Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

The Russian government plans to create a unified video surveillance system

The Russian government wants to create a single video surveillance system that will unite smart cameras in Russian cities. The devices will be able to recognize faces and license plates. The project will help to quickly respond to crimes, and in some cases, prevent them. The personal data of ordinary people is promised to be reliably protected.

The development of the project and the installation of cameras is estimated at 250 billion rubles ($3,500,000), and the implementation may take five years. Previously, the project was estimated at 97 billion rubles ($1,350,000).

Now the cameras in Moscow send video to the Data Processing Center, and in the new system, they will recognize suspicious situations themselves and only then send the video to the Data Processing Center.

It is expected that different cameras will be installed in the cities, depending on the tasks. A face recognition system will be needed somewhere and there will be cameras with powerful computing modules. In other places, there will be enough cameras with motion sensors.

According to the expert, the system will make it possible to better detect violations, respond promptly to them, and in some cases even predict them.

The emergence of a unified video surveillance system may raise fears that personal data will be sent to smart cameras. The CEO of Lab.Ag and the developer of many government sites, Artem Geller, explained that such an outcome is inevitable because the cameras are aimed at fixing the physical data of people.

"Of course, they will process the physiological aspects such as face, gait, clothing, license plate. But don't forget that cameras are already doing this,” Geller added.

Cybersecurity specialist Sergey Vakulin recalled the experience of video surveillance systems in China, where there is also a face recognition function, but each person is assigned his own identification number. And only then this data is encrypted, but even with such a process, there are vulnerabilities.

"The biggest problem is that a lot of data is stored and transmitted using a global network. And devices connected to the global network are more vulnerable," Vakulin added.

According to Vakulin, it is too early to worry about possible hacking and data leaks. He explained that each system has cybersecurity specialists, testers who detect bugs.

Putin called the accusations of launching a cyber war against the United States unsubstantiated

 Russian President Vladimir Putin said that the US accusations against Russia, including cyber attacks and election interference, are groundless, the US side has never provided any evidence.

"We are accused of a variety of things: interference in elections, cyber attacks, and so on. And they [the accusers] did not bother to provide any evidence. Just baseless accusations," he said, calling statements about Russia's involvement in cyber attacks in the United States a farce.

"The issue of cybersecurity is one of the most important today because all sorts of shutdowns of entire systems lead to very serious consequences, and this is possible," the Russian leader said in an interview with the program "Moscow. The Kremlin. Putin" of the Russia-1 TV channel.

According to Putin, the Russian Federation will be ready to extradite cybercriminals to the United States if the American side also extradites criminals to Russia.

He stressed that such agreements are expressed in the relevant interstate agreements, where the parties undertake certain obligations.

"And they are in the vast majority of cases equivalent. Both sides assume the same obligations," Putin explained.

On June 4, Putin called the accusations of cyber attacks on American companies made against Moscow ridiculous and suggested that the situation could have been provoked to increase disagreements in connection with the upcoming meeting with US President Joe Biden. The press secretary of the Russian leader Dmitry Peskov assured that Moscow will promptly consider the appeals of the American side in connection with the hacker attack on the JBS enterprises if such requests are received. He also stressed that Russia does not have data on the organizers of cyber attacks on JBS.

Putin did not rule out that Western intelligence services, including American ones, may conduct activities against Russia in the cyber sphere.

"I am not afraid of this, but I do not rule out that it may be so," the Russian leader said.

“What the US is afraid of may pose a threat to us. NATO has declared cyberspace a war zone. They are planning something, and this cannot but worry us," the Russian president added.

Experts mentioned main loophole of Russian companies in cyber attacks

 According to experts of the cybersecurity company BI.ZONE (a subsidiary of Sberbank), the main reason for successful cyberattacks on Russian companies is an access control vulnerability that allows attackers to connect to an organization's systems and, as a result, then leads to data leakage.

"The vulnerability of access control was recognized as the main reason for unauthorized access to data of Russian companies. The company for strategic digital risk management BI.ZONE recorded this problem in 61% of organizations where they managed to gain access to confidential data," the company said.

According to BI.ZONE, this number was 67% last year. "A slight improvement may be due to an increase in the quality of creating in-house applications," experts say.

Yevgeny Voloshin, director of the BI.ZONE expert services unit, explained that attackers, having hacked the administrator's account, gain access to the company's systems and use this gap to steal data. At the same time, most often it is possible to crack the account by brute-force passwords.

"This problem lies in the incorrect division of access in internal corporate applications. For example, a regular user can also work with functions that should only be available to the administrator. Attackers, having hacked his account, connect to the internal infrastructure, and then use this gap for data theft and other fraudulent actions," notes Yevgeny Voloshin.

BI.ZONE experts recommend using complex passphrases with punctuation marks and other characters, rather than just a single word. Also, the vulnerability problem may be related to access to certain types of data without additional user authentication.

Earlier, E Hacking news reported that most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

The white hat hacker has estimated the probability of a hacker attack on the websites of Internet giants

There is no need to worry about the security of Russian systems after a global failure in the work of world sites, since the servers of all state institutions are located on the territory of Russia

Information security expert Denis Batrankov explained that the problem of modern systems is that many companies do not have the opportunity to create their own office to host their servers there. As a result, they order servers from other hosting providers where they host their product. All responsibility in this case falls on the hosting provider, but the risk of failures increases significantly.

Vakulin illustrated his opinion with an example of Amazon Web Services hosting.

"Many sites are hosted by Amazon Web Services, including small and medium — sized businesses. Since there was a large and large-scale failure, then all the sites that were generally hosted on this platform go down after it", the hacker said.

The expert believes that, despite the recent attacks on the American pipeline company Colonial Pipeline and World’s Biggest Meat Supplier JBS, Russia should not worry too much about industrial safety.

"As for government agencies, their servers are located in Russia. The data is stored in our country. From a security point of view, everything has been done to prevent third parties from accessing this data", the expert said.

The programmer also drew attention to the fact that the State Duma was going to oblige foreign IT companies with an audience of more than 500 thousand people a day to open branches in Russia.

"This law can still be finalized to the point that all data will be stored on Russian servers," Vakulin said.

In conclusion, the programmer shared his vision of the future in the IT field. He believes that neural networks will control the servers.

"I carefully monitor how our technologies and knowledge of artificial intelligence and neural networks are improving," Vakulin said. " Most likely, neural networks will simply monitor everything in the future: they will be engaged in tracking the site. In 20 years, programmers and cryptographers will simply observe the work of artificial intelligence, somehow refine it, and it will already do the work for them."

Earlier, Internet users reported a global failure in the work of the sites of a number of media outlets, companies and social networks around the world. Problems were observed, for example, at CNN, Twitter, Guardian, Amazon, Reddit, New York Times. The problems occurred due to a failure in the work of the American cloud service provider Fastly. Within an hour, the problems were fixed.

The opposition has filed a lawsuit against Roskomnadzor on the illegality of slowing down Twitter in Russia

 The head of the Moscow municipal district Krasnoselsky Ilya Yashin, opposition leader Yevgeny Domozhirov, photographer Yevgeny Feldman and the capital's municipal deputy Vadim Korovin filed a class-action lawsuit against Roskomnadzor in connection with the Twitter slowdown. The plaintiffs claim that they themselves did not violate the laws, and believe that the measures of Roskomnadzor violate their rights

The plaintiffs ask the court to oblige Roskomnazdor to "stop using centralized response measures in the form of slowing down the speed and other restrictions on Twitter", and also to oblige the department "to exclude the service from the list of threats to the stability, security and integrity of the functioning of the Internet and the public communication network on the territory of the Russian Federation." According to the lawyer representing the plaintiffs, Stanislav Seleznev, the lawsuit was filed in the Tagansky Court of Moscow.

The plaintiffs claim that they "never published illegal content, did not call for violence, did not justify violence or discrimination." The lawsuit notes that the applicants were not in any way connected to the account owners responsible for posting allegedly prohibited information on Twitter. According to the lawyer, "the rights of each of the plaintiffs are largely affected by the applicable restrictions since the publication of media files is a significant part of their communication with the audience."

According to the statement of claim, interference in the normal functioning of the Twitter service by Roskomnadzor in the form of slowing down access to the entire service for all users throughout the Russian Federation constitutes an interference with the right of administrative plaintiffs to freely express their opinion.

On March 10, Roskomnadzor began to slow down access to Twitter on 100% of mobile devices and 50% of desktop devices. Roskomnadzor threatened Twitter that the social network will be blocked for a month if it does not delete posts with prohibited information. At the end of May, Roskomnadzor announced its decision not to block Twitter, as the moderators of the social network deleted more than 91% of the prohibited information. The department promised to partially remove the speed limit of Twitter.

It should be noted that earlier, Twitter has been fined almost 28 million rubles ($386.500) in Russia for not deleting illegal content according to court decisions.

The Russian expert assessed the demand of the State Department to stop cyberattacks on the United States

 "Moscow should not react to such statements until the United States is ready to seriously discuss the rules of conduct in cyberspace," said Dmitry Drobnitsky, an American political scientist, commenting on the statement of the head of the State Department Anthony Blinken that Russia allegedly has a duty to ensure an end to cyber attacks across the United States

"Mr. Blinken's words are a private statement. It is difficult to somehow assess it since the sphere of cybersecurity is not regulated in any way at the moment. At the same time, Moscow in general and the Russian president, in particular, have repeatedly offered the United States to consider this issue in a comprehensive manner, putting forward a number of initiatives, including at the UN level”, said political scientist-Americanist Dmitry Drobnitsky.

According to him, the world community needs an international agreement that establishes new rules of conduct in cyberspace, because it permeates absolutely all areas of life, and the consequences of hacker attacks on civilian and military infrastructure can be very serious. "But the Americans left our proposals unanswered", the expert added.

"Moscow should not react to such statements until the United States is ready to seriously discuss the rules of conduct in cyberspace and consider this issue as an international problem. Because in the absence of regulation, each country is forced to deal with cyber threats alone," Drobnitsky concluded.

Earlier, United States Secretary of State Anthony Blinken demanded that Russia stop cyberattacks on the territory of the United States. "I think it's the obligation of any country to do whatever it can to find these enterprises and to bring them to justice, including in the case of the attack on the Colonial Pipeline. The enterprise that was responsible [for] that attack, its leaders were in Russia, are in Russia, so I think there's an obligation on Russia's part to make sure that that doesn't continue," Blinken said.

Meanwhile, government sources on NBC have reported that United States President Joe Biden may instruct the US military to prepare "offensive cyber operations" against Russian-based hackers.

The Russian expert assessed the threat of the United States to launch "offensive cyber operations" against "Russian hackers"

"If the United States does carry out an "offensive operation", Russia will be able to both prevent it and respond symmetrically," said military expert Viktor Murakhovsky, commenting on reports about the US president's plans to instruct the US military to prepare "offensive cyber operations" against hackers based in Russia

"The US doctrinal documents say that in response to hacker attacks, they can use not only cyber weapons but also military means. However, I have little faith that the Americans, in response to an attack, would risk striking Russian territory with conventional weapons. Instead, they can carry out attacks on public networks and on local networks of Russian organizations," said Viktor Murakhovsky, a member of the expert council of the board of the Military-Industrial Commission of the Russian Federation.

In addition, according to him, the US authorities may declare some persons on the international wanted list and detain them on the territory of other states. "It is known that several Russian citizens have been charged by the US Department of Justice with participating in cyber attacks," the expert added.

"At the same time, it is extremely difficult to determine exactly where the attack was carried out. Therefore, such accusations are based on certain assumptions. However, if we talk about attacks on the cyber structure of foreign states, then DDOS attacks are used. Many Russian state information resources have already been subjected to such attacks," Murakhovsky said.

According to the expert, the problem lies in the fact that Russia proposes not to consider cyberspace, including social networks, as a battlefield. And the Americans do not agree with this view.

The expert suggests that if the United States does carry out an "offensive operation", then Russia will be able to both prevent it and respond symmetrically. "We have all the necessary technical means for this," he explained.

In addition, as Murakhovsky noted, Russia has specially trained cyber-military specialists under the control of the General Staff of the Russian Armed Forces.

On Friday, government sources told NBC that the President of the United States, Joe Biden, may instruct the US military to prepare "offensive cyber operations" against hackers based in Russia.

As the TV company points out, the head of the White House will resort to such measures if he fails to reach an understanding on the issue of hacking activity at the upcoming meeting with Russian President Vladimir Putin in Geneva on June 16.

The first users got SIM cards with Russian encryption

Voentelecom has started implementing SIM cards that should create a "trusted environment" on smartphones. The transition to such SIM cards may become mandatory for everyone with the development of 5G

One of the project participants, IDX (developer of identification services), told that Voentelecom is testing SIM cards equipped with Russian cryptography. So far, there are several hundred SIM cards and networks for the military in the experiment.

It should be noted that Voentelecom is a strategic telecommunications company of Russia, which fulfills the state defense order in the construction of military communications.

According to IDX CEO Svetlana Belova, Voentelecom is the first operator to start testing. It was the first to use a hardware security module on its network (HSM; it allows to implement domestic cryptography in telecommunications equipment used by mobile operators). Thus, Voentelecom has made its virtual mobile operator (MVNO) of the necessary security class.

"For various Russian payment applications such as SberPay, TinkoffPay, etc., foreign mobile operating systems, both iOS and Android, are untrusted environments, neither the FSB nor the bank can take responsibility for operations in them. Using a trusted SIM card, on which payment data will be stored, allows us to solve this problem,” said Svetlana Belova.

According to her, many users express dissatisfaction because of the need to provide their data in the public domain. A trusted SIM card allows to provide reliable information for business without disclosing data. For example, when buying alcohol or cigarettes, SIM card users can confirm that they are over 18 years old without disclosing the date of birth.

According to the representative of Voentelecom, the main target segments of their virtual operator are b2b and b2g.

It is worth noting that SIM cards with Russian encryption will work on imported chips. The developer is already testing chips from Samsung, although at first it was planned to use a domestic analog.

Work on the creation of trusted SIM cards began in 2013, its goal was to improve the security of domestic networks.

Every tenth significant IT system in Russia is infected with malware

 According to Rostelecom-Solar research, every 10th critical information infrastructure (CII) in the Russian Federation is compromised by malware. Even hackers with low qualifications are able to attack most of these IT networks: a significant part of the detected vulnerabilities have existed for more than 10 years, but organizations have not prevented them.

Vladimir Drukov, director of the Cyber Attack Monitoring and Response Center at Rostelecom-Solar, associates the presence of vulnerabilities in CII with the fact that the process of regular software updates has not yet been established in more than 90% of companies.

Kaspersky Lab experts agreed with the findings of the study. According to Anton Shipulin, Lead Business Development Manager at Kaspersky Industrial CyberSecurity, cybersecurity is still at a low level in most CII facilities.

"In terms of data protection, a large number of CII objects are currently in a "depressing situation", and there are no serious hacker attacks on them "by happy accident", but it is only a matter of time," added Fedor Dbar, Commercial Director of Security Code.

In addition, the number of hosts with the vulnerable SMB protocol has almost doubled. It is a network protocol for sharing files, printers, and other network resources that is used in almost every organization. Such vulnerabilities are particularly dangerous, as they allow hackers to remotely run arbitrary code without passing authentication, infecting all computers connected to the local network with malware.

The main problem in internal networks is incorrect password management. Weak and dictionary passwords that allow an attacker to break into an organization's internal network are extremely common. Password selection is used by both amateur hackers and professional attackers.

Moreover, the pandemic has also significantly weakened IT perimeters. Over the past year, the number of automated process control systems (APCS) available from the Internet has grown by more than 60%. This increases the risks of industrial espionage and cyber-terrorism.

The Secretary of the Russian Security Council spoke about the new information security strategy

The Secretary of the Security Council also reported on cyber security threats in the draft of the new National Security Strategy

The national security strategy needs to be updated, as the nature of threats in this area has undergone serious changes in recent years, said Secretary of the Security Council of the Russian Federation Nikolai Patrushev.

"The desire of the United States and a number of Western countries to maintain their global hegemony provokes the growth of interstate contradictions, leads to a weakening of the system of ensuring international security," Patrushev stressed.

According to him, both political and economic pressure are used to suppress Russia, attempts are being made to destabilize the country from the outside, to radicalize the protest movement, and to weaken the morality of Russian society. He also noted that the West is conducting a targeted campaign to falsify history, deliberately cultivating Russophobia.

Mr. Patrushev stressed that the double standards of a number of states hinder multilateral cooperation in many areas. "Such counterproductive approaches are increasingly spreading to new threats related to the emergence of previously unknown infectious diseases, ensuring international information security, and solving environmental problems," he said.

Patrushev also spoke about the security threats in the cyber sphere, which are reflected in the draft of the new National Security Strategy of the Russian Federation. "First of all, this is the use of information and communication technologies to interfere in the internal affairs of Russia, a significant increase in the number of computer attacks on Russian information resources, the desire of multinational corporations to consolidate control over the information resources of the Internet, as well as the large-scale dissemination of false information and the growth of crime using digital technologies," he said.

As the Secretary of the Security Council noted, "the more active manifestation of these threats has made it necessary to form a new strategic national priority." It became information security. "The implementation [of this priority] should ensure the country's sovereignty in the information space," concluded Patrushev.

Experts reported a twofold increase in the activity of ransomware hackers in Russia

The authors of the study called the growth "staggering." Since the beginning of April, experts have been monitoring ransomware attacks on more than 1 thousand organizations on a weekly basis. At the end of the first quarter of 2020, this figure was below 600.

"So far, there is no reason to reduce the number of attacks", said Sergey Zabula, head of the group of systems engineers working with partners of Check Point Software Technologies in Russia.
According to him, a 100 percent increase in the number of incidents can be observed at the end of 2021.

"Attackers will continue to invent new, more sophisticated attacks to grow their businesses and steal large amounts of money. And if companies do not pay special attention to training their employees and improving the level of cybersecurity of the organization as a whole, the size of the damage will grow," the expert said.

"ESET data also indicates a twofold increase in the number of incidents involving encryption viruses in 2021", said Vitaly Zemskikh, the company's technical director for Russia and the CIS. According to him, this is due to the neglect of information security in many organizations.

"Moreover, ransomware viruses are one of the most understandable ways to commercialize efforts for hackers", added Kaspersky Lab cybersecurity expert Dmitry Galov.

In addition, it became known that in April 2021, the number of powerful DDoS attacks on game servers in Russia increased by 30 times. According to StormWall experts, DDoS attacks were carried out using a new incarnation of the well-known Layer7 botnet, consisting of 25 thousand infected Internet of Things (IoT) devices.

Information security exercises will be held at five cyber polygons in Russia

Russian President Vladimir Putin has set the task of digital transformation of key sectors of the economy. Therefore, to protect them, the country has created cyber polygons.

According to Russian Deputy Prime Minister Dmitry Chernyshenko, cyber polygons will hone protection against threats to information security in key sectors of the economy.

Mr. Chernyshenko noted that the work of industries, enterprises and even entire cities is being recreated at cyber polygons. They are needed to practice the activities of various bodies to overcome cyber attacks. 

"We need to be in good shape, and to do that we need to practice all the time. And such national training grounds just allow to organize interdepartmental exercises, without endangering the existing work of current industries or executive authorities," said he.

Mr. Chernyshenko added that the practice is mainly carried out to protect the energy, credit and financial sectors and the infrastructure of state bodies. A separate segment that simulates business processes and cyberattack scenarios specific to any sector of the economy is created for each industry. However, in the future, the number of such sectors will be expanded. 

By the end of 2024 sectoral and functional development of cyber polygon infrastructure is planned. In particular, segments of the oil and gas, telecommunications, transport and metallurgy industries will be created.

"The goal of the cyber polygon is to become an effective tool that ensures the country's readiness to respond to cyber threats. Today this task has already acquired strategic importance", said Mikhail Oseevskiy, President of Rostelecom.

It is worth noting that the project to create a national cyber polygon was launched at the end of 2019 to increase the readiness of the state and Russian organizations in key sectors of the economy to repel computer attacks and strengthen state security in the digital space. 

Chinese hackers attacked a Russian developer of military submarines

Chinese hackers reportedly attacked the Rubin Central Design Bureau for Marine Engineering (СKB Rubin), which designs submarines for the Russian Navy, by sending images of a submarine with malicious code to its CEO. Experts believe the hackers are acting in the interests of the Chinese government.

According to cybersecurity company Cybereason, in April, Chinese hackers attacked the Russian CKB Rubin. The attack began with a fake letter that the hackers sent to the general director of CKB Rubin allegedly on behalf of the JCS “Concern “Sea Underwater Weapon – Gidropribor”, the State Research Centre of the Russian Federation.

The letter contained a malicious attachment in a file with images of an autonomous unmanned underwater vehicle. "It is very likely that hackers attacked Gidropribor or some other institution before that," the author of the Telegram channel Secator believes.

The RoyalRoad malware attachment used in the CKB Rubin attack is one of the tools that guarantees delivery of malicious code to the end system, which is most often used by groups of Asian origin, said Igor Zalewski, head of the Solar JSOC CERT Cyber Incident Investigation Department at Rostelecom-Solar.

Cybereason pointed out that the attack on CKB Rubin has similarities to the work of Tonto and TA428 groups. Both have been previously seen in attacks on Russian organizations associated with science and defense.

It is worth noting that the CKB Rubin traces its history back to 1901. More than 85% of the submarines which were part of the Soviet and Russian Navy at various times were built according to its designs.

According to Igor Zalevsky, the main Rubin's customer is the Ministry of Defense, CKB Rubin deals with critically important and unique information related to the military-industrial complex of the Russian Federation which explains the interest of cyber-criminals.

Experts believe that such attacks will gain momentum because specialized cyber centers are being created due to aggravation of information confrontation between states.

Information security expert Denis Batrankov noted that designers are attacked for the sake of industrial espionage mainly by special services of other states. "The problem is that we all use software, which has many hacking methods that are not yet known. Intelligence agencies are buying new vulnerabilities from the black market for millions of dollars,” added he.

Weak passwords is one of the main reasons for computer hacking in Russia

 According to Sberbank Bi.Zone branch cybersecurity specialists, most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

In addition, according to a study of the Russian payment system "Mir Plat.form", less than a third of Russians (28%) use different passwords on the Internet, and the data of other Russian citizens are under threat.

For example, most Russians are used to using the same or similar passwords for different sites. At the same time, 76% of them remember passwords, 40% use auto-save, 29% write them down on paper and 18% save them on their devices in text form.

Digital security experts believe you should use different passwords for different sites and services. Moreover, it's safer to remember them than to write them down or use auto-save. According to them, most break-ins occur because of the leakage of a single password and brute-force it to other services.

Yandex confirmed that the repeats are dangerous, if the attacker finds out the password, he will try to enter with it in social networks, in the mail services, and in online banks.

Yandex added that they monitor the appearance of various databases of stolen passwords on the Internet and, if they suspect that a person may use the same combination of characters, they send him in advance to a mandatory change of login data.

The press service of the Vkontakte said that their system will not allow the use of a combination of letters, numbers and signs, which has already been used before when changing credentials.

Specialists urge Internet users to be more responsible in choosing a password to avoid losing important information, money and not to become a victim of blackmail. The most secure password is a combination of upper and lower case letters and digits in random order, with punctuation symbols added.

The Russian Ministry of Internal Affairs began to identify serial cybercrimes with a special program

The press service of the Russian Ministry of Internal Affairs reported that employees of the department have been using a special program "Remote fraud" in their work for more than one year. Thanks to its program, it was possible to detect signs of about 324,000 crimes committed in cyberspace

"The "Remote Fraud" system, which has been used by employees of the Ministry of Internal Affairs for a year now, shows a high level of its effectiveness. With its help, we detect signs of serial cybercrimes more quickly and qualitatively," said the press service of the Russian Interior Ministry.

It is reported that special software developed for Russian law enforcers collects systematizes, processes, analyzes information that was collected during the investigation of criminal cases committed in cyberspace with the use of computer or telecommunication technologies.

The "Remote Fraud" system captures the required data from the moment a cybercrime report is registered.

On May 2, 2021, the Russian Ministry of Internal Affairs also announced that it was finalizing the development of the service, which will soon be implemented in the ministry's mobile application. The new service, called "Anti-fraudster", is created to increase the efficiency of counteraction to telephone fraud.

The main functionality of "Anti-fraud" is to warn the user that cybercriminals or scammers are calling or sending SMS from phone numbers previously seen in the commission of criminal, fraudulent actions.

"The total cost of developing, implementing and deploying the application is 44.9 million rubles ($606,000). All work will be completed, as we expect, by December 25 of this year. Despite the fact that the idea of developing such a service has long been in the Russian Interior Ministry, the contract with the selected contractor was concluded only at the end of March 2021", reported the press service of the Ministry of Internal Affairs.

Application of the Ministry of Internal Affairs of Russia, which will add the service "Anti-fraud", is already available for download on App Store and Google Play.

It is interesting to note that at the end of April 2021, Sberbank said that the application "Sberbank Online" with the next update will have a service, with the help of which the mobile app will automatically check the phone numbers of incoming calls and warn users in a situation where the caller is suspected of being a fraudster.

Group-IB revealed a distributed network of fraudulent sites imitating WHO

Group-IB, an international company specializing in preventing cyberattacks and investigating high-tech crimes, revealed a distributed network of 134 fraudulent sites imitating the World Health Organization (WHO). The attackers promised users a reward for taking a fake Health Awareness Day survey.

"However, instead of the promised €200, users were redirected to dating sites, paid subscriptions or fraudulent resources," the report said.

It is noted that in early April, the UN International Computing Center (UNICC) alerted Group-IB about a fake website using the WHO brand.

"After answering simple questions, the user was offered to share the link to the survey with his friends and colleagues in his WhatsApp contact base. Group-IB researchers found that when a victim clicked the "Share" button and unknowingly involved their friends in the scam, instead of the promised reward they were redirected to third-party scams offering to participate in another raffle, install a browser extension or sign up for paid services. In the worst case users could end up on a malicious or phishing site," explains the company.

During the investigation, the Group-IB Digital Risk Protection team uncovered a complex distributed fraud infrastructure that included a network of 134 virtually identical linked domains that hosted World Health Day-themed pages. Group-IB blocked all fraudulent domains within 48 hours of detection, after which the fraudsters completely stopped using the WHO brand on their network.

Further investigation revealed that all of these domains identified and blocked by Group-IB were part of a larger network controlled by a group of scammers codenamed DarkPath Scammers. Fake resources created under the WHO were linked to at least 500 other fraud and phishing resources mimicking more than 50 international brands from the food, sports gear, e-commerce, software, energy and auto industries.

More than one hundred Russian companies were subjected to a cyber attack

Kaspersky Lab, which specializes in developing systems to protect against cyber threats, reported a fraudulent mailing on behalf of The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), which has become widespread in Russia

In April, Kaspersky Lab uncovered a series of cyber attacks on system administrators of sites in Russia. By April 23, the company detected about 4 thousand emails containing fraudulent messages sent to more than 2 thousand e-mail addresses. The mailing peaked on April 16-17, but the messages are still coming in.

The purpose of the cyber attack is to infect web resources managed by sysadmins and gain access to the site management. If successful, hackers will be able to create pages, post any information and download files.

Under the guise of a regulatory authority, intruders are sending fraudulent notifications about the need to confirm the fact of domain name management.

The letter contains instructions according to which it is necessary to create a file with specified content in the root directory of the site. In reality, the sysadmin runs a Trojan program with his own hands to remotely control the victim's computer.

"To confirm that you have the actual ability to manage the domain name, create a file (with the .php extension) in the root directory of the site", says the text of the fraud letter.

"In order not to give the recipient time to suspect something wrong, he was required to execute the instruction in a short time - within three days", said Alexander Liskin, head of Kaspersky Lab's antivirus research laboratory.

"Site administrators are often subjected to attacks, for example, hackers extorted money from them by sending fake notifications about the approaching deadline for completing the site lease. But this time the goal of the attack is to gain access to site management. Attackers are doing everything to convince recipients that the letter is authentic: the sender is listed as a regulatory agency and an appropriate emblem is added to enhance the effect", said Liskin.

The expert recommended remaining vigilant when receiving messages from unknown senders in emails and messengers and to double-check the information supposedly from official bodies. It is still unknown who was behind the attack, the company's specialists are investigating the cyberattack.

Data from thousands of Russian companies have been made publicly available on the web

The data of several hundred Russian companies that used the free online project manager Trello has been made publicly available. Among the hundreds of thousands of leaked boards are those containing confidential information.

Data from boards of free online project manager Trello, which were maintained by Russian companies, was made publicly available. Leaked data of several hundred large companies and thousands of small and medium-sized businesses were found by analysts of Infosecurity a Softline company.

The company specified that in Russia, Trello boards are mainly used by small and medium-sized businesses, and there are representatives of large organizations, including banks.

Kirill Solodovnikov, CEO of Infosecurity, called the entry of corporate data in the network "an illustration of a leak, which occurred not due to hacker attacks, but as a result of inattention or negligence of company employees". 

According to Infosecurity, organizations post lists of employees and customers, contracts, passport scans, documentation related to participation in tenders and product development, as well as credentials of corporate accounts and passwords to various services. 

"Usually it is not difficult to determine from which organization the information leaked. Its name often appears either in the name of the board or in the description of tasks," added the experts.

Analysts Infosecurity found that nearly a million public boards of service Trello are currently indexed by search engines, and thousands of them contain confidential information. So, now, according to thematic queries in search engines, there are more than 9000 boards with mentions of logins and passwords.

Trello belongs to the Australian software developer Atlassian, other similar free services include Evernote, Wunderlist, XMind, Notion. Data from Trello boards were already in the public domain, but this was the first time such a large-scale leak occurred.

Sergei Novikov, deputy head of the Kaspersky Lab's Threat Research and Analysis Center, noted that the service is used by cyber groups to coordinate their activities. Infosecurity told about detecting a board in Trello, which belonged to a group of fraudsters who specialize in deceiving credulous foreigners under the "Russian brides" scenario when the hunt is conducted for those willing to meet young girls from Russia.

"Hackers could use data from the boards, for example, to attack companies' clients or hack corporate Instagram accounts, as in the fall of 2020," added Infosecurity.

Experts warned that data leaks could also lead to fines for violations of the law on personal data, for example, it contradicts the storage of scans of clients' passports in public storage located abroad.

Positive Technologies rejected accusations of the U.S. Department of the Treasury of Russia's cooperation with intelligence services

 Russian cyber security company Positive Technologies rejected the accusations of interference in the American elections, made by the U.S. Treasury Department. This was said in a statement issued by the company, which was made available on Friday, April 16.

"As a company, we reject the baseless accusations made against us by the U.S. Treasury Department: in the nearly 20-year history of our work, there is not a single fact of using the results of Positive Technologies' research activities outside the traditions of ethical information sharing with the professional information security community and transparent business conduct," the company notes.

According to the results of 2020, Positive Technologies revenue grew by 55% compared to 2019 and amounted to 5.6 billion rubles ($73.4 million). The company currently employs more than 1.1 thousand people. The firm has been creating innovative information security solutions for 18 years. Its products and services allow to identify, verify and neutralize real business risks that may arise in the IT infrastructure of enterprises. Today, more than 2,000 companies in 30 countries use the company's products. 

Recall that on April 15, the USA Ministry of Finance announced the introduction of new sanctions against Russia. Washington blacklisted 32 individuals and organizations, including six technology companies. In addition to Positive Technologies, the victims were Era military innovative technopolis, the St. Petersburg-based software developer called OOO NeoBIT, a large IT supplier of the Russian defense industry complex Advanced System Technologies (AST), the Rostov Research Institute of Specialized Computing Devices for Protection and Automation (Spetsvuzavtomatika), as well as IT- the company Pasit. They are accused of connections with the Russian special services.

After the restrictions were imposed, the U.S. Ambassador in Moscow and John Sullivan were summoned to the Russian Foreign Ministry on April 15. Russian presidential aide Yuri Ushakov outlined to him the nature of the response to the restrictions.

Moscow warned of a strong response to Washington's moves.

The Kremlin assessed the possible impact of new sanctions on the Russian economy. They stressed that the effectiveness of the country's economic bloc is internationally recognized and there is no reason to doubt it.

Foreign hackers attack Russian research institutes

Against the backdrop of the pandemic, foreign hackers have increased their activity against Russian research institutes which specialize in developing vaccines against the coronavirus, as well as military and aviation projects. Experts believe the stolen information could be used for political purposes. But lately, the focus of such attacks has shifted from espionage to the destruction of critical infrastructure.

Cybersecurity experts have described an increase in targeted attacks on research institutes. Group-IB reported that Russian research institutes specializing in military and aviation developments, as well as those responsible for developing vaccines for the coronavirus, have recently been of great interest to foreign pro-state hackers.

Company Doctor Web confirms that targeted attacks on research institutes have tended to increase recently. In September 2020, for example, a Russian research institute contacted its virus laboratory, and Doctor Web discovered that the institute's network had been compromised by two hacker groups. One of them had infiltrated the research institute's network back in 2017 and remained undetected until 2020. During the investigation, it emerged that a similar malware was installed on the local network of another Russian research institute in May 2019.

Sometimes a group can go undetected for longer and also embed multiple programs at once: for example, Group-IB found six types of malware on one client's network.

"Among the malware was a banking Trojan in accounting, spyware on employees' mobile devices that connected to work Wi-Fi, malware and Trojans on work machines", said Anastasia Tikhonova, head of research at APT Group-IB.

Targeted attacks are difficult to detect because they always affect only one organization, said Igor Zdobnov, head of Doctor Web's virus laboratory. In his opinion, state-sponsored hackers are behind the attacks on research institutes for espionage purposes.

Group-IB adds that such operations have recently become more overt, with their focus shifting from espionage to the destruction of critical infrastructure.

For example, on July 3, 2020, it was revealed that Israeli authorities were under suspicion of carrying out a cyber attack on one of Iran's nuclear facilities. The incident occurred on July 2 and involved a fire and explosion at an underground uranium enrichment facility in Natanz.