Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Number of fake delivery services increased in Russia


Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites.  Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.

The expert noted that the peak of the appearance of such Internet resources was recorded in April.

In addition to food sites, experts found fake Samsung online stores and Citilink online electronics hypermarket.

These sites almost completely copy the original ones: they have a catalog with hundreds of items, users can choose a restaurant, order dishes, enter the delivery address and pay for the order with a Bankcard.

Alexei Drozd, head of the information security department at SerchInform, noted that in April, the use of the delivery theme in the domain name increased: if in February there were 53 domain registrations with the word delivery, then in April — 288. According to him, this means that a high-quality Grabber has appeared on the Darknet,  a program that can reliably copy the look and content of the site.

Fraudsters actively used such software, but it is more difficult to copy marketplaces with a complex structure than a regular website, and if they already succeed, then we should expect new large phishing waves, warns Mr. Drozd. According to him, phishing sites live up to the first complaints from users or copyright holders, so it is important that companies themselves fight phishing.

Moreover, on the fake Delivery Club, after entering the card data, users need to enter the code from the SMS, so it can not be excluded that at this moment "someone links their number to your mobile Bank", noted the Telegram channel In4security, which discovered such a resource.

Kaspersky Lab also noticed sites that mimic well-known food delivery services. Hackers always use popular brands, says Tatiana Sidorina, a senior content analyst at the company.

The scale of data leaks of patients with coronavirus in Russia has become known


More than a third of all cases of leaks of personal data of patients with coronavirus, as well as suspected cases, occurred in Russia.

According to InfoWatch, in just the first half of 2020, there were 72 cases of personal data leakage related to coronavirus infection, of which 25 were in the Russian Federation. Leaks in Russia were caused by employees of hospitals, airports, and other organizations with access to information resources. In general, for this reason, 75% of leaks occurred in the world, another 25% were due to hacker attacks.

The company clarified that in 64% of cases worldwide, personal data associated with coronavirus was compromised in the form of lists. Patient lists were photographed and distributed via messengers or social media groups. Some leaks were due to the accidental sending of data by managers to the wrong email addresses.

According to InfoWatch, 96% of cases on the territory of the Russian Federation are leaks of lists, and 4% are leaks of databases.  In all cases, data leaks occurred due to willful violations. InfoWatch stressed that the disclosure of such data often led to a negative attitude towards coronavirus patients from the society.

The Russian Federal Headquarters for coronavirus declined to comment.  Moreover, the press service of the Moscow Department of Information Technology reported that since the beginning of 2020, there have been no leaks of personal data from the information systems of the Moscow government.

In Russia, there are no adequate penalties for organizations in which personal data leaks occurred, said Igor Bederov, CEO of Internet search. In addition, there is still no understanding of the need to protect personal data in electronic systems. There are not enough qualified specialists in this industry. As a result, network cloud storage used by companies, including for processing personal data, is poorly protected.

Personal data of one million Moscow car owners were put up for sale on the Internet


On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, his phone number and date of birth, registration region, VIN-code, series and number of the registration certificate and passport numbers of the vehicle.

This is not the first time a car owner database has been leaked.  In the Darknet, you can find similar databases with information for 2017 and 2018 on specialized forums and online exchanges.
DeviceLock founder Ashot Hovhannisyan suggests that this time the base is being sold by an insider in a major insurance company or union.

According to Pavel Myasoedov, partner and Director of the Intellectual Reserve company, one line in a similar archive is sold at a price of 6-300 rubles ($4), depending on the amount of data contained.
The entire leak can cost about 1 bitcoin ($11.1 thousand).Information security experts believe that the base could be of interest to car theft and social engineering scammers.

According to Alexey Kubarev, DLP Solar Dozor development Manager, knowing the VIN number allows hackers to get information about the alarm system installed on the car, and the owner's data helps to determine the parking place: "There may be various types of fraud involving the accident, the payment of fines, with the registration of fake license plates on the vehicle, fake rights to cars, and so on."

Against the background of frequent scandals with large-scale leaks of citizens data, the State Duma of the Russian Federation has already thought about tightening responsibility for the dissemination of such information. "Leaks from the Ministry of Internal Affairs occur regularly. This indicates, on the one hand, a low degree of information security, and on the other — a high level of corruption,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy.

The data of clients of the Russian bank Alfa-Bank leaked to the Network


On June 22, a message appeared on the Darknet about the sale of a database of clients of the largest Russian banks. The seller did not specify how many records he has on hand but assured that he is ready to upload 5 thousand lines of information per week.

One of the Russian Newspapers had a screenshot of a test fragment of the Alfa-Bank database, which contains 64 lines. Each of them has the full name, city of residence, mobile phone number of the citizen, as well as the account balance and document renewal date.

A newspaper managed to reach up to six clients using these numbers. Two of them confirmed that they have an account with Alfa-Bank and confirmed the relevance of the balance.

Alfa-Bank confirmed that they know about the data leak of several dozen clients.
The seller of Alfa-Bank's database said that he also has confidential information of clients of other credit organizations.

"I can sell a database of VTB clients with a balance of 500 thousand rubles or more with an update from July 17 for 100 rubles per entry," claimed the seller. However, the Russian newspaper was not able to get test fragments of these databases.

The newspaper also contacted two other sellers who offered information about users of Gazprombank, VTB, Pochta Bank, Promsvyazbank, and Home Credit Bank.
Information about the account balance is classified as a Bank secret. Knowing such confidential details makes it easier for attackers to steal money using social engineering techniques.

"There are two ways to get bases on the black market. One of them is the leak of data by an insider from a Bank or company. The second option is through remote banking vulnerabilities," said Ashot Hovhannisyan, founder of the DLBI leak intelligence service.
According to him, the reason for the ongoing leaks is inefficient investments in security. Companies often protect their systems from hacking from outside, but not from insiders.

Databases of users of Russian ad services Avito and Yula have appeared on the network


Six files with tables in CSV format are in the public domain, which means that anyone can download them. Each file contains the data of about 100 thousand users (three databases with information from Avito users, and three more from Yula users). Each record contains information about the user's region of residence, phone number, address, product category, and time zone. The first database was uploaded to the hacker Forum on June 26, and the last one appeared there on July 22.

Russian media writes that they confirmed the relevance of at least part of the published data by calling users at the specified phone numbers.

A representative of Yula said that the uploaded files do not contain personal data of users of the service.

"They only contain information that anyone could get directly from the site, or by parsing (copying using scripts) ads.

Yula is extremely attentive to the security of our users and the safety of their data. We do not disclose information about addresses from ads even when parsing (and this is visible in the files) and allow our users to completely hide their phone numbers, accepting calls only through the service's app," said the service.

The press service of Avito also reported that the user data contained in the databases was publicly available and this is not a leak of information.

The head of the Zecurion analytical center, Vladimir Ulyanov, noted that it may even be a manual data collection since user numbers on Avito and Yula websites are usually covered with stars. The published information, in his opinion, can be used by fraudsters in social engineering.

An IT expert at the Russian State Duma Explains Data Risks of Using VPN


"To prevent hackers from getting personal data of users, users don't need to use a VPN connection in their daily life", said Yevgeny Lifshits, a member of the expert council of the State Duma Committee on Information Policy, Information Technology and Communications.

He explained that a VPN is a virtual network that is supposed to protect the user's personal data from hackers. It is assumed that using this network allows users to maintain network privacy. However, according to the expert, VPN services carry more danger than protection.According to Lifshits, such services are not needed in everyday life.

"Sometimes VPN services are necessary for work to transfer commercial data. In everyday life, they have no value."

According to the expert, if a person does not commit crimes that he wants to hide with a VPN, then he does not need to protect himself.  Otherwise, passwords may end up in the hands of hackers.

"A user installing a VPN believes that he has secured himself, but the service provider may allow a data leak,” said Lifshitz. 

According to him, if the VPN service is unreliable, hackers can get passwords and other personal data of the user. The expert noted that now there are thousands of companies offering a secure connection and an ordinary person can make a mistake with the choice of a reliable one.

Earlier it was reported that the personal data of 20 million users of free VPN services were publicly available on the Internet. Experts found on the open server email addresses, smartphone model data, passwords, IP addresses, home addresses, device IDs, and other information with a total volume of 1.2 terabytes. It is noted that the leak occurred from networks such as UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN. Some of them have millions of downloads from Google Play and the App Store and high ratings.

Russian Foreign Ministry urged whole world to abandon cyber attacks on healthcare facilities during a pandemic


Against the background of the coronavirus pandemic, Moscow calls for an end to cyberattacks on healthcare facilities and critical infrastructure. This was announced on Monday, July 20, by the Russian President's Special Representative for International Cooperation in the Field of Information Security, Director of the Department of International Information Security of the Russian Foreign Ministry, Andrei Krutskikh.

He stressed that Russia shares the opinion of many countries that the information and communication infrastructure in the health sector is needed.

"We propose to secure the obligation for states to refrain from attacks not only on medical facilities, but also in general on the critical information infrastructure of institutions that provide vital public services," said Krutskikh.

In particular, the diplomat noted the spheres of education, energy, transport, as well as banking and finance. In addition, he added that work on this will continue at the  United Nations platforms on international information security.

In addition, the Russian Ministry of Foreign Affairs offered Germany to hold consultations on cybersecurity.

"We consider it extremely important to resume a full-scale dialogue in this format with the involvement of the necessary range of experts on international information security. This will help neutralize an unnecessary irritant in our bilateral relations and transfer interaction on the issue of information security into a practical plane," said Krutskikh.

Moreover, the special representative commented on the situation with  Russian Dmitry Badin.
According to Krutskikh, Russia has offered Germany several times to hold consultations on information security, including in 2018, but the German side disrupted the planned talks.

Earlier, E Hacking News reported that the Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking into the computer systems of the German Parliament in 2015. The publication reports that the suspect's name is Dmitry Badin, he is allegedly an officer of the GRU.  Russia repeatedly denied accusations of involvement in hacker attacks. 

Russian experts gave tips on protecting a mobile Bank from fraudsters


Two-factor authentication and compliance with digital hygiene rules can protect users from hacking a mobile Bank on smartphone

According to experts, mobile banking programs are quite secure, so most often funds are stolen due to user errors.

“More often, cybercriminals call customers of financial institutions or use malware,” said Sergei Golovanov, a leading expert at Kaspersky Lab. In this case, users may accidentally give fraudsters the card details and login passwords.

Andrey Arsentiev, head of Analytics and Special Projects at InfoWatch Group, believes that any applications are vulnerable to hacking if malware is installed.

Vladimir Ulyanov, head of the Zecurion analytical center, is sure that users need to configure two-factor authentication to get an additional one-time code. At the same time, the specialist believes that the spyware installed on the smartphone can intercept the SMS code from the Bank. "It is more secure to perform operations and receive confirmation codes on different devices," Ulyanov said.

"Install the software on your phone only from authorized, approved sources (App Store and Google Play)," said Ruslan Suleymanov, Director of information technology at ESET Russia. In his opinion, customers of credit organizations need to have a separate card for online purchases, set daily limits for transfers, and regularly change passwords.

"You can't tell anyone your card details or login details to the customer Bank by telephone. Not a single bank makes such official requests on its behalf,” concluded Suleymanov.
According to the founder of DeviceLock Ashot Hovhannisyan, it is best not to use a mobile Bank, but to log in to your personal account on a computer protected by antivirus. If mobile banking is important, then you should stop using a jailbreak and installing dubious programs through alternative stores.

In addition, Roskachestvo experts have recommended that users should regularly update the software on their devices, even if they do not see a particular need for it. Otherwise, it can lead to unpleasant consequences.

The Russian Prime Minister spoke about the growth of cybercrime activity in Russia


Russian Prime Minister Mikhail Mishustin said that this spring there was an increase in cybercrime activity. The Prime Minister said this on July 8 in a video message to participants of the international online training on cybersecurity Cyber Polygon-2020

“This spring, we observed an increase in the activity of cybercriminals. More than 90% of successful attacks are carried out using social engineering methods: fraudsters attack us with phishing emails and use the technology of number substitution, trying to take citizens by surprise,” said the prime minister.

According to Mishustin, cyber threats can come from entire states. "Geopolitical differences also extend to the digital environment, thus adding countries to the list of possible sources of threats to digital security," said he.

The Prime Minister drew attention to the fact that security researchers regularly detect complex malware that is specifically designed to disable critical functionality and cause physical damage to industries and infrastructure.

He said that the government, in cooperation with Russian companies in the field of information technology security, is working to inform the population about cyber risks and cyber threats. This makes it possible to solve many problems, but there are still many issues that require attention.
Mishustin pointed out that the national action plan for the recovery of the Russian economy after the crisis is based on the increasing digitalization of the economy and government.

"We will radically increase the number of e-government services provided and create fundamentally new systems to support digital business. In these conditions, one of the most important areas is the protection of cyberspace," added the head of the Cabinet of Ministers.

In addition, the Prime Minister said that the key to a secure digital future for the entire world is cooperation in the field of cybersecurity, and Russia is ready to share its achievements in this field with the world.

He noted that Russia is today one of the leaders in technological progress. According to the Prime Minister, Russian developments in the field of information security successfully compete on the international market.

Hackers "showed ethics" and did not attack medical services in Russia during the pandemic


During the pandemic, there were no hacker attacks on medical institutions in Russia, unlike in many countries of the world, Group-IB reported. The company believes that the hackers showed "rare ethics for our observation"

Many computer hackers during the coronavirus pandemic refused to attack the information system s of Russian medical institutions, said Ilya Sachkov, CEO of a cybersecurity company Group-IB.

According to Sachkov, attackers who launch DDoS attacks can have “professional ethics” - unlike those who create fraudulent resources for fraud. Group-IB noticed attacks on medical institutions in many countries of the world, but this did not happen in Russia: there weren’t even any announcements on hacker forums or attacks by ransomware, said Sachkov.

The head of Group-IB added that the company noticed "some rare ethics for our observation" from hackers. “As if taking into account what is happening, everyone understood that in Russia medical facilities are a matter of life or death for many people ... This, of course, is my guess, I did not communicate with hackers, but I noticed. In principle, this [attack on the hospital] would be super-moral,” added Sachkov.

In April, Group-IB reported that the pandemic had divided the hacker community: some tried to profit from people's panic, while others condemned it. Several users on hacker forums at the time urged others to stop using the coronavirus for harmful purposes. In the spring, fraudsters actively used the COVID-19 theme to trick money from the Russians. The Central Bank also noticed the problem.

In May, Group-IB said that fraudsters activated a theft scheme with online purchases and false courier services. Due to the fact that many people were self-isolated and began to actively use the services of couriers, the number of registrations of fake sites similar to the sites of real delivery services has increased several times.

In six months, hackers attacked Russian government systems more than a billion times


Since the beginning of the year, infrastructural digital objects of Russia have undergone cyber-attacks more than a billion times, said the Director of international information security of the Russian Foreign Ministry Andrey Krutskikh in an interview published on June 29 in the journal International Life.

“Since the beginning of this year, more than 1 billion malicious information impacts on the critical information infrastructure of the Russian Federation have been recorded,” said Krutskikh.
According to him, coordinated targeted attacks have become more frequent. Over the past few months, the number of such actions has exceeded 12 thousand, while the objects of state authorities, the credit and financial sector, healthcare, the defense industry, science and education were chosen as the main goal.

"These figures confirm the enormous danger posed by computer attacks, since the attacked objects ensure the daily life of society and the state, and the security of our citizens," stressed the special representative of the President.

According to him, the greatest danger is that incidents in the online space can lead to a full-scale conflict in the offline environment.  Therefore, Krutskikh once again recalled Russia's calls to the world community to cooperate against terrorism in the new digital age. The expert is sure that the use of Information and Communication Technologies (ICT) threatens the sovereignty of States.

"Russia calls for more effective international cooperation in the fight against the threat of terrorism, especially in the digital age. The use of ICT by terrorists is a clear challenge to international peace and security arising from the illegal use of these technologies. This is not just a criminal problem, it is also a political problem. Such actions pose a threat of violating the sovereignty of States and interfering in their internal Affairs," said the diplomat.

Recall that in 2019, Krutskikh stated that the number of cyber attacks is growing, only about 70 million attacks are carried out per year on Russian state structures. The damage from this on a global scale is already measured in trillions of dollars, by 2022 it will reach up to 8 trillion dollars.

The Public Chamber of the Russian Federation reported a DDoS attack on its website


The website of the Public Chamber (OP) of Russia was attacked by hackers. The site of the project on the fight against fakes at all levels feikam[.]net was also subjected to a DDoS attack. Currently, there is no access to sites, an error appears when trying to access them.

Alexander Malkevich, the head of the expert advisory group of the Public Chamber of Russia on public control of remote electronic voting, said that the attack began after the end of receiving votes from online voters.

In his opinion, the attack is connected with the active work of the Public Chamber of the Russian Federation to expose fakes about the all-Russian vote on amendments to the Constitution.

"In the evening of June 30, after the official end of the online voting process, the website of the Public Chamber of the Russian Federation was attacked by hackers who managed to interrupt its normal operation for a while. This is very similar to the retribution of those who were prevented by members of the Chamber from wreaking havoc during the voting, especially considering that there was the hack of the site http://feikam.net/  at the same time," he noted.

According to Mr. Malkevich, 5 thousand fakes were found on the Internet, and their number has grown several times as the voting began to approach. Earlier, he noted that mostly false information about the amendments to the Constitution is distributed through the media-foreign agents and in social networks.

It's important to note that All-Russian voting began on June 25 throughout Russia and lasted until July 1. On it, citizens were asked whether they approve of the amendments to the Constitution. The "Yes" and "No" options were indicated in the Bulletin. The main amendment is the nullification of Vladimir Putin’s presidency so that he can become president again.

The database of millions of Telegram users from Russia and Iran appeared on the Darknet


On one of the forums in the Darknet, a database appeared with information about several million users of the Telegram messenger. The data file is about 900 megabytes. 

The Telegram press service confirmed the existence of the database, explaining that information is collected through the built-in contact import function even when the user registers. Representatives of the company added that not a single service that allows users to communicate with contacts from their phone book can completely exclude such a search.

Telegram also assured that most of the fused accounts are no longer relevant. In addition, the messenger has a function "Who can add me to contacts by phone number". This setting makes it difficult for regular users to communicate (they become invisible even to those who know their phone number), but it allows you to completely hide the connection between the account and the phone number.

It became known that the Telegram user contact database did not appear on the network as a result of a leak from the messenger, it was collected by parsing - collecting and analyzing publicly available information and is a compilation of other contact databases.

"This database is a compilation of various previous databases collected from different countries and different methods. The main method is collection via open systems, chatbots, authorization, and information about a person's registration by number. Even taking into account duplicates and incorrect data in the database, this is tens of millions of users," said the expert.

The expert believes that the database could somehow get all the user's public data-ID, username, first name, last name, photo, cell phone, public bio and website, in some cases, information was also included when the user was online, his approximate location – country/region, and others. Such databases are usually used for widespread non-targeted spam.

Experts fear an increase in the number of cyber attacks after the end of self-isolation


As 62% of respondents answered, when companies transferred employees to remote work at the beginning of the pandemic, the most concern was ensuring secure remote access and VPN. 47% of respondents reported that they were concerned about preventing attacks using social engineering methods, and 52% called the protection of endpoints and home Wi-Fi networks of employees one of the main challenges.

"Even before the introduction of self-isolation, many companies allowed employees to work remotely. As soon as the regime entered into force, organizations had no choice but to organize remote access for all their employees as soon as possible. Of course, these measures have led to the emergence of new opportunities for attackers to carry out attacks. Despite the fact that we are now gradually returning to the normal life, the threat of cyber attacks is not decreasing. Companies need to use comprehensive zero-day security solutions to avoid being hit by a large number of next-generation cyber attacks," explained Vasily Diaghilev, head of Check Point Software Technologies representative office in Russia and the CIS.

At the same time, 65% of information security experts noted that their companies are blocking the access of external computers to corporate VPNs. 51% of specialists said that the greatest threat comes from home devices, 33% see the main security threat in mobile devices of employees.

According to Dmitry Medvedev, Deputy Chairman of the Security Council of the Russian Federation, the number of cybercrimes in the past five months in Russia has exceeded 180 thousand, which is 85% more than in the same period of time in 2019.

He stressed the importance of taking into account that new schemes and techniques are being developed for cyber attacks.

The number of vulnerable computers in Russia tripled during the period of self-isolation


DeviceLock analysts claim that the number of computers with the Windows operating system in Russia, that are vulnerable to Remote Desktop Protocol (RDP) access attempts, increased by 230%, to 101 thousand during the time of self-isolation.

The company's founder, Ashot Hovhannisyan, explained that the rapid growth was due to the fact that during the coronavirus pandemic, the number of servers, including those open to the Internet, also grew rapidly.

According to him, most companies allow users to connect via the Remote Desktop Protocol only using VPN technology, while a small percentage of servers are allowed to log in without a password, which is a serious threat to corporate networks.

Alexey Novikov, Director of the Positive Technologies expert center, added that botnets scanning the network for vulnerable computers had new goals when companies started transferring employees to remote work.  According to him, the rapid transition to remote work contributed to the fact that the priority was put on the performance of the infrastructure, rather than information security.

Hackers sell company accounts on the Darknet for 300-500 rubles ($4-7). The information obtained can help cyber criminals in stealing the user's personal data. This way, criminals will be able to get into the Bank account or, for example, to the crypto exchange or e-wallet.

According to Igor Zalevsky, head of the JSOC CERT cyber incident investigation department, the number of attacks has increased with the growth of the number of targets. For example, the number of attempts to select RDP passwords increased from 3-5 times to 9-12. The attacks began to last longer – from two to three hours. According to him, it takes attackers an average of one and a half days to access large companies with a large information security department. 

Germany threatened Russia with sanctions for a hacker attack on the Bundestag


German Foreign Ministry spokeswoman Maria Adebar on Friday confirmed that Germany in connection with the case of a hacker attack on the Bundestag introduces a sanctions regime,  which includes freezing accounts and restrictions on entry to the European Union.  Hackers linked to Russian intelligence are suspected of hacking emails. Moscow denies any involvement.

Adebar added that this sanctions regime allows freezing assets and restricting entry not only for individuals but also for organizations.

The day before, the State Secretary of the German Foreign Ministry Miguel Berger invited the Russian Ambassador to Germany Sergei Nechaev to Berlin in connection with the case of a hacker attack on the Bundestag. Berger, on behalf of his government, "strongly condemned" the attack.

He also reported on Germany's plans to use the EU's cyber sanctions regime against the Russians involved in this attack, including Dmitry Badin. The reason for this, he also called a warrant for the arrest of Badin, which was issued by the US Attorney General in May.

Recall, in early May, the German media reported that the Prosecutor General's office of Germany announced an international search for Dmitry Badin on suspicion of complicity in a cyberattack on the Bundestag network in 2015. It was noted that he was also wanted by the US Federal Bureau of Investigation (FBI).

Berlin believes that Baden is part of the hacker group Fancy Bear. He is accused of conducting secret intelligence and illegally extracting computer data.

A cyberattack on the Bundestag's resources occurred in April 2015. German members of Parliament received similar emails, allegedly related to the UN, in which there was a link to malicious spyware. According to official data, hackers stole at least 16 gigabytes of data. It is assumed that the attackers copied two mailboxes with correspondence from the parliamentary office of German Chancellor Angela Merkel from 2012 to 2015.

The German side believes that Russia is not sufficiently involved in the investigation of the crime.

The voting site of the United Russia party was attacked by hackers


"Initially, the voting went as usual. At seven in the morning, a rapid increase in attempts to vote began. After some time, technical support detected a DDoS attack — attempts were made to upload votes from non-existent voter IDs to the system," commented the press service of the party.
Deputy Secretary of the General Council of United Russia Sergey Perminov said that within two hours, the growth of hundreds of thousands of fake requests was stopped. At this time, there was a queue of real people who went to vote on the site.

"We use the blockchain to conduct preliminary voting — accordingly, all data comes to us in encrypted form and goes through several stages of verification. All ballots are anonymous — we don't have access to the personal information of the electors who sent them, which means we can't track the attack vector. Accordingly, we process all requests without exception. Therefore, we are now increasing our capacity in order not to lose any of the real votes," explained Perminov.

Deputy Secretary noted that they managed to stop the attack within two hours, now the system is gradually improving. All the data of real electors who managed to vote has been included in the blockchain and will be available for verification. The correctness of the vote, according to him, is not violated.

It is worth noting that United Russia is the only party in the Russian Federation that conducts primaries to nominate candidates for elected posts. Any Russian citizen can participate. This year, due to the coronavirus pandemic, primaries are held in electronic format.

Recall that on May 23, Russian President Vladimir Putin signed a law on remote voting. According to the document, a new type of voting without a paper ballot is being introduced in the Russian Federation. Special software will be used instead.

Russian experts assessed the level of protection of corporate data from hacker attacks


Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research.

"It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out," said experts.

Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection.

According to experts, every sixth company showed signs of hacker attacks, malicious links on official sites or valid accounts in public leak databases. Based on this, the researchers concluded that the company's IT infrastructure could be controlled by hackers.

Specialists advise companies for protection, first, to follow the General principles of information security: regularly check their information resources available for external connection, as well as develop strict rules for corporate password policy and monitor their implementation. In addition, they recommend regularly updating the security settings for operating systems and installing the latest versions of software products.

Recall that, according to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.

Russian banks revealed new types of fraud


Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have become more active. An applicant should fill out a form with personal data. Then a letter arrives that he was hired, and he needs to transfer money for some equipment urgently. In the end, no money, no work.

VTB specialists reported cases of fraud when hackers place job ads and get access to mobile phones while communicating with candidates. Then, using remote access, hackers get to the client's personal account and can withdraw money.

Hackers are looking for candidates without experience, for example, for the position of mobile app tester. Those who responded to the ad, they are asked to pass testing and install remote access programs to their computer or smartphone for control. Fraudsters can use them to log in to their personal account and withdraw funds.

The VAT refund scheme is also gaining popularity among fraudsters. Attackers publish videos on the Internet with a proposal to refund value-added tax to all Russians left without income. In this scheme, customers click on a fraudulent link from the description to the video and independently perform expense transactions, which leads to a loss of money.

"Internet companies began to actively appear that offer customers to take advantage of the volatility of cryptocurrencies and promise a large profit," said Kuznetsov about another scheme.

Finally, financial fraudsters copy popular initiatives of well-known brands and companies to attract their victims, using hashtags of the period of self-isolation, for example, #stayhome and offer to participate in the campaign to get three thousand rubles ($42). For this, it is allegedly necessary to provide card data and a one-time SMS password.

It is worth adding, according to the international company Group-IB, using the remote access program TeamViewer, fraudsters steal from the clients of large banks on average from 6 million to 10 million rubles per month ($84,000 - 140,000).

Data of 9 million customers of the Russian courier service CDEK leaked


Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services

Telegram channel In4security noticed that the database contains information about the delivery and location of goods and information about buyers, including Tax Identification Numbers. The seller of the database sent the author of the Telegram channel screenshots dated May 8, 2020. This indicates that the databases are fresh.

The CDEC claims that there was no data leak from the company. As the representative of the service stressed, personal data is collected by many companies, including state aggregators, the leak could have occurred on any of these resources.

Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies, said that this is the largest leak of personal data from Russian delivery services. He notes that the information of CDEC users is not leaked for the first time: previously, customers of the delivery service complained that personal data of other people is visible on the company's website due to vulnerabilities.

Head of Security Department of SearchInform Alex Drozd warned that after leaks there are always calls from scammers. They call the victim and introduce themselves as company employees and try to find out information about billing information.

The interest of fraudsters in the data of courier services may be associated with an increase in demand for their services during the coronavirus pandemic and self-isolation.
The company also recalled that recently, cases of detection of fraudulent sites that act on behalf of CDEC have become more frequent.

It should be noted that in recent weeks, there has been an increase in phishing sites: online cinemas, online stores, training courses, legal advice, government portals.  Earlier, E Hacking News reported that Russia has bypassed the USA in hosting for phishing resources.