Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Russian banks and energy companies have undergone a new wave of cyberattacks


A new wave of cyberattacks targeting banks and energy companies has been recorded in Russia. Employees of these organizations receive numerous phishing emails with infected links, clicking on which is fraught with data theft from the computer.

It is reported that the malicious message contains an office document. The victim clicks on it and gets to the text hosting Pastebin, which downloads images from the Imgur service, which in turn contains malicious code. Thanks to it, attackers can steal secret files, withdraw funds, or install spyware on a user's computer.

"Since the chain consists of four stages, the protection tools that companies use cannot detect it, they are designed for shorter activity of malware," explained Igor Zalevsky, head of the center for the investigation of cyber incidents of JSOC CERT Rostelecom-Solar.

The company said that about 60% of phishing emails were received by employees of the energy sector, but 80% of all attacks turned out to be aimed at banks.
Zalevsky added that the attack is similar to the activity of the hacker group Silence, which just specializes in credit organizations. It is possible that the group decided to expand the scope of its activities or it's completely different hackers copying the behavior of Silence.

Group-IB confirmed that the attack recorded by Rostelecom-Solar was previously carried out in the banking sector.

Information security experts said that in 2020, energy companies will become the “main targets” for cybercriminals.

Andrey Arsentyev, head of Analytics and special projects at InfoWatch group, agrees with this assessment, he called the energy sector one of the "most attacked" in recent years. According to Denis Kuvshinov, a leading specialist of the PT Expert Security Center Positive Technologies cyber threat research group, the main goal of cybercriminals targeting the energy sector is industrial espionage, as well as the impact on critical infrastructure.

Security Experts Say Hackers Can Hack Russian Banks In 5 Days


Experts from the information security company Positive Technologies came to the conclusion that hackers will need only five days on average to hack a large Russian Bank. Experts came to this conclusion on the basis of a number of tests. The attack was successful due to vulnerabilities in applications, software and password selection. In some cases, access to ATMs was obtained.

Tests in 10 banks from the top 50 banks showed that hackers need an average of 5 days to hack the Russian bank’s network. In cases where the hacker acts from the inside, he is able to get full control over the entire infrastructure of the Bank in two days.

During the audit of banks, whose names were not disclosed, experts simulated 18 cyberattacks. In eight cases, the attacks were carried out from the outside using only publicly available data, such as the Bank's website or an incorrectly configured database. In ten cases, the hacker attacked from inside the bank, that is, the hacker was in the Bank building and got access to the power outlet, Wi-Fi network, and so on, or thanks to an external attack, he gained access to user data of a bank employee. Social engineering methods were not used in the tests.

Passwords turned out to be the weakest point because most of them were selected using a combination of similar words or nearby keys. Under one very common password “qwerty123” in one of the credit organizations were more than 500 accounts.

New testing showed that hackers can penetrate from the Internet into the local network of seven out of eight banks.

However, Kaspersky Lab’s Leading Antivirus Expert Sergey Golovanov said, Due to the improvement of bank security systems, Russian-speaking hacker groups are increasingly attacking foreign credit organizations, they are switching to banks in Asia, Africa and Latin America.

Experts have found the most vulnerable places in Runet


Personal accounts of Runet users in various services, including Internet banks, turned out to be the worst protected from hackers. This is the opinion of Positive Technologies specialists.
After analyzing 38 websites of various organizations, including IT companies, government agencies, financial and telecommunications organizations, Positive Technologies employees concluded that nine out of ten web applications in Runet are vulnerable to hacker attacks.

Despite the fact that the situation has improved compared to the previous year, half of the sites contain "high-level" vulnerabilities. In 2019, there were 22 vulnerabilities per application, which is one and a half times lower than in 2018. According to Positive Technologies, the probability that data will leak from applications to the network is 68%, unauthorized access is possible in 39% of cases and authentication system weaknesses were found in 45%.

Also, hackers often hack applications in the banking sector. The protection of apps of credit organizations works only in 40% of cases.

According to experts, this is due to the fact that the dynamics of the main updates of the program is quite high. He noted that the system does not have time to “undergo full training” and automatic configuration.

Applications of government agencies turned out to be the most vulnerable to hacker attacks. Experts stressed that funding for this sector was low. At first, the tenders were won by those who requested the lowest price. And then expenses were reduced even more — by hiring students, for example.
Experts noted that it is quite difficult to protect web applications. Sometimes systems are used in monitoring mode, and real people monitor this. They have to determine whether the attack occurs or not.

“A 24-hour web service requires at least four operators, and this is from five million rubles a year ($78,700),” said Rustem Khairetdinov, vice president of InfoWatch Group. There is no way to hire such a staff of specialists in small companies and regional government agencies.

Most corporate networks in Russia are at cyber risks


Most (81 percent) of corporate and government structures networks were infected with malicious software. This is the conclusion was made by Positive Technologies specialists after analyzing the internal traffic of state organizations, industrial enterprises and other structures. IT analysts sound the alarm because employees of Russian companies and government agencies download movies from torrents, communicate via messengers and use simple passwords, increasing vulnerability.

Experts said that among the most common viruses are miners who mine cryptocurrency secretly from the owners and unauthorizedly display advertising software. A quarter of the networks are openly infected with spyware.

The company also reported that employees of 94 percent of Russian companies and government agencies download movies from torrents, communicate via messengers and use simple passwords like 12345. Positive Technologies also includes remote access to corporate resources as a risk factor. Experts explain that the employee's computer can be hacked and fraudsters will get access to the corporate network through it.

Analysts have noticed that it is extremely difficult to distinguish the actions of employees who run Tor, VPN and proxy servers from the actions of hackers because in both cases the same technologies are used. So hackers can steal data from the corporate information system without being noticed.
Sergey Zolotukhin, the trainer of the Group-IB computer forensics laboratory, explained that underestimating the level of development of cybercrime, a lack of attention to modern technologies and a low level of knowledge in this area affect the level of protection of companies from cyber threats.

Earlier, on February 10, it became known about a new type of fraud with Bank accounts of Russians. Scammers call the potential victim and ask which branch the client will come to close the account. The owners report that they did not make such a request to the Bank, after which they are offered to transfer all funds to a secure account.

Deputy of the State Duma of the Russian Federation: it is necessary at the legislative level to protect the data of Russians on Facebook


Andrey Alshevskikh, the State Duma Deputy, said that the threat to the personal data of Russian users of the social network Facebook is real. The Deputy notes that it is necessary to take appropriate security measures at the legislative level.

The day before it became known that the hacker group OurMine hacked two official Facebook accounts on Twitter. On the night of February 8, an appeal appeared on these pages stating the vulnerability of Facebook to hacker attacks. It was also said about the weakness of the Twitter security system.

"As for Facebook, this is not the first case and, something tells me, not the last. It is necessary to deal with such cases in detail and take concrete steps at the legislative level, make amendments to existing laws, and adopt new ones to protect the data of Russian citizens," said the Deputy.

Alshevskikh recalled that the threat to the personal data of Russians who use Facebook was mentioned repeatedly. Therefore, a law was adopted providing for the storage of personal data of citizens of the Russian Federation in Russia, however, some companies do not want to comply with it.

"We need to force Facebook to comply with Russian law," said Alshevskikh. Recall that earlier Roskomnadzor started administrative proceedings against Facebook and Twitter, which did not provide a localization report at the indicated time. Refusal to localize, according to Russian law, faces a multimillion-rubles fine. In the case of the first violation, legal entities may be charged up to 6 million rubles ($94,000), in the case of a second violation - from 6 to 18 million rubles ($94,000-$282,000). Court hearings have already been scheduled and will take place on February 13 in a Moscow court.

Earlier, CEO of a detective agency and speaker on cyberattacks Vladimir Golovin recommended that those who are concerned about the safety of their personal data stop using Facebook.

The Prosecutor General's Office of the Russian Federation proposes to create a single resource to combat cyber fraud


Specialized service for collecting data on cybercrime in the financial sector, which will help counteract fraud in cyberspace, may appear in Russia. The Prosecutor General's Office of Russia made a proposal to register Russian scammers.

It is noted that currently in Russia there is no specialized service that would allow solving the problems of citizens deceived by fraudsters online. Statements about crime have to be submitted to police departments. The current procedure requires only a statement about a crime or a report of a law enforcement officer about the detection of signs of a violation. According to the Prosecutor General's office, there is also no structure that carries out operational work with citizens on cybercrime.

The Department considers it necessary to protect citizens in cyberspace from scammers and create an opportunity to get help in such situations online. Thus, it is proposed to entrust the new structure with the duties of collecting, storing and systematizing data about fraudsters.

The new resource is proposed to be integrated into the Unified portal of public services and it will have to interact with law enforcement agencies. According to the authors, this will allow not only to register new cases of fraud but also to prevent further cases. Phishing and fraudulent sites will be blacklisted.

Financial market participants are aware of the project but do not want to comment on it. Financiers in informal conversations indicate that the project is "in the initial stage" and should not directly affect banks.

Human rights activists support the idea of the Prosecutor General's Office. According to the expert, one of the most common reasons for citizens to ask for help can be called phishing schemes, the damage amounts to billions of rubles a year. Therefore, thanks to the new service, a large amount of data will allow you to identify some common schemes, identify related persons. This will improve the quality of investigative actions and the detection of crimes.

In Russia, every third person has experienced cyber fraud, and almost every tenth has suffered from it. At the same time, according to experts, only about 7 percent of such cases reach the court.

Hackers used the websites of Russian government agencies to extract cryptocurrency


According to the deputy head of the National Coordination Center for Computer Incidents of the FSB, Nikolai Murashov, encryption viruses decreased their activity last year and were replaced by malware. In particular, these programs have changed for crypto-jacking or hidden cryptocurrency mining.

Murashov noted that the software for hidden mining uses up to 80% of the free power of the device, and the user may not know about it. According to him, the seizure of server capacities of large organizations for the purpose of mining cryptocurrencies threatens to severely reduce their productivity and harm their main activities.

Murashov said that hackers attack not only large companies but also ordinary users, for example, by mining through a browser while visiting infected web pages. Browser companies have already begun to struggle with this problem. So, in April of last year, the Mozilla Firefox introduced protection against crypto-jacking.

In addition, the number of installations of shadow miners on computers of ordinary users has increased. Last year alone, more than 50,000 such incidents were recorded.

"The scope of activities of shadow miners expanded over the past year. Hackers started using new software that is difficult to track because of the special code structure. Some applications are developed specifically for government servers and gaining control over them. Programs use computing power for mining, but administrators can only notice this during a detailed audit," said Murashov.

In Russia, the most high-profile incident last year was an incident with miners who mined cryptocurrency on the computers of the nuclear center in Sarov. The attackers, who turned out to be employees of the organization, used the equipment for their own purposes for several years.

Companies around the world are being attacked by ransomware viruses and crypto-jacking. Recently, a cybersecurity company Proofpoint, reported that in 2019, more than half of all public and private organizations in the United States were subjected to virus attacks and phishing. In this regard, regulators are beginning to take decisive action.

Roskomnadzor blocked the email service Protonmail


The FSB of the Russian Federation reported that it was possible to install another email service that was used by an "electronic terrorist" to send messages about mining of objects with a massive stay of people in Russia. On Wednesday, the FSB and the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) announced the blocking of the Swiss postal service Protonmail.com.

"This email service was used by hackers both in 2019 and especially actively in January 2020 to send false messages about mass mining of objects on the territory of the Russian Federation under the guise of reliable information," said the representative of Roskomnadzor.

In turn, the FSB of Russia reported that this service is used starting from January 24. Messages with threats of mining were sent to the email addresses of courts in four regions of the Russian Federation. Last year, the same service was also used to send false terrorist threats, but on a smaller scale.
"The texts also indicated allegedly mined 830 social and transport infrastructure objects. All threats were false," the FSB reported.

ProtonMail CEO Andy Yen recently announced his decision to go to court because he believes the block is unfounded. According to him, blocking the service is an inefficient and inappropriate tool to combat cyber attacks.

"This will not stop cybercriminals from sending threats from another email service and will not help if the criminals are located outside of Russia. Cybercriminals are also likely to be able to bypass the block using one of their many VPN services," Ian said.

The head of the company stressed that blocking mail will only harm private users and restrict access to private information for Russians.

Recall that this is the third foreign mail service blocked by Roskomnadzor for spreading false messages about mining facilities in Russia. On January 23, Roskomnadzor announced the blocking of the StartMail service. It was noted that mass mailings of messages about the mining of various objects on the territory of Russia were carried out through this mail service. Emails have been received since November 28, 2019.

Russian Bank reminds about the danger of transferring personal data to someone


Transferring personal data to someone (details of cards and accounts, passport data), you can become a victim of cyber fraud, so you can not do this in any case, recalled the Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov.

"Even if you take a picture of your card and send it to someone — this is basically already a leak. You might as well throw your wallet with your salary in the trash," he said.

He also said that in the second half of 2019, Russian companies faced large-scale phishing. "Last year, several organized criminal groups working in this direction became more active. One of them has made a big step forward in expanding its criminal activities. This is the RTM hacking group, it is Russian-speaking and operates in Eastern Europe, including Russia".

According to him, using modern software, RTM sends phishing emails to tens of thousands of companies in the country 10-15 times a month. Mr. Kuznetsov added that many companies open emails infected with viruses. "In this way, criminals get access to the company's accounting documents — with the help of a virus, they send the company's funds to their Bank accounts and gradually withdraw them," he said.

According to Mr. Kuznetsov, Sberbank has already given law enforcement agencies materials about almost 20 criminals from the group. There are at least five such groups, he said.

"This is not a new type of crime, but in the second half of last year, Russia faced it for the first time on this scale. As a result, some institutions of the financial system, as well as small and medium-sized companies in various industries were affected," said Stanislav Kuznetsov.

Recall, according to a study by TAdviser and Microsoft, in 2019, 76% of Russian medium and small businesses faced cybersecurity incidents. The main source of threats, businessmen called e-mail and external Internet resources.

More than half of Russian companies are concerned about the protection of personal data of employees and customers


The antivirus company ESET studied the state of information security in the Russian business sector, interviewing dozens of IT Directors and business owners. According to ESET research, different types of cyber threats affected 90% of Russian businesses. 60% of Russian IT managers are seriously concerned about the safety of personal data.

"The discontinuation of Windows 7 will play a role. Many Russian companies, despite the risks, will continue to use the operating system in the workplace. This will increase the risk of infection with new viruses, compromise and loss of corporate data," said the ESET representative. In addition, on January 14, 2020, support for the Windows 2008 and Windows 2008 R2 server systems was completed. They are used by many small and medium businesses. According to Ruslan Suleymanov, the Director of Information Technology Department of ESET Russia, this year, powerful and frequent DDoS attacks on the corporate sector and deepfakes will remain a trend.

Elena Ageeva, a consultant for the Information Security Center Jet Infosystems, notes that the development of cloud technologies will contribute to an increase in the number of attacks on cloud services.

According to InfoWatch, in Russia, ordinary employees have been and remain the main threat to the personal information of company customers. They account for more than 70% of the violations leading to leaks.

Andrey Arsentyev, head of the InfoWatch Analytics and Special projects Department, believes that phishing attacks will be further developed in 2020.

According to Dmitry Stetsenko, the head of the Kaspersky Lab’s group of system architects, attacks, almost undetected by standard antiviruses, through supply chains and BEC (Business Email Compromise) are gaining more and more popularity. After infecting the system, attackers prefer to use legal IT tools to develop attacks, which also complicates data protection.

Yevgeny Gnedin, head of Analytics at Positive Technologies, believes that attacks to steal information will prevail over attacks with the aim of direct financial theft. "Especially if the company does not provide ongoing monitoring of information security events and the investigation of cyber incidents," said the representative of Positive Technologies.

The Russian President created a new Department for information security


Russian President Vladimir Putin signed a decree increasing the number of departments of the Ministry of Foreign Affairs of Russia from 41 to 42.  According to the Facebook page of the Department, the new 42nd Department of the Russian Foreign Ministry will deal with international information security, including the fight against the use of information technologies for military-political, terrorist and other criminal purposes.

The decree came into force on December 27, 2019.  The number of employees of the Central office of the Russian Foreign Ministry increased from 3,358 people to 3,391 people. The decree establishes a staff payroll for a year in the amount of 3,521,914.7 thousand rubles ($57,000).

Employees of the Department will have to propose measures to improve legislation to make it easier to cooperate with other countries and international organizations on the topic of information security.

"The main idea of the department is the development of generally accepted rules for conducting a cyber environment and for a collective response to challenges,” said Maria Zakharova, an official representative of the Russian Foreign Ministry.

Earlier, at the end of 2018, the Permanent Representative of Russia in Vienna, Mikhail Ulyanov, announced that a new information security division would appear in the structure of the Ministry of Foreign Affairs. He noted that the decision was made due to the fact that information threats have recently become more relevant.

Recall that on December 28, it became known that the UN General Assembly adopted a resolution proposed by Russia to combat cybercrime.  The US did not support the initiative, considering the document redundant, as there is already an agreement on cybercrime, it's the Budapest Convention

The American side believes that the resolution is beneficial to Russia to create the necessary "type of control over the Internet space."

The Russian Foreign Ministry called the adopted resolution a new page in the history of the fight against cybercrime, stressing that the document actually secured the digital sovereignty of States over their information space.

90% of Russian entrepreneurs faced external cyber threats, says ESET


The antivirus company ESET conducted a comprehensive study on the state of information security in Russian companies, interviewing dozens of IT Directors and business owners.
According to the study, 90% of Russian companies faced external cyber threats and about 50% faced internal ones. Among external cyber threats spam (65%), malware (47%) and encryptors (35%) are leading.

The distribution of malicious software is closely linked to the activity of spammers and phishers who seek to lull the employee's vigilance and force him to follow a malicious link or download a dangerous file. At the same time, many respondents noted that often viruses, Trojans and other malware got on devices because of the human factor - employees used unverified external drives or installed unwanted software.

In addition, 7% of respondents experienced the loss of corporate smartphones, tablets or laptops with confidential information by employees.
It is worth noting that specialists from the CIS often face internal problems of information security. At the same time, Russian companies often had to repel more serious threats: DDoS attacks, phishing, encryptors.

Every fifth Russian company suffered from accidental data leaks due to a lack of knowledge of the security rules for employees working with confidential information. At the same time, Russian IT managers are concerned about the protection of personal data of employees (60%), which is also due to the tightening of the relevant norms of Russian law.

90% of respondents reported that they use anti-virus solutions, 45% control the work with external drives, 26% implement financial protection systems and 28% fight against DDoS attacks. In addition, managers are increasingly turning to third-party companies for audits to ensure information security (15%). At the moment, according to experts, outsourcing security is one of the trends in cybersecurity.

At the end of 2019, 5% of Russian companies are not satisfied with the state of information security and would like to increase the budget. Moreover, with the growth of the number of computers, the level of dissatisfaction and the desire to increase the budget for information security are growing.

In Berlin, Russian and German scientists discussed the danger of smart gadgets


By December 15, on behalf of President Vladimir Putin, the Russian government should prepare a Federal project "Artificial intelligence", which will prescribe tasks and measures to support the development of digital technologies in the country until 2030. Meanwhile, an inter-University conference was held in Berlin with the participation of Moscow specialists, aimed at attracting promising personnel to the Russian Federation for the development of the digital economy.

According to Pavel Izvolsky, the director of the Russian House of Science and Culture in Berlin, such events help to improve relations between Russian and foreign universities and research centers in the field of innovative digital technologies.

Nevertheless, talented students from other countries, even such economically and technologically successful ones as Germany, have a lot to learn in Russia. According to Izvolsky, such simple things for Russians, as paying for Parking from a mobile device or obtaining various certificates through the portal of public services, are not yet available for the Germans.

"In this sense, it's just a Stone Age," stated Izvolsky. The topics discussed were various, from the use of blockchain technologies in the banking sector and the introduction of intelligent transport systems in megacities to ensuring cybersecurity in the everyday sense when it comes to the use of gadgets by children.

The report of the leading content analyst of Kaspersky Lab Andrei Sidenko caused a great response. He talked about how the younger generation spends time on the Web, what threats are most often exposed and how parents react to it. For example, surveys have shown that for the first time children get access to smartphones from the age of three, and by the age of 11-14, 37 percent of young

Russians have personal gadgets. In the same studies, 85 percent of domestic teenagers answer that
they can not do without a mobile phone, and almost all the free time 15-18-year-old schoolchildren spend almost all their free time on the Internet. But every third parent does not know what exactly his child is watching on the Web. Children are in a rather vulnerable position: they share personal data, open "adult content", are subjected to cyberbullying or are involved in communication with dubious persons, and so on.

The discussion on digitalization in Berlin was the next in a series of international inter-University conferences that Rossotrudnichestvo (the Federal Agency for the Commonwealth of Independent States, Compatriots Living Abroad and International Humanitarian Cooperation) has already held in India, Indonesia and Iran. As a result of the past conferences, memorandums of cooperation between Russian and foreign universities were signed.

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

Rostelecom to setup honeypot to deal with hackers


The largest Russian provider of digital services and services Rostelecom offered telecom operators to set traps for hackers - honeypots.

The concept of creating a new cyberattack warning system was presented at a meeting of the Information Security working group as part of the Digital Economy national project.

It is known that we are talking about creating special software that will simulate the vulnerability of the server, seeing which hackers try to hack the network of companies. At this time, the program will record all the actions of the attacker and send them to specialists. Experts of Rostelecom are sure that in this way it will be possible to collect information about new methods of hacking.

Operators must set these traps themselves and exchange data with other companies. At the same time, Rostelecom's concept does not imply state financing of the project, and the company does not specify the cost of the entire system.

According to the head of the Russian research center Kaspersky Lab Yuri Namestnikov, businessmen will incur minor expenses. Basically, the money will be used to select specialists and improve servers and security.

IT-experts call telecom operators one of the most interested users of honeypots.  Positive Technologies expert Dmitry Kasymov said that telecom operator can’t be called secure in principle. "During the conduction security audits, we identify many vulnerabilities that allow attackers to leave subscribers without communication, listen to their conversations and intercept SMS, use communication services at their expense and even bypass the operator's billing systems.

These security flaws are already being exploited by hackers, even for stealing money from Bank accounts," explained he.

So, many Russian mobile operators supported Rostelecom's initiative to create a system of honeypots, as the infrastructure of these telecommunications companies still suffers from cybercriminals.

However, Kaspersky Lab experts warn that misuse of the honeypot concept can be dangerous. If you do not configure this type of system properly, it can become a source of additional threats to the network infrastructure.

Russian banks discovered a new virus to steal money


From this year, hackers began to use new viruses that can enter the bank’s application on a mobile device and withdraw money from the victim’s account. Two Russian banks have already reported on this type of fraud.

Hackers use a new type of attack for the Android operating system. Fraudsters disguise viruses as applications or distribute them as links. After downloading and installing such a file, the virus begins to perform its functions without the user's knowledge. The programs are able to automatically transfer money from the victim's account to cybercriminals through the available mobile banking application.
Group-IB specialists first discovered such an attack in the spring of 2019. Then the new mobile Trojan Gustuff was modified, which appeared in December 2018 and created by a Russian-speaking hacker. This type of virus, experts noted, threatened only 100 foreign banks.

A new type of Trojan attacked at least two Russian banks in 2019 - Moscow Credit Bank and Post Bank. Representatives of the first noted that there are few cases of theft. The second confirmed one-time problems and talked about preventing fraud.

"From July 2018 to June 2019, hackers were able to steal 110 million rubles (1,7 million $) with the help of Trojans for Android," reported Group-IB.
However, compared to the same period last year, the indicator fell by 43%. It is reported that now hackers have mainly switched to the international market and only in rare cases continue to modify the application to attack the Russians.

According to the representative of Group-IB, the activity of Trojans in Russia decreased after the detention of the owners of the largest Android botnets, as a result of which hackers switched to the international market.

"However, some attackers modify applications and sell Trojans for subsequent attacks on users in Russia. This is a rare practice."

Earlier, the head of the Computer Security Association, Roman Romachev, said that data leaks will continue until banks become responsible for this.

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

The data of Alfa-Bank's clients is sold on the black market


The data of Alfa-Bank credit card holders, as well as Alfa Insurance customers came up for sale in the Darknet. The bank confirmed the leak saying that it affects a few customers and does not pose a threat to the money in the accounts.

Seller who published the ad on a hacker forum said that he has up-to-date data on about 3,500 Alfa-Bank customers and about 3,000 Alfa Insurance customers. The ad was published on October 31, the seller registered there on the same day.

To verify the data, the seller suggested to look at 23 contracts. They contained the full name, mobile phone number, passport data, registration address, the amount of credit limit or issued insurance, the subject of insurance, as well as the date of conclusion of the contract. According to the seller, all contracts of Alfa-Bank are issued in October.

When the investigator tried to transfer money by phone number, in 11 of the 13 credit card contracts, the names and first letters of the surnames matched. Also he phoned up nine customers, most of them confirmed that they had recently issued a credit card at Alfa Bank. Fraudsters have already managed to make a call to one of the clients, after which he blocked the card.

Alfa-Bank confirmed the leak. "At the moment, it is reliably known about the illegal distribution of personal data of 15 clients. The occurrence of this situation is not the result of a violation of the protection of the corporate information system of the Bank, " - said the representative of the Bank.

According to him, the leak does not pose a threat to customer accounts, as it does not have data to access them.

Indeed, the contracts do not contain card numbers and CVV-codes, so fraudsters will not be able to get direct access to the money. However, they can use the information to call a customer under the guise of a Bank and find out the necessary information to steal money.
Alfa Insurance has introduced additional security measures and is investigating the publication of customer data.

Recall, in early October Sberbank confirmed of credit card accounts, which affects at least 200 customers of the Bank. It was announced that 60 million credit cards were in the public domain.

The Ministry of Internal Affairs of Russia to create a Department to combat crimes in the IT-sphere


The Ministry of Internal Affairs will have units to combat crimes committed using IT-technologies. Units will be formed without increasing the staff.

This decision was made by Vladimir Kolokoltsev, the Minister of Internal Affairs of the Russian Federation, at a meeting of the Collegium of the Ministry of Internal Affairs of Russia, which was held as a video conference with all regions of the country. The meeting was attended by representatives of the Central Bank of the Russian Federation, the Ministry of Finance, Roskomnadzor, Rosfinmonitoring and a number of leading financial institutions.

The purpose of the creation of such units is to increase the efficiency of the prevention and suppression of crimes in the IT-sphere, as well as improving the skills and training of the most trained employees in identifying, revealing and investigating crimes committed using information and telecommunication technologies.

According to the Ministry of Internal Affairs, every seventh crime in Russia is committed in the field of IT-technologies. Law enforcement agencies in recent years have noted an increase in the number of crimes committed using the Internet, including fraud, drug distribution, theft of funds and other crimes.

At the moment, Vladimir Kolokoltsev instructed the heads of operational headquarters to prepare documents that will determine the structure, powers and functions of the new units to combat cybercrime.

Currently, the Office “K” of the Ministry of Internal Affairs is engaged in crimes in the field of information technology. In particular, the employees of this Department are engaged in the fight against illegal trafficking in electronic equipment and special technical equipment.

Earlier, E Hacking News reported that the Ministry of Internal Affairs will create a portal for complaints against hackers. The resource will be continuously and automatically collect data about the threats.

How the Internet isolation law will change the life of Russian business


On November 1, the law on the isolation of the Runet came into force. Some companies spend millions to switch to Russian servers and local social networks, while others completely shut down business in the country.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

According to Alexandra Kurdyumova, senior partner at Versus.legal law firm, we are talking about devices and software that works on the principle of DPI (deep packet inspection). The technology monitors not only where the traffic is going, but also analyzes its contents.

"If something seems suspicious to Roskomnadzor, it will be able to disable the malicious resource without the participation of Telecom operators," explains Kurdyumova.

New features of the regulator alerted the entire network business. If the company's website runs on a foreign server (for example, Amazon), uses Google Analytics for data analysis or conducts sales via Instagram or other foreign social networks, it risks losing access to usual tools, if Roskomnadzor wants it.

“I see a lot of risks in the law on the isolation of the Runet. Therefore, within six months we will transport employees to the United States and Poland. About 10% of employees will remain in Russia so far to support current customers”, said Roman Kumar Vyas, founder of the marketing Agency Qmarketing and co-owner of the cleaning service Qlean.

According to Albert Oskanov, co-founder and CEO of Oskelly clothing marketplace, the authors of the bill do not quite understand what they are going to do, do not realize the consequences. Their actions can lead to serious disruptions in the work of some Russian companies.

Sergey Demin, IT Director of IT outsourcing company G-Support, believes that the centralization of the network infrastructure does not make it more stable, but bites it. A very easy target appears for hackers. As a result, users will migrate to the Darknet and there will be constant attacks on the IT infrastructure of regulatory authorities.