use the information to call a customer under the guise of a Bank and find out the necessary information to steal money.
Alfa Insurance has introduced additional security measures and is investigating the publication of customer data.

Recall, in early October Sberbank confirmed of credit card accounts, which affects at least 200 customers of the Bank. It was announced that 60 million credit cards were in the public domain.

The Ministry of Internal Affairs of Russia to create a Department to combat crimes in the IT-sphere


The Ministry of Internal Affairs will have units to combat crimes committed using IT-technologies. Units will be formed without increasing the staff.

This decision was made by Vladimir Kolokoltsev, the Minister of Internal Affairs of the Russian Federation, at a meeting of the Collegium of the Ministry of Internal Affairs of Russia, which was held as a video conference with all regions of the country. The meeting was attended by representatives of the Central Bank of the Russian Federation, the Ministry of Finance, Roskomnadzor, Rosfinmonitoring and a number of leading financial institutions.

The purpose of the creation of such units is to increase the efficiency of the prevention and suppression of crimes in the IT-sphere, as well as improving the skills and training of the most trained employees in identifying, revealing and investigating crimes committed using information and telecommunication technologies.

According to the Ministry of Internal Affairs, every seventh crime in Russia is committed in the field of IT-technologies. Law enforcement agencies in recent years have noted an increase in the number of crimes committed using the Internet, including fraud, drug distribution, theft of funds and other crimes.

At the moment, Vladimir Kolokoltsev instructed the heads of operational headquarters to prepare documents that will determine the structure, powers and functions of the new units to combat cybercrime.

Currently, the Office “K” of the Ministry of Internal Affairs is engaged in crimes in the field of information technology. In particular, the employees of this Department are engaged in the fight against illegal trafficking in electronic equipment and special technical equipment.

Earlier, E Hacking News reported that the Ministry of Internal Affairs will create a portal for complaints against hackers. The resource will be continuously and automatically collect data about the threats.

How the Internet isolation law will change the life of Russian business


On November 1, the law on the isolation of the Runet came into force. Some companies spend millions to switch to Russian servers and local social networks, while others completely shut down business in the country.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

According to Alexandra Kurdyumova, senior partner at Versus.legal law firm, we are talking about devices and software that works on the principle of DPI (deep packet inspection). The technology monitors not only where the traffic is going, but also analyzes its contents.

"If something seems suspicious to Roskomnadzor, it will be able to disable the malicious resource without the participation of Telecom operators," explains Kurdyumova.

New features of the regulator alerted the entire network business. If the company's website runs on a foreign server (for example, Amazon), uses Google Analytics for data analysis or conducts sales via Instagram or other foreign social networks, it risks losing access to usual tools, if Roskomnadzor wants it.

“I see a lot of risks in the law on the isolation of the Runet. Therefore, within six months we will transport employees to the United States and Poland. About 10% of employees will remain in Russia so far to support current customers”, said Roman Kumar Vyas, founder of the marketing Agency Qmarketing and co-owner of the cleaning service Qlean.

According to Albert Oskanov, co-founder and CEO of Oskelly clothing marketplace, the authors of the bill do not quite understand what they are going to do, do not realize the consequences. Their actions can lead to serious disruptions in the work of some Russian companies.

Sergey Demin, IT Director of IT outsourcing company G-Support, believes that the centralization of the network infrastructure does not make it more stable, but bites it. A very easy target appears for hackers. As a result, users will migrate to the Darknet and there will be constant attacks on the IT infrastructure of regulatory authorities.

Russian Companies infected by a virus masquerading as accounting documents


In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection their computers to the botnet. Check Point company claims that 15.3% of Russian Internet users received such letters only in a month.

According to Check Point, the Pony malware has been activated since the beginning of the business season, in September, and was in second place on the list of the most active malware by the end of the month.

The company said that Pony was distributed via email through malicious EXE files simulating accounting requests. Topics and titles of such letters were called something like this: "Closing documents Tuesday" and "Documents September". Pony is able to steal user credentials, monitor system and network operations, install additional malware and turn devices into a botnet.

Specialists of Rostelecom-Solar recorded in September phishing emails with similar titles, confirms Igor Zalevsky, the head of the Solar JSOC incident investigation department.

"The simplest and most effective defense against such attacks is content filtering on the mail gateway. It is necessary to stop sending executable files of any format by e-mail," emphasizes Mr. Zalevsky.

Attacks like Pony are standard practice, said Vladimir Ulyanov, the head of the Zecurion analytical center. According to him, such malware is easier to monetize because accountants work with important data, but are not always well aware of information security risks.

"All companies work with closing documents, but not all employees know what these documents look like," explains Mr. Ulyanov.

The expert is sure that it is necessary to deal with such attacks and raising staff awareness.

Pony belongs to spyware, and it is included in the top 3 types of malicious software used by cybercriminals. So, according to the rating, Cryptoloot is in the first place in the top of the most aggressive malware in Russia, which uses other people's computers and their resources for mining cryptocurrencies. The XMRig malware is in third place, which is also used for mining.

Credit histories of a million Russians were in the public domain


The microfinance company’s database with passport data, phone numbers and residential addresses was made publicly available.

Credit histories of more than 1 million Russians with data of mobile operators obtained from the Bureau of Credit Histories (BKI) were in the public domain since the end of August. Independent cybersecurity researcher Bob Dyachenko first discovered this data on October 10. According to him, he reported a problem to the BKI, after which the database was closed.

However, it is not known whether anyone had time to download the publicly available information. As Dyachenko noted, specialized search engines indexed it on August 28.

According to media reports, the database could belong to GreenMoney microfinance company, which gave the online loans. It contains passport data of borrowers, other documents, addresses of registration and actual place of residence, phone numbers, information about loans.

GreenMoney CEO Andrei Lutsyk said that an audit is being carried out on what happened. According to him, the company complies with all requirements for the storage and processing of personal data provided by law.

Information security expert Vitaliy Vekhov noted that any leak of personal data carries risks for its owners. In this case, he believes, it is important to understand exactly what information appeared on the Internet.

"For example, passport data alone do not carry anything. According to a photocopy of the passport, as you know, nothing can be issued. If we are talking about the data of Bank cards, they can be used only if there is a CVV code, and it is not in the data of credit histories," the expert explained.

According to Vekhov, at the same time attackers can freely use any data with the help of certain resources.

It is interesting to note that the company GreenMoney in mid-September was deleted from the register of the Monetary Financial Institutions (MFIs) for numerous violations.

The data of almost 9 million customers of Russian mobile operator Beeline was in the public domain


The database of 8.7 million former and current Beeline mobile customers was in the public domain. The test showed that the data is relevant. This database contains data of customers who connected Beeline home Internet. According to the press service of the mobile operator reported that the data leak was recorded in 2017, and the perpetrators were identified. Beeline assured that now most of the information is outdated data.

According to experts, the information in the database is enough for attacks using social engineering methods, and there are still no ways to deal with fraudsters of this kind.

According to the Beeline press service, the company immediately established an operational headquarters to investigate the situation.

"Part of the information in the distributed archive does contain the data of the subscriber base of customers, however, a significant part of the information is outdated and irrelevant," the company said.

They also noted that Beeline’s customer base at the end of the second quarter of 2019 was 2.5 million subscribers, and not eight million, as attackers say.

The company assured that they are making every effort to ensure that this does not happen again.

"We appealed to all file-sharing resources where information about customers was posted. Many of them immediately agreed to remove it," Beeline said.

It is noted that the criminals are trying to re-publish the data, which indicates their desire to discredit the company.

"Our security service is investigating this incident, we will be grateful for any information that will help this work, both from our customers and from colleagues in the market," the press service said.

It also reported that the company is working closely with the competent authorities and agencies to prevent the disclosure of personal data not only of its customers, but also customers of all Telecom operators.

The company assures that outsiders do not have the opportunity to carry out transactions with the accounts and tariffs of their customers.

Russia planning to introduce tax on cryptocurrencies


The Russian Banking Community has found a way to legalise cryptocurrencies. To do this, it is necessary to legally recognise the mining of digital money as an analogy of the occupation of property or treasure.

"Legally, it could be argued that the first owner of the cryptocurrency "found them", because the receipt from an anonymous system can be conditionally considered a finding,”— EhakingNews quoted the ARB report on «The Concept of Decentralized Cryptocurrency Turnover». Discussion of this document is scheduled for 8 October.

However, the acquirer of digital money does not just seize or find them as a ready-made object. Cryptocurrency arises as a result of mining, that is, human activity. In fact, he creates it himself, explained Anatoly Kozlachkov, the author of the report, Vice-President of ARB.

Based on this, cryptocurrency can be introduced into Russian law as “newly created” (includes property independently produced by a citizen).

Then it can be used in barter transactions and taxed, said Anatoly Kozlachkov.

This is a fair approach, said Andrey Ermolaev, partner of KPMG. According to him, it is impossible to equate cryptocurrencies with ordinary money because it is an investment, and the growth of the value of the paper is always considered as a taxable base.

According to a legal expert Elena Avakyan, an example is a German model involving the payment of tax in the cryptocurrency in which the income is received.

Yuri Brisov, founder of LFCS (Legal Support), called the ARB proposal "the biggest mistake in the list of initiatives of all the time".

"Cryptocurrency received as a result of mining is a payment of remuneration, but not a finding," explained Brisov.

Synergy Research Group Deputy Director-General for Legal Issues and Technologies, Peter Lyalin, also sharply criticized the proposal of the Association of Russian Banks (ARB). He proposed to equate mining to the production of goods, as is practiced, for example, in Australia and Canada.

"I consider the initiative unworked and superficial. It seems that such a proposal was made without taking into account the specifics of the mining as a cryptocurrency mining activity," the expert suggested.

Experts agreed that the initiative of the Association of Russian Banks (ARB) requires further refinement.

Roskomnadzor began the installation of equipment for the isolation of the Russian Internet (Runet)


The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roscomnadzor) started testing the equipment for implementation of the law on the isolation of Runet. The pilot project is planned to be completed by mid-October.

According to the head of Roskomnadzor Alexander Zharov, all major mobile operators in Russia have joined the Roskomnadzor project for testing the equipment and now the equipment is being installed.

Zharov said that the experiment will be carried out on the equipment of the manufacturer that has already passed all the tests. Now there is an experiment with two more manufacturers, he added. According to Zharov, among them is company RDP.ru. It is interesting to note that the development of the company RDP.ru was recognized as the most effective in the tests of blocking the Telegram messenger.

"We will be testing it for several weeks from the end of September," Zharov said. According to him, the experiment will not be conducted in all of Russia, but testing will take place in one of the regions. The name of the region was not disclosed.

The head of the Service said that they would tell about the results of the experiment in mid-October, but so far he cannot disclose all the details.

"My reluctance to speak is due solely to information security issues," he stressed.
Also, during the conversation with journalists Zharov said that the creation of a Center for monitoring and managing a public communications network is proceeding as planned.

In November, the law on the isolation of the Runet, adopted in the spring, will come into force. According to the document, Roskomnadzor will be able to control all data transmission points abroad and traffic routing using special equipment. Although the law will enter into force in November, Roskomnadzor began to prepare in advance the rules for its application.

Recall that on May 1, Vladimir Putin signed a law on the isolation of the Runet. According to this law, Roskomnadzor assumes all the authority for managing networks in case of threats to the Russian Internet. In addition, Roskomnadzor has the right to directly block websites with prohibited information.

The Kremlin called the document a precautionary measure. Federation Council speaker Valentina Matvienko stressed that the authorities do not intend to restrict Internet access to Russians.
The Ministry of Сommunications has identified a list of threats in which the Runet can go into a centralized control mode. In particular, when there are threats to integrity (when it is impossible to establish a connection between users), stability (when part of the equipment fails or natural or man-made disasters occur) and security (when someone tries to break into the equipment of providers or has a “destabilizing internal or external information impact” on communication network).

Russian hacker accused the ex-employee of Kaspersky Lab of forced hacking


Hacker, who has been in the pretrial detention center for the fifth year, made a statement to the head of the Investigative Committee of Russia. He insists that his case was fabricated with the participation of a Kaspersky Lab convicted of high treason along with FSB officers.

Russian hacker Dmitry Popelysh, accused of stealing money from the accounts of Sberbank and VTB together with his twin brother Eugene, said that he sent a complaint to the head of the Russian Investigative Committee. According to the hacker, the criminal case against him and his twin brother was fabricated.

The hacker said that ex-employee of Kaspersky Lab Stoyanov blackmailed and threatened him. Later, he demanded that brothers Popelysh provide technical support to some servers.

It is reported that mentions of an unknown employee who forced the hackers to commit hacks is in the surrender of Popelysh for 2015. However, this information was not verified by the investigation.

Previously, Stoyanov was the head of the computer incident investigation Department at Kaspersky Lab. He also participated in the examination of case of Popelysh.

The representative of Kaspersky Lab told that the company is not aware of Dmitry Popelysh’s appeal to the Investigative Committee.

Recall that in 2012 the brothers Popelysh were convicted of embezzlement of 13 million rubles from customers of banks. In 2015, they were again detained and accused of creating and actively using malware. According to the case, the men stole about 12.5 million rubles ($195,000) in two years. In the summer of 2018, they were sentenced to eight years. In 2019, the sentence was canceled in connection with "violations committed during the preliminary investigation." In total, they have been detained for four years and four months.

It is interesting to note that Dmitry Popelysh is already the second Russian hacker who publicly stated that experts investigating his criminal case forced him to commit hacks. Konstantin Kozlovsky, who has been in a pretrial detention center since May 2016 on charges of organizing a hacker group Lurk, claimed that he was recruited by FSB in 2008 and done various cyber attacks for a long time. He also mentioned that his supervisor was FSB major Dmitry Dokuchaev.

Putin's spokesman acknowledged the security of communications on Telegram


Communicate on Telegram is safer than on WhatsApp, said Dmitry Peskov, the special representative of the President of the Russian Federation on digital and technological development.

Recall that on September 16, Edward Snowden, a former employee of the US National Security Agency (NSA), who was granted asylum in Russia, said in an interview with a French radio station that senior officials should not use the WhatsApp messenger due to the low level of encryption. However, he added, both WhatsApp and Telegram are better than SMS or other unencrypted messages.

According to Peskov, Telegram messenger is superior to WhatsApp in terms of security, although there are no means of communication that guarantee absolute security.

"Absolutely safe means of communication does not exist. Until we made a quantum messenger, there are no safe means, " Peskov said.

Peskov also said that there is no ready-made solution for the domestic messenger for civil servants in Russia, however, there is a sense in such an application, and it will be useful.

"If we understand the physical possibility, then, of course, we will create messengers based on quantum technologies for civil servants in the Russian Federation. But for now, this is too long a story," Peskov added.

Peskov noted that at the present time Mail.ru and Sberbank are working on the creation of the Russian messenger. According to Peskov, "there are some serious developments of the domestic messengers: much work is being done in the company Mail.ru and there is a big project in Sberbank. I have not seen a solution that would be ready for implementation now."

"But, choosing between using the WhatsApp solution and using the Telegram solution, the choice of the Telegram solution from the point of view of communication security is completely obvious," said the special representative of the President of the Russian Federation.

He added that he uses both messengers.

The Central Bank of Russia will fine banks for weak cyber defense


On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense.  By the end of the year, the Central Bank will launch a new feature for credit institutions, it will be the risk profile on the level of information security.

This indicator, according to Artem Sychev, the first Deputy Director of the Information Security Department of the Bank of Russia, will show the likelihood of problems for the Bank due to non-compliance with cybersecurity standards.

The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack. In addition, the risk profile will be taken into account in assessing the economic situation of the bank along with the amount of capital, profitability, liquidity, quality of management, etc.

Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks.

The calculation of the risk profile will allow us to evaluate how the bank’s management responds to emerging cyber threats, the Central Bank added.

A financial institution that receives a low-risk profile will have consequences ranging from enhanced supervision to penalties. Moreover, this will affect the loan terms at the interbank market.

Sychev stressed that the Bank of Russia sees a connection between the way the Bank relates to information security issues and its financial stability.

Nobody before in the Russian Federation or in other countries has determined such indicators that help the regulator (the Central Bank) to form an opinion about the situation, whether it achieves the goals of the regulation or not from the point of view of information security,” Sychev explained.

It is worth noting that on September 12, the Bank of Russia recorded a “rather serious” cyber attack on Russian banks from Brazil, said Artem Sychev.

According to him, it was a BIN-attack, in which bank card numbers are generated using a special program.

Sychev noted that the direct interaction of each of the attacked banks separately with the representative of Brazil did not give results. The attacks stopped only after the interaction of the Central Bank with the Brazilian regulator.

Russia suspects Western countries interfered with Internet resources of Russian government agencies


Russia suspects that the Western countries have interfered with the work of Russian government agencies websites, said Russian Foreign Minister Sergei Lavrov, speaking to students and faculty of Moscow State Institute of International Relations and to the Diplomatic Academy of the Ministry of Foreign Affairs. He also confirmed that the topic of information security over the past couple of years has become quite popular.

In addition, Lavrov recalled that Russia was repeatedly accused of hacking American Internet resources. The US authorities are convinced that the Kremlin interfered in the 2016 US presidential election.

According to the Russian Minister, the accusations against Moscow “have not been convincingly confirmed.” Nevertheless, the myth of Russian intervention "continues to spread through the American and Western media and some Western politicians continue to raise this topic."

“We also have a reason, and more serious, to suspect that our Western colleagues are paying increased attention to our Internet resources. And this happened more than once. Representatives of the Central Bank of Russia, Sberbank and other government agencies also spoke about this.” But Lavrov did not give examples of alleged Western intervention.

Recall, the State Duma has prepared a mirror response to accusations of alleged Russian interference in the electoral process in the United States. In August, speaker Vyacheslav Volodin announced the creation of a parliamentary Commission to investigate the facts of foreign interference in the internal Affairs of the Russian Federation. Deputies found two examples of “cynical interference”, these are tweets of Deutsche Welle and the US State Department, which the Foreign Ministry considered calls to participate in unauthorized actions in Moscow. However, Mr. Volodin promised to present other "materials", mentioning, in particular," manuals", which allegedly "were distributed by employees of foreign embassies."

An expert in International Relations doubts that the West will listen to Russian statements about intervention, as Russia does not accept similar accusations of the West.

Ivan Timofeev, the Director of the Russian Council on Foreign Affairs, suggests that in the end there will be people in the West who will say: "Look, Russia is creating the scandal out of nothing. Surely they do it to distract attention from their own interference in other people's elections.”

Russia developed a new protected computer “Elbrus 801M”


Russian developers from the concern "Avtomatika", part of the Russian State Corporation" Rostec", presented a new high-performance monoblock computer “Elbrus 801M” at the XIV International Aviation and Space Show (MAKS)-2019.

According to the developers, “Elbrus 801M” meets all the usual requirements for a modern office computer, but at the same time, this machine is superior to foreign analogs in terms of cybersecurity.

As the developer’s representative explained, the new computer is protected from most hacking methods known today.

According to Rostec, the main users of this monoblock will be government agencies, as well as companies from the defense sector, oil, energy and transport industries.

According to experts, new monoblock “Elbrus 801М” will be in demand by users due to the high level of performance, cyber security and ergonomic characteristics. Experts said that the performance of the monoblock exceeds 120 GFlops. It is noted that the monoblock was created on the basis of the Russian eight-core Central microprocessor “Elbrus-8”.

“We are already ready to take orders for the production of such computers. Our monoblocks based on Russian-made processors are interested in those who need computer equipment with domestic processors, with a high level of protection against cyber attacks,” - said the developer’s Assistant, Konstantin Trushkin.

According to him, the development of the monoblock cost ten times cheaper than foreign industry leaders.

It’s important to note that the motherboard, processor, peripheral controller of the computer are created in Russia. Domestic software is also used: BIOS and Russian-made operating system Elbrus Linux. It is known that “Elbrus 801M” is compatible with 32-bit operating systems, such as Microsoft Windows.

“Most of the known hacker methods of hacking against “Elbrus” do not work. The original command system of monoblock requires the creation of new viruses, which today simply does not exist, they have not yet been developed,” said Trushkin.

By 2020, it is planned to sell several thousand pieces of equipment. In addition, in 2020, an improved “Elbrus” model with a next-generation processor should appear.