Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Hackers attack Russian organizations through a new Microsoft Office vulnerability

Information security specialists from Kaspersky Lab reported that hackers are trying to attack Russian companies through a new vulnerability in Microsoft Office products. At least one attack targeted government agencies. Using the vulnerability, attackers can not only spy on users of the infected system, but also download malicious programs like ransomware viruses into it. Experts expect that hackers will actively exploit the system's flaw, as users are slow to install updates.

According to Yevgeny Lopatin, head of the complex threat detection department at Kaspersky Lab, attackers are now exploiting the vulnerability by sending a phishing email with a document attachment. An employee only needs to open such a document on his computer for the vulnerability to work, and then malware is downloaded and installed on the victim’s computer.

Rostelecom-Solar has registered one targeted attack on government bodies using this vulnerability, said Igor Zalevsky, head of the Solar JSOC CERT cyber incident investigation department.

The expert added that a number of government systems are still using Internet Explorer as the recommended browser.

This is actually a vulnerability in MSHTML, the engine of the Internet Explorer browser. This part is responsible for displaying the content of the web page (images, fonts, and other files). In this case, MSHTML is used by the Microsoft Office software package to display web content in documents.

The vulnerability in MSHTML allows an attacker to create modified documents with malicious scripts. After compromising the system through this vulnerability, an attacker can install a backdoor.

According to experts, a wave of attacks using the problem in MSHTML is expected. The vulnerability can be exploited both in advanced attacks and in regular phishing emails.

Russian hacker confirmed the resurrection of the most famous Russian hacker group REvil

 A Russian hacker who collaborated with the well-known REvil group confirmed that cybercriminals returned to active work after a two-month break. He named political reasons the main reason for the temporary suspension of their activities. This refutes the claims of REvil members themselves, who explained this with precautions after the disappearance of one of the community members.

An anonymous cybercriminal said that the group initially planned only to suspend its activities, but not to end it completely. According to him, this step was due to the difficult geopolitical situation.

"They told key business partners and malware developers that there was no cause for concern and that cooperation would not be suspended for long," the hacker said.  Answering the question about the influence of the Russian leadership on the decision of the most famous group of the country to hide for a while, the Russian hacker noted that such an option is hardly possible. According to him, there is no evidence to suggest any connection between REvil and the government or intelligence services of Russia or other countries. Moreover, no one discusses such a topic on a serious level on the darknet.

"It is not surprising that the hacker group responsible for high—profile attacks on American infrastructure took precautions after the conversation between the US and Russian presidents," the anonymous hacker stressed. "Geopolitical factors are always taken into account in a business of this level, although this is the first time I have encountered a situation where a group has been forced to curtail its activities relatively unexpectedly".

REvil's return was announced last week when the group's site on the darknet became active again after two months of downtime. Shortly after that, community members stated in messages on one of the Russian forums that the temporary suspension was dictated by precautionary measures. They were allegedly caused by the disappearance of one of the REvil members: "We backed up and disabled all the servers. We thought he had been arrested. We waited — he didn't show up, and we restored everything from backups."

Only one-in-ten Russian organizations are aware of the danger of vulnerabilities in web applications

In 2020, attacks on the web accounted for one-third of all information security incidents. However, only 10% of Russian organizations believe that web applications are a priority element of the infrastructure for scanning for vulnerabilities.

Rostelecom-Solar surveyed April-June 2021 200 organizations of various sizes and profiles (public sector, finance, industry, IT, etc.) were interviewed. According to it, only 7% of organizations realize the importance of scanning an isolated segment of the IT infrastructure. For example, these are industrial networks or closed state data exchange systems. 29% of respondents consider it important to scan the external perimeter. Meanwhile, 45% of respondents named the organization's local network as the key element for analyzing vulnerabilities. And only one-tenth of respondents consider it important to scan all elements of the infrastructure.

In general, according to the survey, 70% of organizations have vulnerability control. However, most of them do not scan regularly: more than 60% of companies scan the infrastructure once a quarter or less.

Experts note that almost all organizations either conduct scanning automatically (41% of respondents answered this way) or by means of a single dedicated information security specialist (39%). This is not enough to quickly process the data obtained from the scanner and formulate up-to-date recommendations for closing the vulnerabilities found.

According to experts, if the company does not have a vulnerability management process and there are no resources for processing the received data, so-called shadow IT appears in the infrastructure. These are unrecorded and therefore unprotected areas of the IT landscape that can be exploited by hackers to carry out an attack.

Hackers switched to combined cyber attacks on the Russian financial sector

Experts began to note the particular interest of cybercriminals in the Russian banking sector as early as mid-summer 2021. In July, the Bank of Russia reported about the risks of "infecting" financial institutions through members of their ecosystems.

In August, FinCERT noted a series of large-scale DDoS attacks on at least 12 major Russian banks, processing companies and Internet service providers. The requests came from the USA, Latin America and Asia.

In early September, the Russian financial sector was attacked again. So, large banks and telecom operators that provide them with communication services were attacked.

Since August 9, the Russian Cyber Threat Monitoring Center (SOC) of the international service provider Orange Business Services has recorded a big increase in the number of requests. Attackers combine not only well-known attacks such as TCP SYN, DNS Amplification, UDP Flood and HTTPS Flood, but also only recently discovered ones, for example, DTLS Amplification.

In total, more than 150 attacks were recorded during the month, from August 9 to September 9, 2021. At the same time, their intensity is constantly increasing. Criminals are constantly trying to increase the power of attacks in the hope that telecom providers will not be able to clean up traffic in such large volumes.

In addition, the attackers used large international botnets. So, SOC Orange Business Services identified one of the networks based in Vietnam and South America, with more than 60 thousand unique IP addresses, and which was used to organize attacks like HTTPS Flood on the 3D Secure payment verification service.

The attackers also used the HTTPS Flood attack to make it impossible to use the banks' application, in this case, the attack was carried out from the IP addresses of Russia, Ukraine and France.

“Based on how persistently and ingeniously cybercriminals act, we can say that we are dealing with a complex planned action aimed at destabilizing at least the Russian financial market,” said Olga Baranova, COO of Orange Business Services in Russia and the CIS.

The largest banks in Russia were subjected to a large-scale DDoS attack

A new large-scale DDoS attack carried out late in the evening on September 2 led to the system failure of major banks and made some of their services unavailable. Thus, a number of large banks experienced problems with payments and card services for some time.

VTB, Sberbank and Alfa-Bank withstood the attack, but their Internet provider Orange Business Services experienced significant difficulties.

"Everything that went through Internet providers, including land points that are connected by wires, ATMs, POS terminals, did not work for some time," said a bank representative.

"The IT services of our partners and their communication providers faced a DDoS attack, which affected the payment of customers in remote service channels," VTB reported.

Sberbank reported that on September 2, a failure was recorded on the side of an external service provider, which could lead to short delays in the operation of individual services.

"Some reports recorded by the Downdetector resource could be related to problems with one of the local Internet providers," Alfa-Bank reported.

Olga Baranova, Operational Director of Orange Business Services in Russia and the CIS, said that since August 9, the company's cyber threat monitoring center has been recording attacks on financial clients around the clock using capacitive attacks such as Amplification, as well as attacks using encrypted protocols (HTTPS).

"These attacks continue even now. The most powerful one was about 100 Gbps. Moreover, in terms of the number of attacks we detected, this August is comparable to the entire last year," added she.

As explained by the founder and CEO of Qrator Labs, Alexander Lyamin, Amplification attacks are aimed at communication channels, and HTTPS or Application Layer attacks are aimed directly at applications. "DDoS attacks of this type are the most dangerous: they are difficult to detect and neutralize since they can simulate legitimate traffic," noted he.

The number of cases of hacking smartphone games has increased in the world

In the first half of 2021, the Russian mobile games market was among the world's top five leaders in terms of downloads. Therefore, hackers began to actively attack Russians playing on smartphones. In online games with prizes, attackers can crack the code to get rewards instead of honest participants. In games with registration, hackers hunt for the personal data of players. 

According to forecasts, the volume of the Russian video game market by the end of this year is expected to amount to $2,236 million. Along with the growing interest of consumers in video games, the activity of hackers and scammers is also growing.

Basically, the key to obtaining personal data, logins and access to the victim's computer is phishing. There are various schemes: from simple chat correspondence with malicious links to fraudulent sites where players are offered to improve statistics, download various hacks containing keyloggers or spyware.

It is quite simple to distinguish a game in which there is a chance to meet a dishonest player. You just need to find out if the application is using any anti-cheat (software for tracking and preventing the use of funds for cheating), as well as how often it is updated. Such information can be found in the public domain, often the developers of a particular game write about it themselves.

According to Panda Security in Russia and the CIS, cryptojacking malware can also be added to the current problems of gamers. Cryptojacking is the use of devices (computers, smartphones, tablet PCs, or even servers) without the knowledge of their owners for the purpose of hidden mining of cryptocurrencies. 

The best way not to become a victim of such fishing is not to download pirated software. If the user notices that the PC or mobile device has become slower or fails, then there is a high probability that the gamer is unknowingly "mining" cryptocurrency for hackers.

Russian scientists have launched the first quantum network with open access in Moscow

 Russian scientists have launched in Moscow the first quantum network with open access, in which all interested organizations will be able to participate.

"The main advantage of our quantum network is its openness compared to those that were developed earlier. This could radically change the quantum communications market. Both software developers and organizations wishing to connect experimental sections of their infrastructure to implement quantum-protected solutions can participate in this project," said Yuri Kurochkin, head of the quantum communications group at the Russian Quantum Center.

Mr. Kurochkin and his colleagues have launched Russia's first interuniversity quantum network based on an open architecture. Thanks to this, it can be scaled and expanded in any way.

The network is based on the technology of quantum key distribution, as well as comprehensive network protection systems. Existing fiber optic lines are used for key and data transmission, which significantly reduces the cost of operating and expanding the network.

The network is configured in such a way that it is allowed to be used by interested organizations primarily for the development of modern software applications in the field of information security based on the use of quantum keys. In addition, once the network is expanded, scientists plan to study in detail how effectively the procedure for reserving its capacities will work.

Unbreakable quantum communication and cryptography systems began to actively develop in the last ten years. In Russia, the first research networks of this kind appeared in 2014, and in recent years several long-distance and intercity quantum networks have been created, which are used in practice in several branches of major Russian banks.

According to their developers, quantum cryptography and communication systems, in theory, minimize the possibility of "invisible eavesdropping" due to the fact that the laws of quantum mechanics do not allow to copy the states of light particles exchanged by participants in quantum networks. This makes them attractive for the secure exchange of cryptographic keys, which are already used for data encryption in conventional fiber-optic or wireless networks.

Russian IT specialists have reliably protected the online voting system from hackers

 Remote electronic voting, which will take place during the September elections in Russia, is reliably protected from hacker attacks. Kaspersky Lab expert Alexander Sazonov said this at a press conference on Friday.

The remote electronic voting system began to be developed in 2016 on the basis of blockchain technologies. According to the expert, the use of this type of voting has more than doubled from 2019 to 2020.

"If in previous years users were cautious about the remote e-voting system, in 2020 the share of actual votes has increased significantly. According to our statistics, almost 50% of the voting participants in 2020 are educational institutions," Sazonov noted.

According to the expert, there are no absolutely secure systems: "But we use the most advanced means of protection in our systems, which reduce the effectiveness of such attacks and impacts to a minimum. Therefore, the systems can be considered quite secure for the purposes of voting at the highest level."

Sazonov noted that the developers are focused on making it "impossible to fake the vote and influence the process of counting these votes." "It is important to provide intermediate concealment of the results so that during the voting process it is not known which candidate wins or which party wins. It is necessary to ensure the anonymity of votes so that it would not be possible to match a particular vote with a particular voter," he stressed.

According to experts' forecasts, about two million Russians will take part in Remote electronic voting in the coming autumn.

Recall that the Russian State Duma adopted a law on remote voting in May 2020. The pandemic of coronavirus infection served as a kind of trigger for the introduction of remote voting. 

Spanish botnet attacked Russian companies

 StormWall, the provider of services for protecting networks from DDoS attacks, said that Russian companies have been attacked by one of the most powerful DDoS botnets on the Internet for the last month. Qrator Labs noticed this botnet at the end of last year.

According to StormWall, the new botnet is of Spanish origin and consists of 49 thousand devices, the maximum power of its attacks reaches 2 Tbit/s. Most of the attacks target the gaming industry. Such a botnet can be rented for $2,500 for two days.

The new botnet has several sites that provide DDoS services for rent, the tariff for organizing attacks at a speed of several terabits per second is about $100 per hour. According to Qrator Labs, attacks using it occur every month, and they are dangerous because not all operators, even at the federal level, are able to resist attacks of such power.

The Kaspersky Lab expert believes that the gaming industry has long faced the problem of DDoS attacks, and its large companies use effective protection, so less powerful botnets do not give hackers the necessary efficiency.

In addition, according to experts, now the games segment is experiencing another financial boom due to an increase in the audience because people began to devote more time to games during the pandemic.

Experts believe that cybercriminals prefer not to attack protected resources because it is expensive, not very effective and there is a risk that a botnet will be detected and blocked. It is hard to believe that a botnet consists of 49 thousand infected servers, as they are usually better protected than the user's computers.

APT31 hackers attacked Russian companies for the first time

The representatives of the company Positive Technologies reported that the hacker group APT31, known for its attacks on state structures of different countries, attacked Russian companies for the first time. A number of experts associate the APT31 group, which also appears under the names Hurricane Panda and Zirconium, with the Chinese special services.

The representative of Positive Technologies did not disclose the number of attacked companies and their names, as well as the damage caused. He explained it by the confidentiality policy.

According to Positive Technologies experts, since the spring of 2021, APT31 has begun to expand the geography of attacks and use a new method of hacking and infecting gadgets.

According to the company, hackers send phishing emails that contain a link to a fake domain — inst.rsnet-devel[.]com. It completely imitates the domain of certain government agencies. When the link is opened, a so-called dropper (remote access Trojan) gets into the user's computer, which creates a malicious library on the infected device and installs a special application. The application then launches one of the functions of the downloaded malicious library, and the attacker takes control of the computer.

Another hackers' trick was that in some attacks the dropper was signed with a real valid digital signature, and many security tools perceived it as a program from a certified manufacturer. Positive Technologies experts believe that the signature was most likely stolen, indicating that the group was well-prepared.

It is worth noting that the activity of APT31 has been recorded since the 2010s. Hackers attack mainly the public sector, collecting confidential information. According to Microsoft, from March to September 2020, about 1 thousand attacks of this group on users related to the presidential elections in the United States and candidates for this post were recorded. APT31 hacker attacks were also reported in Norway, Finland, Germany, Mongolia, Canada and Belarus.

Russian banks to launch a system against telephone fraud

Financial organizations are planning to launch a pilot project of a system for accounting and analyzing telephone fraud, said Alexey Voilukov, vice president of the Association of Banks of Russia. The service will allow to monitor calls, identify unscrupulous operators and more effectively track the fraudsters.

The Association will present the developments to the regulatory agencies along with proposals for changing the legislation. In order to improve the response to criminal attacks, the project should be implemented on the basis of the site of the supervisory authority, for example, the Ministry of Internal Affairs.

Experts believe that the owner of such a system should be one of the government agencies, authorized to request information from operators about the sources of traffic and to process data containing the secrecy of communications.

"It is necessary to tighten legislation in the field of personal data protection and tighten control over bank employees since fraudsters often obtain information about customers through leaks," added experts.

Tinkoff Bank believes that it will take about a month to test the project after the creation of an interdepartmental anti-fraud group. The bank will become one of the pilot's participants.

Other major credit organizations also supported the idea of implementing the system. The pilot of the project can start as early as the end of 2021 or the beginning of 2022. However, full work will require changes in the law.

According to Tinkoff, the number of malicious calls in the first quarter of 2021 increased 2.3 times compared to the same period in 2020. In addition, about 80% of phone scammers use number spoofing, so after launching the project of the system of accounting and analysis of telephone fraud, it will be much more difficult for them to carry out attacks.

Experts Said How Cybercriminals Make Money on Russian Gamers

One of the most popular fraud schemes involves buying or selling an account in online games. An attacker can offer an account, but after transferring funds for it, the buyer does not get access to it.

Experts advise using specialized platforms for buying and selling an account, which charge a commission of about 10% for their services.

If there is no such platform, but there is a forum dedicated to the game, the expert advises to study the user's account and his rating on the forum as much as possible before selling or buying.

Gamers can also be deceived when buying expensive computer components, for example, video cards. Scammers create copies of popular online stores, in which the cost of components will be declared 2-3 times lower than the market price. The buyer most likely will not be able to return the money.

Another method of fraud is associated with the purchase of expensive goods, such as a game console through a private classifieds service. In this case, the buyer is offered to get an e-wallet on one of the legitimate services. His virtual card is allegedly linked to this account, which is used to make the payment.

The client transfers money to the wallet and informs the seller about it, after which he receives an SMS message with the virtual card data. However, the notification does not come from the service number, but from the phone of the scammers. So, the gamer makes the transfer to scammers and remains without money and the desired product.

Another method of fraud is connected with watching streams of other gamers. Scammers copy the broadcasts of famous players and add banners with ads for easy earnings to the video. By clicking on them, people get to the resources of scammers, where they lose money by providing their bank card details.

According to the expert, the solution to the problem in the game world could be the active development and use of escrow services, as it is used when selling domain names on the Internet.

Hackers Hit President Putin and Citizens at a TV show


Recently, a massive cyberattack took place while Russian president Vladimir Putin was answering citizen queries through the state-broadcast Rossiya 24 Network. The televised phone-in is an annual session where President Vladimir Putin gives answers to all questions that have been submitted by the citizens. 

However, this year's phone-in on Wednesday, which continued for four hours, faced connectivity issues, particularly when the president was answering calls from remote regions. 

"Our digital systems are right now facing attacks, powerful DDoS attacks," a Rossiya-24 presenter informed the Russian President after a caller from the Kuzbass region in southwestern Siberia experienced connection problems repeatedly. 

President Putin responded by saying “Are you joking? Seriously? Turns out we have hackers in Kuzbass.”

Russia’s telecommunications giant Rostelecom has confirmed massive cyberattacks and further informed that the network is adopting advanced countermeasures to prevent such kinds of cyberattacks. While currently it remains unclear as to who led this attack and no further technical details have been shared by the channel. 

Putin’s spokesman Dmitry Peskov told the RIA Novosti news agency that “the origin of the attacks was unclear”. 

In June 2021, the world witnessed an important summit between Putin and US president Joe Biden wherein cybersecurity was one of the main topics on the agenda.

Furthermore,  in April 2021, Biden's administration slapped sanctions on the Russian government over the SolarWinds cyberattack that targeted several US federal organizations and more than 100 US private companies.

More than 3 million Russians have become victims of a new online fraud scheme

Experts of the cybersecurity company Group-IB note that fraudsters skillfully disguise fake payment pages: they often contain logos of the international payment systems Visa, MasterCard.

"By creating phishing sites for popular services and online stores, scammers have learned to imitate payment pages protected by 3-D Secure, a technology that was previously considered one of the most effective to ensure the protection of user payment data when paying for online purchases worldwide", said the experts.

Attackers attract the victim with fraudulent advertising or spam mailing to the phishing page of the online store. There, the user enters payment data, paying for the selected product or service. Then SMS code is sent to the user's phone number to confirm the transaction. The user enters the code into the same form on the legitimate 3-D Secure page, and the money goes to the fraudster's card.

According to experts, to protect themselves, users must first pay attention to the source of the payment in an SMS message from the bank with a transaction confirmation code.

"If the words Card2Card or P2P are specified there, but the payment was not initiated from the specified resources, you should not enter the received code to confirm the payment," noted experts.

Information security expert Alexey Lukatsky stressed that it is necessary to pay attention to the name of the site, to its design, to possibly grammatical errors that are there, and to the domain on which this site is hosted.

The expert added that it is necessary to pay attention also to the 3-D Secure page.

"Because this domain must also be identical to the domain whose bank issues a card. Accordingly, if the domain name indicates something different or similar to our bank, then this is also a sign of fraud," added Mr. Lukatsky.

Logins and passwords of at least 1.2 million Russians have been leaked online

 The credential verification service developed by cybersecurity company BI.ZONE (a subsidiary of Sberbank) has revealed that information about logins and passwords of more than 1.2 million Russians is freely available as a result of data leaks.

"BI.ZONE, a strategic digital risk management company, helped over one and a half million Russians check their credentials for leaks containing their usernames and open passwords. The owners of more than 1 million 200 thousand contacts could become potential victims," the company said.

Experts note that this information is available not only on the darknet but also on the normal Internet. At the same time, since it is freely available, attackers do not even need to buy it.

According to Anton Okoshkin, director of anti-fraud at BI.ZONE, many Russians use the same credentials for many sites, so their leakage can lead to hacking of all accounts.

"In most cases, people use the same username and password on a variety of resources: from accounts in social networks and online stores to work services. In such a situation, if your account is compromised on one of them, the risk of hacking all accounts increases," Okoshkin noted.

At the same time, the expert noted that attackers usually begin automated verification of credentials on different services a few hours after the appearance of the leak in the public domain. "It is very important to promptly warn users about the compromise of their data," he stressed.

Almost 1.7 million Russians have already used the company's credential verification service. The service checks for a set of 5 billion credentials that have exactly fallen into the hands of attackers and contain user usernames and passwords. The leaked database is updated weekly.

Russia intends to sign agreements with a number of countries in the field of cybersecurity

Deputy Secretary of the Security Council of the Russian Federation Oleg Khramov named several countries with which Moscow plans to sign agreements on cooperation in the field of cybersecurity.

Mr. Khramov said that intergovernmental cooperation agreements are ready to be signed with Indonesia, Nicaragua and Uzbekistan. Relevant agreements with Iran and Kyrgyzstan were signed this year.

"About half a dozen draft agreements are at the stage of expert elaboration or domestic approval," Khramov added.

"Russia is ready to cooperate with all states that share its approaches and aim to jointly counter threats to international information security. But, of course, dialogue with our closest partners in the Collective Security Treaty Organization (CSTO), SCO and BRICS will continue to develop as a priority," Khramov stressed.

He also noted that cooperation within these associations has a solid legal foundation. Thus, Russia has concluded bilateral agreements with all the BRICS countries. Within the framework of the CSTO, there are specialized agreements on cooperation in a multilateral format.

Khramov stressed that, regarding the Western countries," the dialogue with our French colleagues is progressing positively."

In May, the American media reported on the possible connection of hackers who attacked the Colonial Pipeline with Russia. However, the White House did not confirm this information. Deputy Assistant to the US President for National Security Ann Nyberger stressed that it was a group of hackers, not a state, who carried out the attack.

On June 11, White House press secretary Jen Psaki said that the US authorities are ready to discuss at the upcoming US-Russian summit the topic of cybercrimes.

On June 16, Russian President Vladimir Putin and his American counterpart Joe Biden agreed to start consultations on cybersecurity during the summit in Geneva. But after, the Russian Foreign Ministry accused the United States of trying to win back the summit agreements on cybersecurity

The Russian government plans to create a unified video surveillance system

The Russian government wants to create a single video surveillance system that will unite smart cameras in Russian cities. The devices will be able to recognize faces and license plates. The project will help to quickly respond to crimes, and in some cases, prevent them. The personal data of ordinary people is promised to be reliably protected.

The development of the project and the installation of cameras is estimated at 250 billion rubles ($3,500,000), and the implementation may take five years. Previously, the project was estimated at 97 billion rubles ($1,350,000).

Now the cameras in Moscow send video to the Data Processing Center, and in the new system, they will recognize suspicious situations themselves and only then send the video to the Data Processing Center.

It is expected that different cameras will be installed in the cities, depending on the tasks. A face recognition system will be needed somewhere and there will be cameras with powerful computing modules. In other places, there will be enough cameras with motion sensors.

According to the expert, the system will make it possible to better detect violations, respond promptly to them, and in some cases even predict them.

The emergence of a unified video surveillance system may raise fears that personal data will be sent to smart cameras. The CEO of Lab.Ag and the developer of many government sites, Artem Geller, explained that such an outcome is inevitable because the cameras are aimed at fixing the physical data of people.

"Of course, they will process the physiological aspects such as face, gait, clothing, license plate. But don't forget that cameras are already doing this,” Geller added.

Cybersecurity specialist Sergey Vakulin recalled the experience of video surveillance systems in China, where there is also a face recognition function, but each person is assigned his own identification number. And only then this data is encrypted, but even with such a process, there are vulnerabilities.

"The biggest problem is that a lot of data is stored and transmitted using a global network. And devices connected to the global network are more vulnerable," Vakulin added.

According to Vakulin, it is too early to worry about possible hacking and data leaks. He explained that each system has cybersecurity specialists, testers who detect bugs.

Putin called the accusations of launching a cyber war against the United States unsubstantiated

 Russian President Vladimir Putin said that the US accusations against Russia, including cyber attacks and election interference, are groundless, the US side has never provided any evidence.

"We are accused of a variety of things: interference in elections, cyber attacks, and so on. And they [the accusers] did not bother to provide any evidence. Just baseless accusations," he said, calling statements about Russia's involvement in cyber attacks in the United States a farce.

"The issue of cybersecurity is one of the most important today because all sorts of shutdowns of entire systems lead to very serious consequences, and this is possible," the Russian leader said in an interview with the program "Moscow. The Kremlin. Putin" of the Russia-1 TV channel.

According to Putin, the Russian Federation will be ready to extradite cybercriminals to the United States if the American side also extradites criminals to Russia.

He stressed that such agreements are expressed in the relevant interstate agreements, where the parties undertake certain obligations.

"And they are in the vast majority of cases equivalent. Both sides assume the same obligations," Putin explained.

On June 4, Putin called the accusations of cyber attacks on American companies made against Moscow ridiculous and suggested that the situation could have been provoked to increase disagreements in connection with the upcoming meeting with US President Joe Biden. The press secretary of the Russian leader Dmitry Peskov assured that Moscow will promptly consider the appeals of the American side in connection with the hacker attack on the JBS enterprises if such requests are received. He also stressed that Russia does not have data on the organizers of cyber attacks on JBS.

Putin did not rule out that Western intelligence services, including American ones, may conduct activities against Russia in the cyber sphere.

"I am not afraid of this, but I do not rule out that it may be so," the Russian leader said.

“What the US is afraid of may pose a threat to us. NATO has declared cyberspace a war zone. They are planning something, and this cannot but worry us," the Russian president added.

Experts mentioned main loophole of Russian companies in cyber attacks

 According to experts of the cybersecurity company BI.ZONE (a subsidiary of Sberbank), the main reason for successful cyberattacks on Russian companies is an access control vulnerability that allows attackers to connect to an organization's systems and, as a result, then leads to data leakage.

"The vulnerability of access control was recognized as the main reason for unauthorized access to data of Russian companies. The company for strategic digital risk management BI.ZONE recorded this problem in 61% of organizations where they managed to gain access to confidential data," the company said.

According to BI.ZONE, this number was 67% last year. "A slight improvement may be due to an increase in the quality of creating in-house applications," experts say.

Yevgeny Voloshin, director of the BI.ZONE expert services unit, explained that attackers, having hacked the administrator's account, gain access to the company's systems and use this gap to steal data. At the same time, most often it is possible to crack the account by brute-force passwords.

"This problem lies in the incorrect division of access in internal corporate applications. For example, a regular user can also work with functions that should only be available to the administrator. Attackers, having hacked his account, connect to the internal infrastructure, and then use this gap for data theft and other fraudulent actions," notes Yevgeny Voloshin.

BI.ZONE experts recommend using complex passphrases with punctuation marks and other characters, rather than just a single word. Also, the vulnerability problem may be related to access to certain types of data without additional user authentication.

Earlier, E Hacking news reported that most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

The white hat hacker has estimated the probability of a hacker attack on the websites of Internet giants

There is no need to worry about the security of Russian systems after a global failure in the work of world sites, since the servers of all state institutions are located on the territory of Russia

Information security expert Denis Batrankov explained that the problem of modern systems is that many companies do not have the opportunity to create their own office to host their servers there. As a result, they order servers from other hosting providers where they host their product. All responsibility in this case falls on the hosting provider, but the risk of failures increases significantly.

Vakulin illustrated his opinion with an example of Amazon Web Services hosting.

"Many sites are hosted by Amazon Web Services, including small and medium — sized businesses. Since there was a large and large-scale failure, then all the sites that were generally hosted on this platform go down after it", the hacker said.

The expert believes that, despite the recent attacks on the American pipeline company Colonial Pipeline and World’s Biggest Meat Supplier JBS, Russia should not worry too much about industrial safety.

"As for government agencies, their servers are located in Russia. The data is stored in our country. From a security point of view, everything has been done to prevent third parties from accessing this data", the expert said.

The programmer also drew attention to the fact that the State Duma was going to oblige foreign IT companies with an audience of more than 500 thousand people a day to open branches in Russia.

"This law can still be finalized to the point that all data will be stored on Russian servers," Vakulin said.

In conclusion, the programmer shared his vision of the future in the IT field. He believes that neural networks will control the servers.

"I carefully monitor how our technologies and knowledge of artificial intelligence and neural networks are improving," Vakulin said. " Most likely, neural networks will simply monitor everything in the future: they will be engaged in tracking the site. In 20 years, programmers and cryptographers will simply observe the work of artificial intelligence, somehow refine it, and it will already do the work for them."

Earlier, Internet users reported a global failure in the work of the sites of a number of media outlets, companies and social networks around the world. Problems were observed, for example, at CNN, Twitter, Guardian, Amazon, Reddit, New York Times. The problems occurred due to a failure in the work of the American cloud service provider Fastly. Within an hour, the problems were fixed.