Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Russian experts says the number of cyber threats increased during COVID-19

Cyber attack prevention experts recorded a sharp increase in the number of cyber threats and outlined the main trends in computer crimes during the COVID-19.

The report was presented at the international forum of the Academy of Management of the Ministry of Internal Affairs of the Russian Federation "Strategic development of the system of the Ministry of Internal Affairs of Russia: state, trends, prospects".

The main conclusion of the study is the rapid growth of computer crime, primarily financial fraud using social engineering, as well as the exploitation of the COVID-19 theme in malicious mailings, switching operators of encryption viruses to large targets, as well as active recruitment of new participants to criminal communities.

According to the Ministry of Internal Affairs, one of the main trends of digital transformation is the development of remote methods of committing crimes, crimes have gone from offline to online. Almost 70% of registered crimes related to illegal arms trafficking in 2020 were committed using the Internet - remotely and anonymously. The same applies to the illegal sale of drugs, counterfeit money, securities and documents.

Throughout 2020, Group-IB recorded an increase in the number of financial scams using social engineering - vishing, phishing -the victims of which were mainly Bank customers.

At the same time, the fraud implementation schemes themselves have not actually changed. The main motive of cybercriminals is the same: stealing money or information that can be sold. Now it is popular to sell fake digital passes, send messages about fines for violation of quarantine, fake courier sites, fraudulent mailings on behalf of the Zoom video conferencing service.

This year has given birth to even more groups and partner programs, as well as new collaborations. So the operators of the QakBot banking Trojan joined Big Game Hunting, and recently the FIN7 group, which actively attacked banks and hotels, joined the REvil ransomware partner program. The size of the ransom has also increased significantly: cryptolocker operators often ask for several million dollars, and sometimes tens of millions.

Russian military companies were reportedly attacked by hackers from North Korea

North Korean hacker group Kimsuky has reportedly conducted several attacks on the Russian military-industrial complex in order to obtain military and technological secrets of Russia

According to the cybersecurity company Group-IB, attacks by hackers from the Democratic People's Republic of Korea on the Russian defense industry took place in the spring of 2020. North Korean cyber criminals sought to obtain data from aerospace and defense companies, as well as from enterprises that produce artillery equipment.

Telegram-channel SecAtor reported that Rostec was among the companies that were attacked. RT-Inform, a subsidiary of Rostec that deals with information security, did not confirm or deny these data, but noted that the number of cyber attacks on the resources of the state corporation increased from April to September.

"Most of the attacks were poorly prepared and did not pose a significant threat when they were exposed, but this could only be preparation," said RT-Inform.

Experts believe that in this case, hackers from the DPRK will soon launch new, more well-prepared attacks.

Kimsuky is also known by the names Velvet Chollima and Black Banshee, it is engaged in cyber espionage. According to Group-IB, North Korean hackers previously attacked facilities in South Korea, but then engaged in enterprises in the production of artillery equipment and armored vehicles in Russia, Ukraine, Slovakia and Turkey, using fraudulent mailings.

According to Denis Legezo, a cybersecurity expert at Kaspersky Lab, some fraudulent emails from North Korean groups contain information about vacancies in the aerospace and defense industries. He believes that this indicates the interest of hackers in industrial espionage.

As reported by E Hacking News, in September in Russia there were cases of attacks by the Chinese hacker group Winnti on software developers for banks, as well as on companies in the construction sector. Winnti has previously repeatedly hacked the networks of industrial and high-tech companies from Taiwan and Europe, but the group's activities have not yet been reported in Russia.

Money stolen from bank accounts of Russians twice as much as last year

In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled.

According to the Prosecutor General's Office, now every fifth fact of theft is associated with the theft of funds from accounts.

The Central Bank said that hacker attacks are more frequent in 2020, but the effectiveness of attacks on banks has not increased. Fraudsters are now increasingly trying to deceive citizens using social engineering, so the number of calls has increased four times. At the same time, new criminal schemes have not appeared, but now criminals have begun to actively use the topic of COVID-19.

Vitaly Trifonov, Deputy head of the Group-IB Computer Forensics Laboratory, explained the reasons for the increase in attacks: "On the one hand, this is facilitated by the gradual digitalization of life, when more and more people make purchases online, pay with a card and use an ATM less. On the other hand, there are simple and working fraud schemes that do not require special skills or investment”.

Moreover, in the past year and a half, cases of theft of money from citizens using social engineering methods have become more frequent in Russia. According to a study by Digital Security, when files are transferred via email and cloud services, metadata about them is saved and used by fraudsters.

Spending on information security in Russia will increase eightfold

Russia intends to sharply increase the cost of information security, and mainly on cryptography, and not on personal data protection

According to the published draft of the Federal budget for the next three years, it was decided to increase the expenditures on information security in the amount of 2 billion rubles (25 million dollars) initially laid down for 2022–2023 to 16 billion rubles (204 million dollars). This is the most significant increase in the budget in comparison with other Federal projects included in the Digital Economy direction.

The authorities plan to pay the greatest attention to the development of domestic cryptography, the functioning of cyber polygons, filtering Internet traffic and countering computer attacks. At the same time, the creation and operation of the national center for the introduction of modern cryptography methods can take over more than half of the total budget of the Federal project.

Budget money should also be used to analyze the security of state systems. However, the largest expenditures are allocated for the technical implementation of various project areas: equipment, specialized software, and staffing and production support.

The disadvantage of the project is the lack of measures aimed at preventing data leaks and protecting the personal information of Russians. Analysts pointed out that it would be logical to allocate part of the funds to system security in matters of interaction between the state and citizens on digital platforms. In addition, according to market participants, specialized education and training of qualified specialists receive insufficient funding.

Ivan Mershkov, technical Director of NGRSOFTLAB, said that it is critically important to envisage measures to increase digital literacy among the population. The number of phishing attacks shows explosive growth, which will only increase with the increase in digital consumption.

Nevertheless, the increase in funding for this federal project was seen as a good sign, indicating that the issue of cybersecurity is coming to the fore in Russia.

Russian authorities prohibit modern Internet protocols because they make it difficult to block websites


 The Ministry of Digital Development of Russia wants to ban the use of experimental encryption protocols DNS over TLS, DNS over HTTPS and ESNI in Russia, which can be used to bypass access blocks to prohibited sites. Experts warn that to implement such a ban, it will be necessary to block the servers of Google, Cloudflare and Cisco.

On September 21, the Ministry submitted for public discussion a bill that prohibits the use of encryption protocols in the Russian Federation, which allow to hide the name of an Internet page or site. In particular, the Ministry believes that this will help to increase the effectiveness of blocking sites that are prohibited in the territory of the Russian Federation.

According to the head of the Ministry of Digital Development Mister Shadaev, all the advantages of the new DNS request encryption protocols for users are obvious, "but we must understand that their wide distribution will also allow us to bypass all existing filtering and blocking systems for prohibited sites, including sites that contain illegal content."

"Mozilla decided last year to enable DoH Protocol in Firefox by default. DoH Protocol is also already included in the Google Chrome browser. Naturally, all this creates opportunities for many users of these browsers to go to blocked sites and bypass the parental control mode. I don't think that many parents would be very happy about this," the Minister explained the need to develop the bill.

So, mister Shadaev gave an example when, at the request of the UK government, Mozilla agreed not to include the DoH function in its browser by default for users in this country. The head of the Ministry of Digital Development noted that this was done largely under pressure from the public and the Association of British Internet service providers. 

Russian-speaking hackers attacked Russian companies and demanded ransom

Group-IB recorded a successful attack by the criminal group OldGremlin on a Russian medical company. The attackers completely encrypted its corporate network and demanded a ransom of $50,000.

Russian-speaking hackers from the OldGremlin group attacked several Russian companies, despite the ban: among cybercriminals, there is an unspoken rule "do not work on RU".

According to experts, since the spring of 2020, hackers from OldGremlin have conducted at least nine attacks on Russian companies. It is noted that they send malicious emails allegedly on behalf of the Russian media holding RBC, the Russian metallurgical holding, the Minsk Tractor Plant, the Union of microfinance organizations and other individuals and enterprises. Under various pretexts, attackers are asked to click on the link and download the file. After trying to open it on the victim's computer, the backdoor malware TinyPosh runs.

This time a large Russian medical company became the victim of the criminals. After gaining access to the computer of one of the employees, they deleted the organization's backups, and also spread the TinyCrypton ransomware virus on the computers of the employees. As a result of their actions, the work of regional branches of the medical company was stopped. Then the hackers demanded a ransom: they wanted to get 50 thousand dollars in cryptocurrency for restoring access.

"The lack of a strong communication channel between organizations that resist cybercrime, as well as the difficult political situation, lead to the emergence of new criminal groups that feel safe," said Rustam Mirkasymov, head of the dynamic analysis of malicious code at Group-IB. The expert also stressed that businesses often underestimate the threats posed by cybercriminals, and do not use the necessary means of protection. 

Russia is planning to create a working group to protect the digital rights of citizens

The Presidential Council for the Development of Civil Society and Human Rights is planning to create a working group. Its specialists will protect the digital rights of Russians

In Russia, a group will be created whose task will be to protect the digital rights of citizens. This was announced by the head of the Presidential Council for the Development of Civil Society and Human Rights Valery Fadeev.

Members of the working group will try to understand how to minimize the damage from progress in the field of IT technologies, he explained.

According to him, the process of digitalization has not only a positive impact but also a negative one. "Digitalization cannot be stopped, progress, of course, cannot be stopped. As with any powerful technological or technical process, there are always various negative sides, negative aspects, and they accumulate, “ said Fadeev at the round table "Digital threats to human rights".

Negative examples include bullying on social networks and surveillance of people through city surveillance cameras.

"Today there was a message in the media that Anna Kuznetsova filed a lawsuit. The girl conducted an experiment – she bought online from someone for 16 thousand rubles ($213) information about where she was last month, providing her photo. Two days later, she received information from Moscow cameras,” said Mr. Fadeev.

Examples like these show that there is a security problem in the digitalization space. People are no longer protected and cybercriminals take advantage of this. Another problem is a fraud, which has begun to actively manifest itself on the network. Therefore, the main task of the working group is to understand how to minimize the damage from progress in the field of IT technologies.

Criminals sending malicious emails claiming to be from the rector of Moscow State University

A malicious program that steals passwords was sent out in mid-September by scammers in letters claiming to be from the rector of Moscow State University. The recipients were financial, industrial, and government organizations in Russia.

The mailing, as noted in the company Group-IB, was held in the period from 9 to 16 September.

"In the letter, the attackers, on behalf of rector Viktor Sadovnichy, ask recipients to read the attached document “ A description of the budget for 2020” and promptly send their commercial offer,” reported the company's press service.

The texts of the letters are illiterate and contain stylistic errors. In addition, the order of words and sentences indicates that fraudsters use an automatic translation program. The authors of the letter were too lazy to change or check all the links in the template before sending them out. Probably, similar attacks have already been carried out on behalf of other universities, most likely foreign ones.

The addresses of Moscow State University were indicated as the sender in the letters. In fact, the correspondence was sent from the hacked mail server of the Hotel Alfonso V in the Portuguese city of Aveiro. The hotel has already been notified of the break-in.

All the scammers’ emails contained an archive called "Request for a commercial offer" with an executable .exe file inside. After it was launched, a malicious program was installed on the user's device that could steal usernames and passwords.

"In the future, hackers can use them to gain access to email accounts or crypto wallets, for financial fraud, espionage, or sell stolen data on hacker forums,” said Group — IB.

According to Vasily Kuzmin, Deputy head of the information technology department of Moscow State University, neither the rector nor the University administration ever send letters with such content.

Russian cloud storage will protect user data before elections


The creation of the Russian cloud services will allow protecting confidential data of not only ministries or departments, but also of ordinary Internet users, said political analyst Yuri Samonkin.

MTS group of companies announced the launch of a cloud service with an increased level of protection. It is assumed that the new service will be in demand among government organizations, ministries, departments and private companies that carry out government orders, said Oleg Motivilov, Director of MTS cloud business. According to him, the new system meets all the requirements of the law on personal data protection.

Russia is one of the leaders in the development of Internet technologies, said Yuri Samonkin, President of the Eurasian Institute of Youth Initiatives. He believes that the current realities of the Internet dictate the need to create new digital solutions, such as cloud storage.

According to him, many Russians use Western social networks and other Internet resources. Therefore, the issue of protecting their personal data, which is often "leaked", is very relevant.

On the eve of the upcoming elections, the issue of cyber defense is becoming even more acute. It is necessary to protect from external interference not only the personal data of the voters themselves but also the servers of the relevant departments.

"State and municipal portals should be located not on Western servers, but on domestic ones. This will avoid information leakage and hacking", concluded Mr. Samonkin.

Earlier, E Hacking News reported that Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. 

DDoS attacks from the USA, UK, Ukraine were recorded during the voting in the Russian Federation

Andrey Krutskikh, special representative of the President of Russia for international cooperation in the field of information security, said on Monday at a conference on cybersecurity that the sources of DDoS attacks on Russian government agencies during the voting on amendments to the constitution were recorded from the United States, Great Britain, Ukraine and a number of CIS countries.

He noted that in 2020, attacks with the aim of affecting critical infrastructure and electoral processes have become commonplace.

"For example, during the voting period on amendments to the Constitution of the Russian Federation (June 25 - July 1 this year), there were large-scale attacks on the infrastructure of the Central Election Commission and other state bodies of Russia. Sources of DDoS attacks with a capacity of up to 240 thousand requests per second were recorded from the United States, Great Britain, Ukraine and a number of CIS countries,” said the special representative of the President of the Russian Federation.

According to Krutskikh, in 2020, the problems that all countries face in the information space are growing like a "snowball". Thus, the volume of illegal content, including terrorist content, distributed on the Internet is increasing, and the implementation of destructive actions of states in the information space is becoming the norm.

"The concepts adopted in some countries for preemptive cyber strikes and offensive actions in the cyber sphere do not add the optimism,” stated Mr. Krutskikh.

It is interesting to note that during the six days of voting, officials reported one major attack, it occurred on the evening of June 27. Artem Kostyrko, head of the department for improving territorial administration and developing smart projects of the Moscow government, explained that hackers tried to influence the system through a service for monitoring online voting.

Chinese hackers targeted about five Russian developers of banking software

Chinese hacker group Winnti attacked at least five Russian developers of banking software, as well as a construction company. According to Positive Technologies, the names of banks and developers are not disclosed.

Positive Technologies noted that the implantation of special malicious code by hackers at the development stage potentially allows them to get access to Bank data. After the code is implemented onto the infected machine, a full-fledged backdoor is loaded to investigate the network and steal the necessary data.

Andrey Arsentiev, head of analytics and special projects at InfoWatch, explained that previously Winnti hacked industrial and high-tech companies from Taiwan and Europe through attacks on the software supply chain, but now, apparently, it has decided to switch to Russian companies.

According to him, there is a rather complex software supply chain in the financial sector, so Winnti may be interested not only in obtaining direct financial benefits but also in corporate espionage. As for the construction industry, Chinese hackers may be aimed at obtaining trade secrets, which in turn may be related to the plans of Chinese companies to expand into the Russian market. Mr. Arsentiev came to the conclusion that, in this way, hacker attacks would allow studying the strategy of potential competitors

Nikolay Murashov, deputy director of the National Coordination Center for Computer Incidents, said that organizations involved in software development and system integration accounted for about a third of all targeted attacks in the Russian Federation in recent years.

According to Mikhail Kondrashin, technical director of Trend Micro, attacks specifically on software developers for banks open up endless opportunities for subsequent attacks. The appearance of such attacks actually changes the rules of information security in the field of development: it is no longer just about developing secure code, but rather protecting the infrastructure itself.

The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime

The Ministry of Internal Affairs of Bashkortostan is ready to cooperate with white hackers and programmers to solve Internet crimes together with them. Law enforcement agencies want to attract volunteers-experts from among students-programmers to solve cybercrimes.

According to Major General of Justice, Deputy Minister, Head of the Main Investigation Department of the Ministry of Internal Affairs of the Republic of Bashkortostan Oleg Oleinik, the regional department of the Ministry of Internal Affairs is working together with the Regional Center of the Volunteer Movement and the police already have experience in cooperation with young programmers.

Recall that in the last two years, the number of cybercrimes in Bashkortostan has grown by almost 2.5 times: if in 2018, 2,500 cybercrimes were recorded, in 2019 – 6,300, then in the seven months of 2020, 6,500 cases have already been opened. Fraudsters use social engineering methods and debit money from cards of victims without any special technical means.

The Bashkortostan police said that they are ready to cooperate with IT companies that are also interested in eliminating cyber fraud. 

The interim head of the Department for Disclosure of General Criminal Frauds and Theft Committed Using Information and Telecommunication Technologies of the Criminal Investigation Department of the Ministry of Internal Affairs Marat Guzairov said that the crime is especially developed in the DarkNet, where databases are uploaded, weapons, drugs are sold, and pornography is distributed. Violation of the law occurs with the help of messengers, as well as resources blocked by Roskomnadzor, which can be accessed using certain programs.

According to the police, many young people are aware of this and could transfer their knowledge to law enforcement agencies.


The Russian quality system (Roskachestvo) reported on the new traps of scams in WhatsApp

The absolute majority of fraud in WhatsApp occurs through social engineering when the text prompts the user to click on a link or download a file, said Ilya Loevsky, deputy head of Roskachestvo. So, criminals often make mass mailings with various profitable offers or lotteries to encourage the user to participate and click on an infected link or download a suspicious file.

"As a rule, hackers use big names of companies, such as Google, Apple, Facebook, hot topics like COVID-19, or super-profitable offers (last year it was a "promotion" about 1000 free gigabytes of the Internet for the 10th anniversary of the service). Fraudsters often fake official WhatsApp profiles by copying the name and design,” the expert gives examples.

According to the expert, sending such messages to your contacts is undesirable, as it only contributes to the spread of fraud.

However, after clicking on a malicious link, anything can happen to the victim, from stealing personal data to withdrawing funds from their card.

It is interesting to note that in June 2020, ESET reported a phishing attack aimed at the audience of WhatsApp and Telegram messengers. Users received messages asking them to fill out a questionnaire and get four barrels of beer from a famous brand as a gift.

One of the conditions for participation in the campaign was the mandatory forwarding of messages to ten contacts in WhatsApp.

In January of this year, a similar phishing attack was launched on WhatsApp users. Victims were lured by messages that a famous sports brand was celebrating an anniversary and giving t-shirts and shoes. To receive gifts, users were encouraged to click on the link.

Loevsky concluded that sometimes messages from unknown users may contain just forwarded files that spread panic in society, so it is better to disable auto-upload of media files in the messenger settings and not accept files from unknown accounts.

More than 100 websites selling air tickets in Russia turned out to be fraudulent

Cybercriminals continue to deceive people. According to the Group-IB, over the past few months, more than 100 fraudulent sites in the field of online ticket sales have appeared on the Network.

If in July there were about 30 such pages, in August there were about 100, said Yakov Kravtsov, head of the anti-counterfeit department of the company's brand protection department.

"The last one and a half to two months there has been a boom in the creation of phishing and fraudulent resources related to ticket sales,” said Mr. Kravtsov.

He noted that most of these portals are dedicated to selling air tickets. There are also websites where it’s possible to book hotels and rent cars. Criminals use these sites to get people's card data and money.

Most of these resources are currently blocked, but you still need to be careful. According to Kravtsov, fraudsters often take the brands of well-known aggregators for ticket sales or act under the name of large air carriers.

"Some resources were created before the quarantine, but because of the pandemic, these sites were activated when the borders began to open,” said Mr. Kravtsov. He recommended paying attention to the domain name of the resource and not trust “crazy discounts".

Earlier, E Hacking News reported that  Group-IB together with the Federal Tax Service (FTS), identified the activity of fraudsters in the Network. Criminals send phishing emails on behalf of the tax service.

Russians were warned about phishing emails on behalf of the tax service

Experts of the company Group-IB, specializing in the prevention of cyberattacks, together with the Federal Tax Service (FTS), identified the activity of fraudsters in the Network. Criminals send emails to legal entities and state institutions allegedly on behalf of the tax authorities.

All emails of attackers looked the same. They said that the recipient must appear at the Federal Tax Service to "give evidence about the flow of funds”. Before visiting the institution, the recipient of the letter was required to fill out a special form, which was attached in the letter as an archive with a password. The password was also attached in the email. This scheme allowed bypassing antivirus protection. When the archive was opened, a program for remote access to it was installed on the user's computer.

"The Federal Tax Service of Russia does not send letters to taxpayers about the existence of debt and offers to pay the debt online,” reported the press service of the FTS.

The mailing started at the end of July and continues to this day. Emails are sent to employees of oil and mining companies, airports, Telecom operators, and other organizations.

Experts are discussing the possibility of introducing a new article "Tax fraud” into the criminal code of the Russian Federation.

Moreover, according to Igor Bederov, General Director of the Internet Search company, in total, there are more than 1 million fake websites in Russia, up to 1 million messages are sent per day. He added that the share of phishing messages today can be up to 10% of the total volume of e-mail messages.

It is difficult to calculate the total amount of damage to organizations caused by phishing attacks, but one such successful attack can cost an average of 2,000 to 50,000 rubles ($27-680).

Earlier, E Hacking News reported that Kaspersky Lab experts described a discovered method of corporate phishing. Phishing attacks claiming to be from HR steals bank employees credentials.

Group-IB has identified a group of hackers engaged in corporate espionage

The hacker group RedCurl hacked companies around the world and stole corporate documents. The damage from its activities can amount to tens of millions of dollars

Group-IB, a cybersecurity company, has uncovered a previously unknown hacker group that engaged in corporate espionage.

B Group-IB found that in total, the group carried out 26 attacks on companies from such sectors as construction, finance, retail, banks, insurance, tourism. The hackers targeted commercial organizations in Russia, the United Kingdom, Germany, Canada, Norway, and Ukraine.  The victims of the hackers were 14 organizations. At the same time, at least 10 companies were attacked in Russia.

The group allegedly consists of Russian-speaking hackers. Group-IB notes that RedCurl used a unique tool that allowed it to remain unnoticed for a long time for its victims.

The first known hacker attack occurred in May 2018. Hackers used phishing emails to access corporate information. Most often, employees of one Department of the victim company received an email allegedly from the HR Department, for example, about annual bonuses. The fake emails contained the company's signature, logo, and fake domain name.

When opening bonus documents attached to emails, a Trojan was launched on the victim's computer, which was controlled by RedCurl through legitimate cloud storage. Using them, as well as the PowerShell language in the development of Trojans, allowed hackers to remain unnoticed for a long time for traditional cyber defenses.

After that, hackers analyzed the contents of hard drives of users and stole information. First, they were interested in business correspondence, trade secret documents, personal data and passwords of employees.

At the same time, the launched Trojans continued to spread within the victim's network, infecting more and more computers. Group-IB specialists found that the hackers stayed there from two months to six months. According to Rustam Mirkasymov, head of the Group-IB Dynamic Malware Analysis Department, despite the absence of direct financial damage, indirect losses of victim companies from RedCurl actions can amount to tens of millions of dollars.

Experts continue to record new attacks by the hacker group in different countries of the world.

Number of Cyber Attacks from Germany Increased, says Russian Foreign Minister

In the period from 2019 to 2020, Russia registered a sufficient number of cyberattacks from Germany to Russian facilities and organizations. This was stated by Russian Foreign Minister Sergey Lavrov after talks with his German counterpart Heiko Maas. 

Moscow is concerned about the situation with cooperation with Berlin on cybersecurity. "We expressed concern to the German side about the situation in our interaction on cybersecurity,” said Lavrov.

"We noted that last year and this year a significant number of cyberattacks were registered against objects and organizations in Russia, coming from the German segment of the Internet,” said the Russian Minister said.

Recall that at the end of May, the German Foreign Ministry summoned the Russian Ambassador in Berlin, Sergei Nechaev. He was informed that the Prosecutor General's Office of Germany had put on the wanted list a Russian Dmitry Badin on suspicion of participating in a hacker attack on the Bundestag in April-May 2015. 

In addition, the Department reported that Berlin plans to activate the cyber sanctions regime against Russia because of this case. The EU cyber sanctions regime came into force in May and has not yet been applied. Restrictive measures under this regime may include asset freezes, as well as travel bans to EU countries. The imposition of sanctions requires the unanimous approval of all member countries.

The Russian Foreign Ministry said that Berlin did not provide evidence of Russia's involvement in the hacker attack, and strongly rejected the charges. As Andrei Krutskikh, Director of the Department of International Information Security of the Russian Foreign Ministry, said earlier, Moscow offers Berlin to hold consultations on cybersecurity, this would help to settle many claims.

The Russian Federation leads in the number of users monitored via smartphones


In the first six months of 2020, the number of gadgets with Stalker software in Russia increased by 28% compared to the same period in 2019.

"This probably happened because as a result of self-isolation, many people began to spend much more time at home,” said Viktor Chebyshev, an expert on mobile threats at Kaspersky Lab.

He explained that such programs are often installed to spy on their loved ones, allowing them to access the contents of a mobile device, as well as to spy on a person through a smartphone camera in real-time. They are often used by initiators of domestic violence. All Stalker software is not free.

"There have always been jealous spouses and those who just want to look into someone else's life, and the development of IT has given such people additional opportunities," said Andrey Arsentiev, head of Analytics and special projects at InfoWatch Group.

According to Kaspersky Lab, the number of users on whose mobile devices Stalkerware is installed is increasing not only in Russia. In Europe, such programs are most often found in German, Italian and British users.

It is interesting to note that the anti-stalker software coalition was formed in November 2019. It was named Coalition Against Stalkerware. In addition to Kaspersky Lab, it includes 20 organizations. One part of them works in the field of information security, the other helps victims of domestic violence. The coalition is working to raise awareness among people about the threat of stalker software, as well as to counter the crimes that are committed using such programs. 

Number of fake delivery services increased in Russia


Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites.  Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.

The expert noted that the peak of the appearance of such Internet resources was recorded in April.

In addition to food sites, experts found fake Samsung online stores and Citilink online electronics hypermarket.

These sites almost completely copy the original ones: they have a catalog with hundreds of items, users can choose a restaurant, order dishes, enter the delivery address and pay for the order with a Bankcard.

Alexei Drozd, head of the information security department at SerchInform, noted that in April, the use of the delivery theme in the domain name increased: if in February there were 53 domain registrations with the word delivery, then in April — 288. According to him, this means that a high-quality Grabber has appeared on the Darknet,  a program that can reliably copy the look and content of the site.

Fraudsters actively used such software, but it is more difficult to copy marketplaces with a complex structure than a regular website, and if they already succeed, then we should expect new large phishing waves, warns Mr. Drozd. According to him, phishing sites live up to the first complaints from users or copyright holders, so it is important that companies themselves fight phishing.

Moreover, on the fake Delivery Club, after entering the card data, users need to enter the code from the SMS, so it can not be excluded that at this moment "someone links their number to your mobile Bank", noted the Telegram channel In4security, which discovered such a resource.

Kaspersky Lab also noticed sites that mimic well-known food delivery services. Hackers always use popular brands, says Tatiana Sidorina, a senior content analyst at the company.

The scale of data leaks of patients with coronavirus in Russia has become known


More than a third of all cases of leaks of personal data of patients with coronavirus, as well as suspected cases, occurred in Russia.

According to InfoWatch, in just the first half of 2020, there were 72 cases of personal data leakage related to coronavirus infection, of which 25 were in the Russian Federation. Leaks in Russia were caused by employees of hospitals, airports, and other organizations with access to information resources. In general, for this reason, 75% of leaks occurred in the world, another 25% were due to hacker attacks.

The company clarified that in 64% of cases worldwide, personal data associated with coronavirus was compromised in the form of lists. Patient lists were photographed and distributed via messengers or social media groups. Some leaks were due to the accidental sending of data by managers to the wrong email addresses.

According to InfoWatch, 96% of cases on the territory of the Russian Federation are leaks of lists, and 4% are leaks of databases.  In all cases, data leaks occurred due to willful violations. InfoWatch stressed that the disclosure of such data often led to a negative attitude towards coronavirus patients from the society.

The Russian Federal Headquarters for coronavirus declined to comment.  Moreover, the press service of the Moscow Department of Information Technology reported that since the beginning of 2020, there have been no leaks of personal data from the information systems of the Moscow government.

In Russia, there are no adequate penalties for organizations in which personal data leaks occurred, said Igor Bederov, CEO of Internet search. In addition, there is still no understanding of the need to protect personal data in electronic systems. There are not enough qualified specialists in this industry. As a result, network cloud storage used by companies, including for processing personal data, is poorly protected.