Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Cybersecurity experts warned of a possible attack on Russian accounts in May

DeviceLock, a company engaged in the fight against data leaks, warned of the preparation of an attack on the accounts of Russians during the May holidays due to the sale of access to the switch of one of the mobile operators on the Darknet. 

In particular, it is reported that in early March a proposal appeared on the Darknet to sell access to the switch of one of the mobile operators, the connection to which allows to intercept control over the SS7 signaling system, which controls the traffic of mobile operators.

The experts said that they were asking $30,000 for access to the switch, so the purchase only makes sense if the hacker attack is being prepared on a large scale, capable of recouping the expense.

"Since attackers usually need from two weeks to a month to prepare an attack of this type, it can be timed to May holidays, when most Russians will loosen control over their accounts and other financial assets," summarized Olesya Yarmolenko, general director of Smart Line Inc (DeviceLock systems manufacturer).

According to her, this operator most likely has a cooperation agreement with one or more Russian cellular service providers. At the same time, according to DeviceLock data, in early April access to the switch could have reached the buyer from the CIS countries, and due to the active spread of online banking and relatively high account balances, Russia has always been the most desirable target for fraudsters on the Internet.

Sergey Nenakhov, head of the information security audit department at Infosecurity a Softline company, explained that the clients should switch the two-factor protection of critical services to push notifications instead of SMS, and also use special authenticator applications which generate one-time codes directly on the device itself.

It is also specified that VTB is aware of the risks of attacks on citizens through interception of messages, but the bank assured that the adopted set of technical measures does not allow attackers to use the technology to gain access to the clients' funds.

At the same time, representatives of mobile operators did not respond to inquiries about the risks of attacks through the SS7 standard.

Cyber Criminals began to use a new scheme to defraud Russians

The classic scheme to defraud Russian bank clients with the help of malicious emails is experiencing a second birth. Now the scammers, presenting themselves as Yandex.Money operators, demand to transfer funds to a bitcoin wallet under the threat of publishing compromising videos.

They are relying primarily on the fact that the potential victim will react to a familiar brand: the letters are sent from the email address Yandex.Money electronic payment service, which belongs to Sberbank, changed its name to YooMoney last year.

In the letter, the attacker, who calls himself a programmer, claims that he managed to hack into the user's computer and gain full access to it and related devices, including the camera. According to the scammer, he managed to make an intimate video of the victim, and if he doesn't get what he wants, he will send the video to his entire contact list.

"Transfer $650 to my bitcoin wallet. My bitcoin wallet (BTC Wallet): bc1qpg0uv2dcsjvpe9k2y7knxpzfdqu26tvydeu4pf. After receiving payment, I will delete the video and you will never hear from me again. I give you 50 hours (over two days) to pay. I have a notification of reading this email and a timer will go off when you see this email," the scammer intimidates the victim.

YooMoney's press office said they are aware of this technique by the scammers and have already taken appropriate action. "The information is sent from a domain that we no longer own. Yesterday we received information about this and passed it on to the domain owner's security service," the service stated.

Extortion of this kind is quite well known and has a long history, explained the agency executive director of the Association of participants in the market of electronic money and remittances Pavel Shust. Such messages can be sent in the thousands, hoping that someone will believe the threats and transfer money after all. The expert explained that in reality, of course, no one has hacked the computer and has no compromising materials, this letter should simply be deleted and forgotten about it.

Russia has created a new data transmission device with protection against cyber threats

It is the first SD-WAN-class development that supports Russian encryption algorithms and is included in the Russian software registry.

Sberbank's press service reports that the technology can allow state institutions and companies of any industry to build a corporate network in minutes, provide a stable connection to regional branches and home offices and protect the data transmitted between them. A single device replaces multiple types of network equipment and includes automatic use of various information security features.

The development consists of two parts: the hardware, which is installed in the offices of the enterprise, and the cloud, where the hardware is managed. The solution can reduce the cost of deploying and maintaining the network by about 2.5 times, as well as reduce the cost of personnel, local installation and manual configuration of each device separately.

"In fact, we have created a universal platform for organizations that combines many network devices at once, including information security tools. BI.ZONE Secure SD-WAN requires no special skills, any employee can connect it to the company's network in a few minutes, and its cost is almost three times cheaper than traditional solutions. Thanks to the cryptographic protection the development is suitable for government agencies, banks and other organizations that work with confidential and personal data or payment information," said Director of Managed Services Unit at BI.ZONE.

The new development is included in the register of Russian software, so it is suitable for organizations that adhere to the import substitution policy. Also, for some organizations, the opportunity to work on a service model with outsourcing of network security management tasks will be an advantage.

Russia's Central Bank has warned of hackers targeting banks' mobile apps

 The Central Bank of Russia has warned of the emergence of a group of hackers investigating vulnerabilities in banks' mobile applications.

The Bank of Russia has detected a shift in hackers' attention from the banking infrastructure to customers' financial mobile applications in order to steal data or money from their accounts. The regulator suggests that a highly skilled hacker group has emerged in the financial market specializing in the deep analysis of mobile applications in order to detect and exploit weaknesses and vulnerabilities.

The survey is based on information exchange between the Central Bank and financial market participants. 818 organizations, including 365 banks, are currently included to it.

"The data available to the Bank of Russia suggests the emergence of at least one group of attackers focused on the skilled hacking of financial mobile applications," the survey said.

The Central Bank cited two examples in which cybercriminals discovered vulnerabilities in mobile apps and used them for hacking. As a result, in the first case, a server containing files with the personal data of a bank's customers - more than 100,000 lines - was published on the Web: Name, gender, mobile phone number, email address, place of work, account and bank card number, account type, currency. In the second case, the hackers managed to steal money by logging into the bank's mobile app and, when making a transfer, substituting their account number with that of another bank customer, who became the victim.

"These two examples are not the only cases of attacks on mobile applications of financial institutions that have occurred recently," the review specifies. In this regard, the Central Bank has recommended banks to strengthen the protection of mobile components of remote service systems.

A Russian IT expert said that home appliances threaten the security

In the last decade, a promising trend - the Internet of Things - has been actively developing in the world. Atypical functionality appears in many devices. Refrigerators are equipped with screens, kettles get Internet connection modules, and TVs get cameras. This is not a complete list of the symbioses that are formed in the modern world of technology, said partner and director of IQReserve Pavel Myasoedov.

According to the expert, this trend is clearly aimed at improving the quality of life, but along with it a number of cyber-threats emerge.

Devices are controlled by voice, receive our images and send all data to remote servers, where calculations take place, for example, to control the brightness of a smart light bulb or display a recipe on the refrigerator screen.

"At that time, there is a risk that the user's information or biometric data will be intercepted in the transmission process, or the server will be attacked by hackers. From this data, an attacker can learn a lot about a person. But this is not the biggest risk that smart home appliances bring to our world," noted Mr. Myasoedov.

Doorbells, cameras and microphones connected to the Internet allow us to monitor our actions from anywhere in the world in real-time. Switching on smart lights in different rooms will inform us about the person's movements in the apartment, while a sensor on the door will tell us when the person has left it. In some cases, the room can even be locked from the outside, creating a serious threat to life and health.

All this can let your partner know how and with whom you spend your time, and the thief will know the most appropriate moment to break into the apartment.

"Progress in terms of protecting devices from unauthorized access, of course, does not stand still. But today the Internet of Things is lagging far behind in terms of security. Neither manufacturers nor third-party companies offer sufficiently reliable anti-viruses and protection systems. So while smart technology is still developing, you have to be careful not to rely entirely on household appliances and not to load too much information into them," warned the expert.

Experts have found vulnerabilities in thousands of surveillance cameras in Russia

 More than 6,000 surveillance cameras in Russia are open to the public, some of them are located at industrial enterprises and critical infrastructure facilities

According to Avast, an IT security software company, more than 6.3 thousand CCTV cameras in Russia can be accessed by anyone: they have open IP addresses, making them accessible to cybercriminals.

Some of these cameras are located at critical infrastructure facilities and industrial enterprises. "The system of most of these cameras can be accessed without a username and password, or the password is set by default," explained Avast. These cameras can be used to set up an illegal video surveillance system. Another threat is that their IP addresses could be used by cybercriminals to gain access to the networks of companies or businesses. Cameras in banks that are open to the public threaten to leak credit card and passport data.

Experts noted that data from cameras, for example, can be a source of information about a person's movements. For example, an attacker could map a person's movements around the city. In case, of course, that the quality from the cameras allows a specific person to be recognized.

According to them, too little attention is usually paid to the security of the cameras. "Default ports and passwords and the use of the cheapest Chinese devices with insecure firmware are the norm rather than the exception," stated the experts.

Avast cites data from the Internet of Things search engine, which monitors vulnerable IP addresses. According to, Russia has the fifth-highest number of open IP surveillance cameras, behind Vietnam, Taiwan, South Korea and the US.

TelecomDaily analysts estimate that in terms of the total number of installed video surveillance cameras, Russia is in third place in the world with 13.5 million, or 93.2 units for every thousand people. Only China and the US have more cameras.

Russian military-industrial complex announced a ban on the use of WhatsApp and Zoom for work

Business communication between defense industry employees in WhatsApp, Skype and Zoom has become stricter suppressed by the management

A source in the military-industrial complex (MIC) said that all corporate and working chats of employees of the Rostec State Corporation and its subsidiary holdings and companies are to be transferred from WhatsApp to another messenger in the near future.

According to him, this decision was made due to the fact that the management of the messenger WhatsApp announced changes in the privacy policy and the transfer of additional personal data of users to Facebook. "At the same time, employees of the state corporation and its enterprises will still be allowed to have WhatsApp on their personal phones for personal communication," added the source.

A second source in the military-industrial complex said that the ban on the use of foreign applications for work purposes by employees of the MIC has always existed, but not all employees paid due attention to it. "Both now and before, it was simply impossible to install WhatsApp or Skype on a work computer. But to speed up communication processes and their own convenience, many employees unauthorizedly used Zoom, Skype and so on," explained he.

Rostec confirmed that there are restrictions on the use of foreign applications such as Zoom, Skype, WhatsApp, etc., specifying that these applications are prohibited to be installed on corporate laptops and computers.

Instead, it is proposed to use domestic solutions, including Rostec's own developments. "In particular, throughout the pandemic, online meetings were held on the IVA platform," said Rostec.

The personal equipment of employees are not affected by these restrictions, the press service of the state corporation clarified, assuring that they have nothing to do with the new policy of WhatsApp: "The risks did not arise now, they have always existed, and we were obliged to mitigate them."

Rostec is a major industrial company that operates in the defense sector and develops high-tech civilian areas - in aviation, engine construction, electronics, medicine, pharmaceuticals and other areas. "This dictates very serious requirements to information security", summed up the press service of the state corporation.

Kremlin concerned about the report of possible US cyber attacks

The New York Times previously reported that the United States plans to carry out cyber attacks on the internal systems of the Russian authorities within the next three weeks

Russian presidential spokesman Dmitry Peskov said that Moscow is concerned about the report of possible cyber attacks by the United States. He also called the accusations of the US State Department of Russia spreading misinformation about foreign vaccines absurd.

Mr. Peskov commented on The New York Times report on the impending cyberattacks on the internal systems of the Russian authorities in response to the attack on SolarWinds. A Kremlin spokesman called it "alarming information" that appeared in a "fairly reputable American publication."

Dmitry Peskov said that "this is nothing but international cybercrime." "Of course, the fact that the publication admits the possibility that the American state may be involved in this cybercrime is a reason for our extreme concern," Mr. Peskov told reporters during a press call.

He also commented on the statement of the official representative of the US State Department, Ned Price, that four Russian online platforms run by the Russian intelligence services spread misinformation about vaccines approved in the United States. "We do not understand the reasons for such statements. We will continue to patiently explain that such reports are completely absurd," said Dmitry Peskov. "We have always been against politicizing any issues related to the vaccine in any way," added the Kremlin spokesman.

Mr. Peskov also said that the Russian vaccine "Sputnik V" is constantly criticized without any serious grounds. “The Russian vaccine is criticized on a daily basis with an attempt to pretend to be objective or without any attempts to pretend to be objective - just sweeping criticism. We've always been against it. The Russian Federation has not participated and is not going to participate in such an information campaign against any other vaccines," stated Dmitry Peskov.

Recall that on Sunday, The New York Times, citing sources in the US administration, reported that the US plans to carry out a series of cyberattacks on the internal systems of the Russian authorities over the next three weeks in response to an attributed hacker attack through SolarWinds software.

Data from the Russian cybercriminal forum Maza (Mazafaka) leaked to the network

Attackers hacked the Russian-language forum Maza, which was used by the hacker "elite". According to experts, competitors or an anti-hacker group may be behind the hacking

The forum of elite Russian-speaking hackers Maza was hacked in February, as a result of the attack, the data of more than 2 thousand cybercriminals were freely available.

This is a community of cybercriminals and financial fraudsters, many of whom began their criminal activities in the mid-1990s.

According to the US cybersecurity company Flashpoint Intel, the forum was hacked on February 18. As a result, "usernames, passwords, e-mails of users and alternative ways of communicating with them, such as contacts in ICQ, Skype, Yahoo and Msn," leaked to the network.

The message about the hacking of the site appeared on the forum itself, and it was translated into Russian with the help of an online translator. Experts believe that this is either proof that the forum was hacked by non-Russian-speaking criminals, or it may be an attempt by attackers to "send analysts on a wild goose chase."

The experts suggest that anti-hacker groups or so-called white hackers working on behalf of the authorities may be behind the cyberattack on Maza. The forum could also be hacked by competitors.

Mikhail Kondrashin, Technical Director of Trend Micro Russia and the CIS, notes that Maza was already hacked ten years ago.

"But this has not shaken the stronghold of the cybercrime underground," said the expert.

According to him, the data from this forum is "invaluable information" for law enforcement agencies, and with the proper operational application, this information can help reduce the overall level of cyber threats in the world.

According to Ilya Tikhonov, an expert of the information security department of Softline, the data obtained can be very valuable for combating cyber attacks, even if there was no hacker software on the forum.

"The correspondence and user credentials will also be useful," added he.

At the same time, the founder of the DLBI data leak intelligence service, Ashot Hovhannisyan, doubts that such a leak will affect the fate of hackers. In his opinion, the disclosure of email addresses on the forum is not proof that they participated in illegal activities.

At the same time, Hovhannisyan noted that usually hacker forums are hacked by competitors. Hacking Maza, in his opinion, could be a warning to the owners of the forum from competitors.

Other experts suggested that, most likely, the reason for the attack was personal or financial interest. It is possible that some of the participants were insulted or someone has underpaid the money promised from the fraudulent scheme.

FacePay fare payment system to launch in Moscow metro by the end of the year

"In the Moscow metro, by the end of 2021, we plan to launch contactless fare payment for travel through a face recognition system", said deputy head of the metro Andrey Kichigin. This payment method will be available at the turnstiles and at the ticket offices. This feature is currently being tested.

According to him, to pay for the fare, you only need to go to the camera, and it counts the face of the passenger, even in a mask. Similar systems have proven themselves in London, Singapore and Dubai.

"First of all, the facial recognition system ensures the safety of trips. We all want to live and move around in a safe city and provide our passengers with the highest level of security," added Kichigin.

According to the deputy head of the metro, the facial recognition system does not know any surnames, names, or other personal data.

The information is stored in a data center that only law enforcement agencies have access to. The protection is reliable, the system can not be connected from the outside, unauthorized access is impossible. The system records each operation, which allows you to understand who, when and what data was requested.

Information security expert Sergei Vakulin criticized the FacePay fare payment system.

"No system is secure. There is a possibility that the data will leak somewhere, and it may be discovered years later. As for security in general, facial recognition, biometric data, then the situation is 50-50. The fact is that the system will not be fully debugged with our technologies, because the person is changing. Clearly, there will be some mistakes, maybe he will grow a beard, and how will he be recognized?" noted the expert.

Database of 21 million users of popular VPN services leaked

The database contains email addresses, passwords and usernames of Russian users. This information can be used by hackers to obtain bank card data.

A database of 21 million users of free VPN services GeckoVPN, SuperVPN, and ChatVPN for the Android operating system was put up for sale on Darknet.

According to the SuperVPN page in the Google Play Store, the app has been installed more than 100 million times. GeckoVPN has over 10 million installs, and ChatVPN has over 50,000.

The database contains e-mail addresses, passwords and usernames of users. One of the archived samples for sale contains data about VPN users' devices, including serial numbers, phone types, and brands.

SuperVPN users' data was already in the public domain as a result of a large-scale leak last summer. The founder of the company "Internet-search" Igor Bederov, in an interview with the publication, said that the new data leak of free VPN users occurred due to "obvious negligence in handling confidential information." “Service owners have not trite to change the default passwords on their database servers,” he explained.

According to experts, user data can be used by fraudsters for phishing and man-in-the-middle attacks, when a hacker puts malicious tools between the victim and the target resource, thus intercepting the user's web sessions.

Alexei Kubarev, an expert at the Solar Dozor Product Center, told that such attacks endanger confidential data transmitted from devices over the Internet, including passwords and CVV codes of bank cards.

According to Denis Batrankov, an independent information security expert, users of VPN services need to set unique passwords so that in the event of a leak, fraudsters cannot brute force access to other services with the same password.

IBM: Cyber attacks on Linux systems of Russian government agencies will increase

The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import substitution. Businesses that have started actively using the cloud against the background of the pandemic face increased costs: attackers can hack their cloud environments and use them for mining cryptocurrencies and DDoS attacks.

According to the IBM report on the main information security risks in 2021, the number of attacks on cloud environments and open-source Linux operating systems will increase this year. Users of Russian operating systems on Linux can also suffer, said Oleg Bakshinsky, a leading information security adviser for IBM in Russia.

The attackers began using the extensible computing power of Linux-based cloud environments, said Mr. Bakshinsky.

The customer can enable the service in their cloud settings, and at times of peak loads, their resources will be expanded for an additional fee. Attackers take advantage of this by gaining unauthorized access to the victim's cloud environment, increasing the company's costs for paying for cloud services.

The authorities have already acknowledged the problem. So, to check the security of operating systems based on Linux, the Federal Service for Technical and Export Control of Russia will create a research center for 300 million rubles ($4 million).

Cybersecurity experts also confirmed the growing interest of hackers in Linux systems. Check Point records about 20 attacks on Linux-based cloud environments in Russia, which is 3.45% of the total number of such attacks worldwide.

The main targets of the attackers, according to Nikita Durov, technical director of Check Point in Russia, are the financial industry and the government.

Alexander Tyurnikov, head of software development at Cross Technologies, is convinced that attacks on cloud environments "will not be so large-scale as to lead to the collapse of state and commercial systems."

Experts listed the methods used by fraudsters to obtain personal data

As noted by experts, information leakage in large companies does not often happen, but data theft can occur through contractors

Scammers learn personal data of Russians from gaps in the security of companies or from their informants in them, from social networks of citizens, as well as through phishing sites.

"Often, a person can simply share their name and phone number, for example, on social networks. Such data can also be collected from data leaks," said Sergey Golovanov, a leading expert at Kaspersky Lab.

He clarified that information leaks in large companies do not often happen, as they pay great attention to their cybersecurity. However, data theft can be carried out through contractors who do not always have the necessary resources to ensure security when processing personal data. Also, according to the expert, leaks can occur from small online stores or other services where customers are asked for such information.

As Anastasia Barinova, deputy head of the Group-IB Computer Forensics laboratory, noted, today, fraudsters are actively searching for insiders, including in banks, insurance companies, and financial organizations, since their schemes using personal data are now successful and effective.

“Criminal groups, including fraudulent call centers, can monetize this data, taking advantage of opportunities to steal and withdraw funds,” explained the expert.

In addition, Russians fall into the trap of fraudsters, filling out a form of personal data on a phishing site or publishing photos of documents and bank cards on Internet resources.

Golovanov said that scammers often combine information about potential victims from several sources and use it to gain people's trust. The expert recalled that personal data alone is not enough to conduct financial transactions on behalf of the victim. In this regard, he urged not to disclose bank card details or other confidential information to anyone under any circumstances.

Russian state systems are in danger because of Internet Explorer

This year, many government agencies will have to spend several hundred million rubles on updating their information systems due to the termination of support for Internet Explorer by the American corporation Microsoft. The fact is that most government information systems used an outdated version of the browser to log users in.

Experts believe that if nothing is done, the systems will continue to work, but will not receive updates, which will make them vulnerable to hacker attacks.

For example, this will affect the system of control over the volume of turnover of alcoholic and alcohol-containing products in the Russian Federation, the system of the Federal Treasury, and the Supreme Court.

All of these information systems work only in the Internet Explorer browser on the Windows operating system. When they were created, only Internet Explorer supported the necessary cryptographic security requirements. But many years have passed since then: Microsoft will stop supporting Internet Explorer version 11 from August 17, 2021, and support for older versions has been discontinued since January 12, 2016.

According to the expert, the lack of updates carries a serious risk of data leakage and the availability of services. This increases the risk of hacker attacks and narrows the circle of potential users. The problem is large-scale - to solve it, it will be necessary to rewrite the software of state information systems, which will take from one to three years, and it will cost hundreds of millions of rubles.

Experts believe that Microsoft even assisted import substitution in Russia. According to them, the departments will deal with the issue of their compatibility with domestic operating systems, solving the problem with the work of state information systems without Internet Explorer.

"Taking into account the requirements for import substitution, the best course for departments will be to switch to open-source browsers, for example, from the Chromium and Firefox families", said Yuri Sosnin, Deputy General Director of the Astra Linux group of companies.

According to Timur Myakinin, the head of the software development department of the IT company Jet Infosystems, the departments still have enough time to abandon the old technologies.

Russian explained why hackers steal personal data of CD Projekt RED employees

 Hackers have broken into the Polish development studio CD Projekt RED, the authors of the sensational game Cyberpunk 2077, and threaten to publish the source codes of the video games, as well as the personal data of the company's employees. Moreover, the attackers have already fulfilled the first part of the promise: the source code of several games of the Polish studio has appeared in the public domain. It is likely that cybercriminals will also reveal the personal data of employees. Alexey Kubarev, Head of the Solar Dozor Business Development Group at Rostelecom-Solar, spoke about why hackers hunt for such information and how they use it.

"The main goal of hackers is to profit from the spread of malicious attacks and fraud. Personal data can be both an end goal - it can be sold, and an intermediate goal - it can be used for the implementation of attacks," explained Kubarev.

According to the specialist, the most demanded information in the cybercriminal world is personal data related to the financial sector, for example, the bank's customer base.

The expert claims that fraudsters buy personal data on the Darknet. "There, the databases are placed by hackers, either who hacked the resource with the database, or received it from insiders."

Attackers figure out the employees they are interested in and, in various ways, make them provide either data or technical access to it.

According to Kubarev, a person cannot influence the protection of personal data that he provides to companies, since the companies that process them are responsible for the security of data.

"So, you should be careful about any letters and websites that require you to enter data about yourself and check whether they really belong to the official domain of the company. In addition, attackers can use social media to collect information, so it would be better to minimize the information with personal data in your accounts or restrict public access to them, if possible," concluded he.

The Central Bank conducted remote anti-hacker exercises for the first time

The Central Bank of the Russian Federation summed up the results of the cyber exercises held in November-December 2020, designed to test the information security systems of Russian financial organizations.

The intention to launch cyber training for the Russian banking sector was announced in 2019 by the Central Bank of the Russian Federation. According to the organizer, the exercises should be held in the format of stress testing for resistance to cyber threats once every two years.

22 organizations voluntarily participated in the past cyber-trainings. According to Vyacheslav Kasimov, Director of the Information Security Department of Credit Bank of Moscow, various situations of responding to incidents were practiced and procedures for interaction with the Bank of Russia were tested.

According to Mikhail Ivanov, Director of the Information Security Department of Rosbank, "participation in cyber training is primarily an opportunity to demonstrate its reliability to the regulator".

The Bank of Russia's audits are aimed at ensuring that banks comply with the established requirements and determine whether their infrastructure is designed and implemented correctly in terms of cybersecurity.

As Vitaly Zadorozhny, head of the cybersecurity department of Alfa-Bank, explains," they check the level of cyber-hygiene in the organization, but they do not allow determining how effectively the bank will operate when attacked.”

Artem Sychev, the First Deputy Director of the Information Security Department of the Central Bank, said that cyber training makes it possible to quickly identify the risks of financial organizations.

At the same time, the Bank of Russia has recently fined 17 banks for non-compliance with the requirements of the information security system. 

At the same time, the consequences for those tested with the new approach of the Central Bank are getting tougher. If a fine is issued based on the results of the checks, then the Bank of Russia may potentially worsen the risk profile of the credit institution based on the results of the cyber studies.

Russian experts spoke about the most common fraud schemes on the Internet

One of the trends of the last year, continuing in 2021, was the exploitation of the COVID-19 theme. Denis Legezo, a senior cybersecurity expert at Kaspersky Lab, said that several reports on targeted attacks on research centers dealing with the COVID-19 problem have been published over the past six months.  

One popular type of online fraud is phishing. Last year, Kaspersky Lab found over 7,400 resources. According to experts, scammers are engaged in the distribution of links among Internet users, the addresses of which are difficult to immediately distinguish from the names of real Internet resources. In some cases, the name of the platform is specified correctly, but a word is added to it that should not be in the original, for example, instead of

Another common type of fraud is a scam. So, scammers offer users to take a survey or take part in the promotion for a reward. However, users need to pay a small commission, usually about $5. The victims of fraud do not receive any payments, and the commission goes to the scammers.

Denis Legezo noted that ransom attacks will become more frequent.

"Attackers encrypt company data and demand a large ransom, otherwise they promise to put all the data in the public domain," added he.

In addition, SIM-related attacks are activated. An attacker reissues the SIM card, using fake documents or colluding with an employee of mobile phone stores, inserts it into his phone, and withdraws money from the victim's account via SMS commands. 

Most often, the victims of fraud are educated people aged 18-42 years with two diplomas and even an academic degree.

The FSB recorded an attempt to encrypt the data of patients in hospitals in Russia

The deputy director of the National coordination center for computer incidents (NCCI) Nikolay Murashov during a speech at the information security forum stated that for the first time in 2020, the Special Services recorded attempts by hackers to introduce malicious software into the information resources of Russian medical institutions in order to encrypt user data.

According to him, there were also hacker attacks on the information resources of the Central Election Commission and Civic Chamber of the Russian Federation.

Murashov said that the special services managed to prevent attacks on the services of state structures.

In total, over the past year, the NCCI has stopped the work of more than 132 thousand malicious resources. At the same time, according to Murashov, the main sources of cyber attacks on Russian resources are located outside the country: 67 thousand foreign malicious resources and 65 thousand such resources in Russia were blocked by the Center for the year. The attacks were carried out from Turkey, the Netherlands, and Estonia and were aimed at state authorities and industrial enterprises.

In general, according to Murashov, remote work has complicated the protection of personal data, as attacks began to be carried out through insufficiently protected remote access centers and vulnerable software. NCCI specialists also registered the sending of phishing messages, most often, card data were stolen through phishing.

The National coordination center for computer incidents has been recording for several years that the main sources of hacker attacks on Russian organizations are located abroad.

In late January, the NCCI center warned of possible cyberattacks from the United States. The threat of attacks in the Center was associated with accusations against Russia from Western countries of involvement in hacker attacks on American government resources, as well as with threats from them to carry out "retaliatory" attacks on Russian critical information infrastructure.

According to the Investigative Committee, in general, the number of cybercrimes over the past seven years in Russia has increased 20 times, and every seventh crime is committed using information technology or in cyberspace.

The NCCI was created in 2018 by order of the FSB to combat the threat of hacker attacks on Russia's infrastructure.

The number of crimes with bank cards in Russia has increased by 5.5 times

Last year, 510.4 thousand crimes committed using information and telecommunications technologies were registered in Russia. According to the data of the Ministry of Internal Affairs, this figure is 73.4% more than it was in the previous year.

In 2020, cybercriminals used bank cards, the Internet, and a telephone to commit crimes. In particular, during the year, the number of acts involving the use of plastic cards increased by a record 453.1%, reaching 190.2 thousand. In 2019, according to the Ministry, there were only 34.4 thousand. 

The Central Bank confirmed an increase in the number and volume of transactions without the consent of bank customers in 2020.

The director of the company Anti-Phishing Sergey Voldokhin confirmed that massive phone fraud, malicious banking applications for smartphones and fake payment system sites have become a real problem in 2020. According to him, with the beginning of the pandemic and the transition to remote work, cyber fraudsters have received new opportunities for attacks. "Judging by the volume of thefts, banks and financial companies were not ready for a large-scale impact on their customers", added he.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, fraud trends are likely to continue in 2021.

"But a significant increase in their number is unlikely, as financial organizations and telecom operators are actively fighting such schemes, and the news agenda has made citizens wary of suspicious calls", noted he.

According to Pavel Utkin, a leading lawyer at Parthenon, the problem of phone fraud with plastic cards will disappear by itself when banks establish control over the personal data of customers.

The banks noted that in order to minimize attacks, they have already implemented comprehensive anti-fraud systems, as well as information campaigns among customers about new types of fraud and methods of countering them.

Earlier, E Hacking News reported that Sberbank is the most targeted organization in Europe by hackers.

Medvedev mentions about the possible disconnection of Russia from the global network

Disconnecting Russia from the global network is possible, but the authorities have a plan of action in this case, said the Deputy Chairman of the Security Council Dmitry Medvedev.

Medvedev said that Russia has the technical capabilities to ensure the autonomous operation of the Russian segment of the Internet, but no one would like to take it to such extremes.

"Technologically, everything is ready for this. At the legislative level, too, all decisions have been made. But once again I emphasize: this is not easy, and I would really not want it,” stressed he.

Medvedev acknowledged that the isolation of the Russian segment of the Internet is only a backup plan in the extreme case if Russia is disconnected from the global network. "Of course, we have a plan for how to act in such a situation. The Internet, as you know, appeared at a certain time, and, of course, the key management rights are located in the United States of America. So potentially, Russia's disconnection from the global network can happen," said Medvedev. 

The politician recalled the constant talk about disconnecting Russia from the international interbank system for transmitting information and making SWIFT payments. "They constantly frighten us with this. We were even forced to create our own system for the transfer of information if suddenly this happens so that electronic messages can be exchanged. The same thing can potentially happen with the Internet, and then we will not have access to the main nodes of this network," said the deputy head of the Security Council.

The Deputy Head of the Security Council recalled that against the background of such risks, a law on the Russian segment of the Internet was adopted so that it could be managed autonomously.

Nevertheless, the deputy head of the Security Council urged to be realistic and understand that if the Runet is isolated, it will create big problems.

Earlier, E Hacking News was reported that Russian business expressed fear about the isolation from the global Internet.