Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Germany threatened Russia with sanctions for a hacker attack on the Bundestag


German Foreign Ministry spokeswoman Maria Adebar on Friday confirmed that Germany in connection with the case of a hacker attack on the Bundestag introduces a sanctions regime,  which includes freezing accounts and restrictions on entry to the European Union.  Hackers linked to Russian intelligence are suspected of hacking emails. Moscow denies any involvement.

Adebar added that this sanctions regime allows freezing assets and restricting entry not only for individuals but also for organizations.

The day before, the State Secretary of the German Foreign Ministry Miguel Berger invited the Russian Ambassador to Germany Sergei Nechaev to Berlin in connection with the case of a hacker attack on the Bundestag. Berger, on behalf of his government, "strongly condemned" the attack.

He also reported on Germany's plans to use the EU's cyber sanctions regime against the Russians involved in this attack, including Dmitry Badin. The reason for this, he also called a warrant for the arrest of Badin, which was issued by the US Attorney General in May.

Recall, in early May, the German media reported that the Prosecutor General's office of Germany announced an international search for Dmitry Badin on suspicion of complicity in a cyberattack on the Bundestag network in 2015. It was noted that he was also wanted by the US Federal Bureau of Investigation (FBI).

Berlin believes that Baden is part of the hacker group Fancy Bear. He is accused of conducting secret intelligence and illegally extracting computer data.

A cyberattack on the Bundestag's resources occurred in April 2015. German members of Parliament received similar emails, allegedly related to the UN, in which there was a link to malicious spyware. According to official data, hackers stole at least 16 gigabytes of data. It is assumed that the attackers copied two mailboxes with correspondence from the parliamentary office of German Chancellor Angela Merkel from 2012 to 2015.

The German side believes that Russia is not sufficiently involved in the investigation of the crime.

The voting site of the United Russia party was attacked by hackers


"Initially, the voting went as usual. At seven in the morning, a rapid increase in attempts to vote began. After some time, technical support detected a DDoS attack — attempts were made to upload votes from non-existent voter IDs to the system," commented the press service of the party.
Deputy Secretary of the General Council of United Russia Sergey Perminov said that within two hours, the growth of hundreds of thousands of fake requests was stopped. At this time, there was a queue of real people who went to vote on the site.

"We use the blockchain to conduct preliminary voting — accordingly, all data comes to us in encrypted form and goes through several stages of verification. All ballots are anonymous — we don't have access to the personal information of the electors who sent them, which means we can't track the attack vector. Accordingly, we process all requests without exception. Therefore, we are now increasing our capacity in order not to lose any of the real votes," explained Perminov.

Deputy Secretary noted that they managed to stop the attack within two hours, now the system is gradually improving. All the data of real electors who managed to vote has been included in the blockchain and will be available for verification. The correctness of the vote, according to him, is not violated.

It is worth noting that United Russia is the only party in the Russian Federation that conducts primaries to nominate candidates for elected posts. Any Russian citizen can participate. This year, due to the coronavirus pandemic, primaries are held in electronic format.

Recall that on May 23, Russian President Vladimir Putin signed a law on remote voting. According to the document, a new type of voting without a paper ballot is being introduced in the Russian Federation. Special software will be used instead.

Russian experts assessed the level of protection of corporate data from hacker attacks


Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research.

"It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out," said experts.

Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection.

According to experts, every sixth company showed signs of hacker attacks, malicious links on official sites or valid accounts in public leak databases. Based on this, the researchers concluded that the company's IT infrastructure could be controlled by hackers.

Specialists advise companies for protection, first, to follow the General principles of information security: regularly check their information resources available for external connection, as well as develop strict rules for corporate password policy and monitor their implementation. In addition, they recommend regularly updating the security settings for operating systems and installing the latest versions of software products.

Recall that, according to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.

Russian banks revealed new types of fraud


Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have become more active. An applicant should fill out a form with personal data. Then a letter arrives that he was hired, and he needs to transfer money for some equipment urgently. In the end, no money, no work.

VTB specialists reported cases of fraud when hackers place job ads and get access to mobile phones while communicating with candidates. Then, using remote access, hackers get to the client's personal account and can withdraw money.

Hackers are looking for candidates without experience, for example, for the position of mobile app tester. Those who responded to the ad, they are asked to pass testing and install remote access programs to their computer or smartphone for control. Fraudsters can use them to log in to their personal account and withdraw funds.

The VAT refund scheme is also gaining popularity among fraudsters. Attackers publish videos on the Internet with a proposal to refund value-added tax to all Russians left without income. In this scheme, customers click on a fraudulent link from the description to the video and independently perform expense transactions, which leads to a loss of money.

"Internet companies began to actively appear that offer customers to take advantage of the volatility of cryptocurrencies and promise a large profit," said Kuznetsov about another scheme.

Finally, financial fraudsters copy popular initiatives of well-known brands and companies to attract their victims, using hashtags of the period of self-isolation, for example, #stayhome and offer to participate in the campaign to get three thousand rubles ($42). For this, it is allegedly necessary to provide card data and a one-time SMS password.

It is worth adding, according to the international company Group-IB, using the remote access program TeamViewer, fraudsters steal from the clients of large banks on average from 6 million to 10 million rubles per month ($84,000 - 140,000).

Data of 9 million customers of the Russian courier service CDEK leaked


Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services

Telegram channel In4security noticed that the database contains information about the delivery and location of goods and information about buyers, including Tax Identification Numbers. The seller of the database sent the author of the Telegram channel screenshots dated May 8, 2020. This indicates that the databases are fresh.

The CDEC claims that there was no data leak from the company. As the representative of the service stressed, personal data is collected by many companies, including state aggregators, the leak could have occurred on any of these resources.

Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies, said that this is the largest leak of personal data from Russian delivery services. He notes that the information of CDEC users is not leaked for the first time: previously, customers of the delivery service complained that personal data of other people is visible on the company's website due to vulnerabilities.

Head of Security Department of SearchInform Alex Drozd warned that after leaks there are always calls from scammers. They call the victim and introduce themselves as company employees and try to find out information about billing information.

The interest of fraudsters in the data of courier services may be associated with an increase in demand for their services during the coronavirus pandemic and self-isolation.
The company also recalled that recently, cases of detection of fraudulent sites that act on behalf of CDEC have become more frequent.

It should be noted that in recent weeks, there has been an increase in phishing sites: online cinemas, online stores, training courses, legal advice, government portals.  Earlier, E Hacking News reported that Russia has bypassed the USA in hosting for phishing resources.

The sites of the online action in honor of the victory in the Great Patriotic War were attacked by hackers


Sites where the online campaign Immortal regiment was broadcast, as well as the hotline’s telephone number, were subjected to repeated hacker attacks on May 9, the press service of the All-Russian public civil-patriotic movement Immortal Regiment of Russia reported on Sunday.

Recall that on May 9, 2020, Russia celebrated the 75th anniversary of the Victory in the Great Patriotic War.

"Immediately before the festive date, the website of the broadcast of the victorious procession, the site of the movement Immortal Regiment https://www.polkrf.ru/, the site of the movement Victory Volunteers, whose participants helped organize the procession, as well as the hotline’s telephone number, were repeatedly attacked hackers," said the press service.

The first attack took place from 6 to 9 am Moscow time, hackers made more than 9 million requests to the site. The attack power was 18.5 thousand requests per second. Because of this, the processor capacity of the server was used up, and the site was threatened with a shutdown. Many users complained about problems downloading the broadcast.

Specialists were able to stop this attack, eliminate the vulnerability and quickly restore the site.
"646 unique IP addresses were used for the attack. 64% of the servers involved in the DDOS attack are located on the territory of European countries, 27% on the territory of North America, 3% in Asia," found the developers.

The second attack of similar power occurred at 11 am. Specialists were able immediately to prevent the attack, eliminate vulnerabilities, and restore the normal operation of the site. that the majority of IP addresses used for the attack were located in Europe (64%). Another 27% of addresses were attacked from North America.

The all-Russian action Immortal regiment for the first time in history is completely held in an online format in connection with the coronavirus pandemic.

Russia recognized as the leader in posting fraudulent resources on the Web


According to the results of last year, Russia seized the first place from the United States in terms of
the placement of fraudulent Internet resources, found out in the international company Group-IB, which specializes in repelling and preventing cyberattacks.

If in the previous three years, most of the blocked phishing resources were located in the United States, in 2019, Russia took first place in this indicator. Hosting services in Russia received 34% of blocked phishing resources, in the US 27%. Panama is in third place, it accounted for 8% of blocking.
The company also indicated that in 2019, the total number of blocked phishing resources increased three times, from 4.4 thousand to 14,093.

According to the Group-IB, earlier scammers stopped their campaigns after they were blocked and switched to other brands. Now they continue to work, replacing the blocked pages with new ones. They also complicated and expanded the mechanisms for implementing phishing attacks.

At the same time, the scammers revised their goals: the number of phishing resources for attacks on cloud storage doubled over the year and the number of fraudulent pages targeting users of Internet service providers tripled. This is due to the desire to get personal and payment data of users.

It is worth noting that Group-IB may require blocking resources as a competent organization that cooperates with the Coordination Center of RU domains.

Kaspersky lab reported in November 2019 that cyber fraudsters have developed a new method of corporate phishing to steal personal data from banks. For example, Bank employees receive an invitation to pass certification with the requirement to enter a username and password from their work email. As a result, fraudsters get access to their correspondence, which may contain files with personal data of credit institution clients.

Moscow has denied accusations of stealing coronavirus-related developments


Accusations of the British authorities against Russia of allegedly stealing coronavirus developments by Russian hackers are "typical corona - madness" and a new round of information warfare, said Oleg Morozov, member of the Federation Council Committee on Foreign Affairs.

According to the Senator, the West this time did not miss the information occasion to call Moscow an enemy, despite the fact that the charges do not have any basis.

“The pandemic is another reason to embed this informational novelty in the "holy" fight against "terrible” Russia. This is like a virus that is invisible, but about which everyone is aware - so are Russian hackers. This topic is the modern information virus,” said Mr. Morozov.
The discourse began when cybersecurity experts warned that hostile states were trying to hack the databases of British universities and research institutions to steal research related to COVID-19, including the development of vaccines.

According to them, Iran and Russia are behind the hacking attempts, experts say that China is also a likely criminal. However, all attacks were unsuccessful, writes The Guardian.

Now dozens of British universities and institutions with biomedical potential are working on COVID-19 research, from new diagnostic tests to experimental treatments.

Oxford University, which is working on vaccine development and has recently started human trials, has already asked the NCSC to protect its research.

Recall that digital passes began to operate in Moscow and Moscow region on April 15. More than 900 thousand permanent digital passes were issued, and about 400 thousand one-time passes are issued daily. Specialists believe that the system of electronic tracking of people is being introduced into mass use in Moscow right now. And the epidemic is a good reason for such actions.
In addition, resources with a video message were revealed in North Ossetia, the author of which, speaking about the situation with COVID-19, said that states want to introduce artificial intelligence into people 's bodies through chips, through anonymization of a person, through biometrics, through distance learning.

Email of the Pskov Churchman Tikhon was hacked


The Churchman Tikhon (Mr. Shevkunov), who is called "Vladimir Putin's Confessor" in the media, told about the hacking of his mail. Now blackmailers are threatening to publish information of many years

"A few months ago it turned out that my email was hacked for many years. My private and business correspondence began to be published on the Black Mirror website. In parallel, these materials were published on other telegram channels. I was asked to pay ten million rubles to suspend publication. I, of course, refused," said Tikhon.

The attackers, according to the clergyman, demanded to pay 10 million rubles ($132,000) to suspend the publication. The Churchman answered hackers that he can put all the information of his mail in open access if they will donate the same amount to the Pskov diocese.

Tikhon said that he did not want to "accept the terms of blackmailers and encourage dirty business." Shevkunov added that he did not pay attention to the hack at all and commented on it only because of many questions from the media. "I know that the competent authorities are looking for hackers, but whether they find them or not, we will see," said the Metropolitan.

"There is the COVID-19 virus, there are computer viruses, and there are such viruses in our society. They affect both those who steal other people's letters, wanting to make money on it and those who eagerly read other people's letters," stated the Churchman
Tikhon.

It is worth noting that letters from his hacked mail continue to be published so far. In particular, recently an audio file of his conversation with the filmmaker Nikita Mikhalkov was published

In April, experts identified 18 million cyberattacks on Russian companies working remotely


According to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February.

Hackers select the username and password from an employee's account to log into the corporate infrastructure, explains Kaspersky Lab’s antivirus expert Dmitry Galov.

According to him, such attacks are the simplest. Hackers use, for example, dictionaries of popular passwords or passwords from leaked databases.

Brute force passwords are used on average in 70% of attacks on remote desktops using the RDP protocol.

Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.

"After gaining access, a hacker can, for example, launch an encryption virus into the corporate network to offer the management to buy the decryption code", said Dmitry Galov.
Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch, agreed that less experienced hackers sell data for access to more advanced colleagues. He noted that in recent months, offers of access to corporate infrastructure has grown on the black market from the price of $5-10 to tens of thousands of dollars.

According to the results of the first quarter of 2020, the number of offers for selling access around the world is 69% higher than in the previous quarter. The growth of such attacks in Kaspersky Lab is associated with a hasty transition to remote work: IT-services of companies were more concerned with organizing a remote workstation than with its security.

To protect against attacks, Kaspersky Lab recommends that companies use a corporate VPN and two-factor authentication and that employees set complex passwords.

Positive technologies: fraudsters can steal money from every second mobile bank


According to the research of Positive technologies, every second mobile banking application has a vulnerability through which fraudsters can steal the money of its users.

The company selected 14 mobile apps for the Android and IOS operating systems, which were downloaded more than 500 thousand times from the Google Play and App Store.

It is noted that in 13 out of 14 applications, access to personal user data is possible. Hackers can exploit 76% of vulnerabilities in mobile banks without physical access to the device.

"None of the studied mobile banking applications has an acceptable level of security. In every second mobile Bank, fraudulent transactions and theft of funds are possible. In five out of seven applications, logins and passwords from user accounts are threatened, and bank card data may be stolen in every third application,” experts conclude.

The company's experts advise users to set a PIN code to unlock the device to limit the ability of attackers to gain physical access and never click on links from strangers in SMS and messengers.

Group-IB regularly finds vulnerabilities in banking applications, but in practice, these weaknesses are rarely used because it is easier and cheaper for hackers to use social engineering, says Andrey Bryzgin, head of the Audit and Consulting Department of the Group-IB.

Previously, Positive Technologies identified 23% more cyberattacks in the first quarter of 2020 compared to the fourth quarter of last year. The increase in cybercrime is associated with the coronavirus COVID-19.

Moreover, the number of virtual crimes began to grow. Fraudsters send emails about COVID-19 with links that lead to fake sites where users are asked to enter data from Bank cards.

Dozens of cyberattacks on the website of the Mayor of Moscow have been recorded since the beginning of February


Group-IB specialists recorded several DDoS attacks on Moscow electronic services, including the mos.ru portal. This was announced by the CEO of the company Ilya Sachkov.

As the head of the Moscow Government’s IT department, Eduard Lysenko, reported, the site experienced as many attacks in three hours as it has not experienced in the last two quarters.
At the moment, the cyber defense company Group-IB is figuring out who needed to carry out massive attacks on government resources and is looking for perpetrators.

"The investigation has begun, our task is to understand the reasons for cyberattacks and find the perpetrators. At the moment, we can not provide details, this will interfere with the tasks of investigators", said the head of Group-IB, Ilya Sachkov.

According to him, the huge load on the website mos.ru it also caused many requests for passes from citizens. In addition, the interruptions were affected by the interest of Moscow residents, as there were numerous attempts by users to go to the portal just to explore and understand how it works.

At the same time, Sachkov added, it is possible to ensure stable operation of mos.ru, even despite increased loads. “The portal experiences problems that are standard when launching large-scale services of this kind. Such services are tested for fault tolerance, security, and implementation quality in order to ensure stability and continuity of service.”

Recall that from March 30, Moscow introduced a regime of complete self-isolation. Residents of Moscow are allowed to leave the apartment only as a last resort. Starting April 15, they will need to have a special pass to travel around the city by public or private transport. Such measures are designed to stop the spread of coronavirus infection.

Earlier, E Hacking News reported that hackers hacked the digital Pass System of Moscow residents.

Security Experts say number of network nodes in the Russian Federation accessible via RDP


Positive Technologies experts said that the number of network nodes in the Russian Federation accessible via the Remote Desktop Protocol (RDP) for three weeks (since the end of February 2020) increased by 9% and reached over 112,000.

It is enough for hackers to send a special RDP request to vulnerable Remote Desktop Services (RDS) to attack. Authentication is not required. If successful, an attacker can install and delete programs on a compromised system, create accounts with the highest level of access, and read and edit confidential information. The vulnerabilities affect Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems.

According to Alexey Novikov, director of Positive Technologies security expert center, attacks on the network perimeter of domestic companies have begun to grow. Hackers are trying to get access over servers and get into the local network. This boom is caused by the transfer of employees to remote work.

For a secure remote connection, employees need to use a special gateway. For RDP connections needs a RDG, for VPN requires a VPN Gateway. Experts do not recommend connecting directly to the workplace.

Experts warn that opening access to individual subnets to all VPN users at once significantly reduces the security of the organization and not only gives broad opportunities to an external attacker but also increases the risk of an insider attack. Therefore, IT professionals need to maintain network segmentation and allocate the required number of VPN pools.

Positive Technologies experts emphasize the threat of remote access channels to business-critical networks and systems, for example, production and energy technology networks, ATM management networks or card processing in banks.

In addition, Positive Technologies recommends paying attention to a critical vulnerability (CVE-2019-19781) in Citrix software that is used in corporate networks. The vulnerability in PHP 7 (CVE-2019-11043), which, according to Positive Technologies, was included in the list of the most dangerous by the end of 2019, should be eliminated.

Russian Defence Minister says Pro-Western Activists Trying to Infiltrate Military Facilities using Media Laws as a cover


Defense Minister Sergei Shoigu, speaking in the Federation Council, announced opposition attempts to penetrate Russian military facilities.

The head of the military Department recalled that Western countries regularly make high-profile accusations against Moscow, such as interference in American elections, hacking attacks, and concealment of military losses.

"In our country, they are supported by a Pro-Western opposition division regularly trained abroad. Using media laws as a cover, its activists are trying to infiltrate military facilities and are monitoring relatives and witnesses. They go to hospitals where our wounded are lying, to cemeteries, to commemorations, to the families of our dead children. They take photos of the entrances and exits from our secret objects and put them on the Internet. You can imagine what responsibility they would be brought to in Western countries," said the head of the military Department.

In this regard, Shoigu called on senators to regulate Russian legislation in this area.
The head of the defense department also told the Federation Council about the increase in the number of cyberattacks against the Russian army.

"The information space today has become another theater of war. Over the past three years, the information infrastructure of the Armed Forces has been attacked by more than 25 thousand high-tech computer attacks from abroad. At the same time, their number increases annually by an average of 12%. We are ready for this fight. Of course, I wanted the hackers to have a little less domestic helpers,” said Shoigu.

According to him, the Ministry of Defense has a reliable system for protecting information resources, and all attacks are neutralized.

A number of countries have previously accused Russia of hacking attacks. Thus, Georgia accused the Russian military of planning and conducting a cyberattack, as a result of which sites and servers of several government bodies, courts, the media, and private companies were damaged. Also, the head of the Ministry of Defense of Ukraine Andrei Zagorodniuk said that the country is daily faced with cyberattacks that come from Russia.

At the same time, since 2016, the United States has been discussing the topic of possible Russian interference in the presidential election, as a result of which Donald Trump became the head of state.

Group-IB informed about the distribution of fake news about 20 thousand coronaviruses infected in Moscow


A fake audio recording appeared on the Internet, where the girl reports about 20 thousand cases of coronavirus COVID-19 in Moscow and asks to spread this information as much as possible. This was announced on March 2 by the Chairman of the Commission of the Public Chamber of the Russian Federation for the development of the information community, Alexander Malkevich.

Group-IB's cyberattack prevention team urge not to trust information from unconfirmed sources.
This information is distributed in the social networks Vkontakte and Facebook from different users but in identical formulations. The audience that took this news seriously became mainly female groups in messengers at kindergartens and schools. Group-IB specialists recorded more than 9500 publications with this news and started searching for performers and customers of this information attack.

This is not the first time such fake news about the coronavirus has appeared since the beginning of 2020. In some regions of Russia, rumors spread that "because of the high level of danger, the whole family had to leave the city", "official sources report hundreds of deaths". Moreover, fakes about coronavirus are spread not only in Russia but also around the world. In particular, more than 40 media reported false information that the Pope became infected with the coronavirus.

According to experts, information about 20 thousand cases in Moscow may be the result of the work of the information forces of Ukraine.

In addition, information security experts of Group-IB have already identified the fact of artificial distribution of voice messages.

Official authorities have repeatedly noted that only a few cases of coronavirus infection have been confirmed throughout Russia: two in Chinese citizens, as well as three Russians evacuated to Kazan from the Diamond Princess liner.

Group-IB spottted new fake messages about the coronavirus during the day


Group-IB, a company that specializes in preventing cyberattacks has revealed new fake messages about the spread of coronavirus over the past day.

Company Group-IB reported that information about accounts spreading fakes about the coronavirus was transmitted to law enforcement agencies.

"The data obtained by Group-IB specialists about the accounts involved in the distribution of fake audio messages about the coronavirus was transmitted to law enforcement agencies. The bots were focused on the active distribution of a specific fake, although some bots were registered a couple of years ago with the same creation date," reported press service of the company.

In addition, Group-IB experts have identified new fake messages about the coronavirus over the past day and warned that there is still a possibility of new fakes. "It is important to use information from trusted sources and be critical of rumors and possible misinformation," added the press service said.
Group-IB works closely with the administration of social networks, including Facebook and VKontakte, and with forum moderators to remove misinformation about the spread of a new type of coronavirus.

Group-IB launched an investigation into the spread of information about a large-scale infection of Moscow residents with coronavirus in early March. By March 2, the company's experts had recorded 9500 posts, reposts, and publications that broadcast fake news about allegedly 20,000 sick Russians.
On March 4, Roskomnadzor began blocking access to resources that spread fake information about the coronavirus in Russia. The Agency has already entered several messages in social networks in the register of information prohibited in Russia at the request of the Prosecutor General's office.

It is worth noting that Russian President Vladimir Putin at a meeting with the government said that false reports of coronavirus in Russia are spread from abroad. According to Putin, in fact, nothing critical in terms of the coronavirus is happening.

According to Putin, "the purpose of such fakes is clear - to spread panic among the public", and this can only be countered by timely and reliable information of the country's citizens.

The hacker explained why in Russia cards will become more often blocked


Hacker Alexander Warski told what to expect from Governing Bodies. According to him, bank cards will more often be blocked in Russia.

The information security specialist expressed the opinion of the new law on mandatory notification of blocking of finances on the accounts of Russians. Starting from March 28, according to the new law, credit institutions are obliged to notify customers about the blocking of funds on the same day, necessarily indicating the reason for their actions. According to the hacker, the new law will only contribute to a significant increase in blockages.

"The governing bodies will be more likely to use this tool," - said Warski.
At the moment, the percentage of all illegal withdrawals is 1% of all financial transactions. Scammers use fake phone numbers that are displayed as Bank numbers and disturb people on behalf of the Bank. In this regard, the hacker believes that mobile operators are to blame for allowing the sale of virtual SIM cards.

State Duma Deputy Natalia Poklonskaya believes that the introduction of the new law will make the bank-client relationship system more transparent.

"Now this side of banking will become more open, and blocking the client's account will no longer be unexpected, which means that it will not be able to be a manipulative tool," said Natalia.

Earlier, EhackingNews reported that experts from the information security company Positive Technologies came to the conclusion that hackers will need only five days on average to hack a large Russian Bank.

In addition, it became known that 89% of data leakage incidents in Russian banks were caused by ordinary employees.

Banks also noted the appearance of special Telegram bots, through which people can earn anonymously on the leak of information and personal data. Each case of information disclosure costs 50-100 thousand rubles ($750 - $1,500).

The Russian quality system (Roskachestvo) gave recommendations on protecting data in social networks

Scammers in social networks use social engineering techniques to hack a user account. In this regard, Roskachestvo experts recommend setting the most stringent privacy settings for the personal page. According to experts, cybercriminals tend to get into the friend list in social networks in order to use this opportunity for fraud in the future, so users of social networks should monitor their privacy and be vigilant.

"Set the most strict privacy settings. For example, hide your contact information, published posts, and information about relatives and friends from everyone except your friends. This will make it more difficult for attackers to get your data and use it in fraud using social engineering," said experts.

Cybercriminals use fake phone numbers, fake names, and other people's photos to get into the friend's list. In addition, there is a high risk that when you click on a postcard, petition, or unknown link, the user is redirected to a site that requests access data to social networks and passes them to the fraudster.

"Everyone knows for sure that a request for financial assistance from a hacked page is a fraudulent technique," reminded Roskachestvo.

Experts advise adding only really familiar people to friends, and also beware of those who ask or offer money, and if a friend makes such a request, ask him personally by phone.

"Do not send payment or other confidential information in social networks and messengers. If you have already sent your card data, find and delete these messages," said experts.

Roskachestvo advises not to follow suspicious links sent in messages, not to use public Wi-Fi networks, set up two-factor authentication in social networks, and use complex passwords for each service, using special software generators to compile them.

"At the same time, it is extremely important to use different passwords for accounts on different resources," said Anton Kukanov, head of the Center for Digital Expertise of Roskachestvo.

Russian banks and energy companies have undergone a new wave of cyberattacks


A new wave of cyberattacks targeting banks and energy companies has been recorded in Russia. Employees of these organizations receive numerous phishing emails with infected links, clicking on which is fraught with data theft from the computer.

It is reported that the malicious message contains an office document. The victim clicks on it and gets to the text hosting Pastebin, which downloads images from the Imgur service, which in turn contains malicious code. Thanks to it, attackers can steal secret files, withdraw funds, or install spyware on a user's computer.

"Since the chain consists of four stages, the protection tools that companies use cannot detect it, they are designed for shorter activity of malware," explained Igor Zalevsky, head of the center for the investigation of cyber incidents of JSOC CERT Rostelecom-Solar.

The company said that about 60% of phishing emails were received by employees of the energy sector, but 80% of all attacks turned out to be aimed at banks.
Zalevsky added that the attack is similar to the activity of the hacker group Silence, which just specializes in credit organizations. It is possible that the group decided to expand the scope of its activities or it's completely different hackers copying the behavior of Silence.

Group-IB confirmed that the attack recorded by Rostelecom-Solar was previously carried out in the banking sector.

Information security experts said that in 2020, energy companies will become the “main targets” for cybercriminals.

Andrey Arsentyev, head of Analytics and special projects at InfoWatch group, agrees with this assessment, he called the energy sector one of the "most attacked" in recent years. According to Denis Kuvshinov, a leading specialist of the PT Expert Security Center Positive Technologies cyber threat research group, the main goal of cybercriminals targeting the energy sector is industrial espionage, as well as the impact on critical infrastructure.

Security Experts Say Hackers Can Hack Russian Banks In 5 Days


Experts from the information security company Positive Technologies came to the conclusion that hackers will need only five days on average to hack a large Russian Bank. Experts came to this conclusion on the basis of a number of tests. The attack was successful due to vulnerabilities in applications, software and password selection. In some cases, access to ATMs was obtained.

Tests in 10 banks from the top 50 banks showed that hackers need an average of 5 days to hack the Russian bank’s network. In cases where the hacker acts from the inside, he is able to get full control over the entire infrastructure of the Bank in two days.

During the audit of banks, whose names were not disclosed, experts simulated 18 cyberattacks. In eight cases, the attacks were carried out from the outside using only publicly available data, such as the Bank's website or an incorrectly configured database. In ten cases, the hacker attacked from inside the bank, that is, the hacker was in the Bank building and got access to the power outlet, Wi-Fi network, and so on, or thanks to an external attack, he gained access to user data of a bank employee. Social engineering methods were not used in the tests.

Passwords turned out to be the weakest point because most of them were selected using a combination of similar words or nearby keys. Under one very common password “qwerty123” in one of the credit organizations were more than 500 accounts.

New testing showed that hackers can penetrate from the Internet into the local network of seven out of eight banks.

However, Kaspersky Lab’s Leading Antivirus Expert Sergey Golovanov said, Due to the improvement of bank security systems, Russian-speaking hacker groups are increasingly attacking foreign credit organizations, they are switching to banks in Asia, Africa and Latin America.