Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Russian banks to launch a system against telephone fraud

Financial organizations are planning to launch a pilot project of a system for accounting and analyzing telephone fraud, said Alexey Voilukov, vice president of the Association of Banks of Russia. The service will allow to monitor calls, identify unscrupulous operators and more effectively track the fraudsters.

The Association will present the developments to the regulatory agencies along with proposals for changing the legislation. In order to improve the response to criminal attacks, the project should be implemented on the basis of the site of the supervisory authority, for example, the Ministry of Internal Affairs.

Experts believe that the owner of such a system should be one of the government agencies, authorized to request information from operators about the sources of traffic and to process data containing the secrecy of communications.

"It is necessary to tighten legislation in the field of personal data protection and tighten control over bank employees since fraudsters often obtain information about customers through leaks," added experts.

Tinkoff Bank believes that it will take about a month to test the project after the creation of an interdepartmental anti-fraud group. The bank will become one of the pilot's participants.

Other major credit organizations also supported the idea of implementing the system. The pilot of the project can start as early as the end of 2021 or the beginning of 2022. However, full work will require changes in the law.

According to Tinkoff, the number of malicious calls in the first quarter of 2021 increased 2.3 times compared to the same period in 2020. In addition, about 80% of phone scammers use number spoofing, so after launching the project of the system of accounting and analysis of telephone fraud, it will be much more difficult for them to carry out attacks.


Experts Said How Cybercriminals Make Money on Russian Gamers

One of the most popular fraud schemes involves buying or selling an account in online games. An attacker can offer an account, but after transferring funds for it, the buyer does not get access to it.

Experts advise using specialized platforms for buying and selling an account, which charge a commission of about 10% for their services.

If there is no such platform, but there is a forum dedicated to the game, the expert advises to study the user's account and his rating on the forum as much as possible before selling or buying.

Gamers can also be deceived when buying expensive computer components, for example, video cards. Scammers create copies of popular online stores, in which the cost of components will be declared 2-3 times lower than the market price. The buyer most likely will not be able to return the money.

Another method of fraud is associated with the purchase of expensive goods, such as a game console through a private classifieds service. In this case, the buyer is offered to get an e-wallet on one of the legitimate services. His virtual card is allegedly linked to this account, which is used to make the payment.

The client transfers money to the wallet and informs the seller about it, after which he receives an SMS message with the virtual card data. However, the notification does not come from the service number, but from the phone of the scammers. So, the gamer makes the transfer to scammers and remains without money and the desired product.

Another method of fraud is connected with watching streams of other gamers. Scammers copy the broadcasts of famous players and add banners with ads for easy earnings to the video. By clicking on them, people get to the resources of scammers, where they lose money by providing their bank card details.

According to the expert, the solution to the problem in the game world could be the active development and use of escrow services, as it is used when selling domain names on the Internet.

Hackers Hit President Putin and Citizens at a TV show

 

Recently, a massive cyberattack took place while Russian president Vladimir Putin was answering citizen queries through the state-broadcast Rossiya 24 Network. The televised phone-in is an annual session where President Vladimir Putin gives answers to all questions that have been submitted by the citizens. 

However, this year's phone-in on Wednesday, which continued for four hours, faced connectivity issues, particularly when the president was answering calls from remote regions. 

"Our digital systems are right now facing attacks, powerful DDoS attacks," a Rossiya-24 presenter informed the Russian President after a caller from the Kuzbass region in southwestern Siberia experienced connection problems repeatedly. 

President Putin responded by saying “Are you joking? Seriously? Turns out we have hackers in Kuzbass.”

Russia’s telecommunications giant Rostelecom has confirmed massive cyberattacks and further informed that the network is adopting advanced countermeasures to prevent such kinds of cyberattacks. While currently it remains unclear as to who led this attack and no further technical details have been shared by the channel. 

Putin’s spokesman Dmitry Peskov told the RIA Novosti news agency that “the origin of the attacks was unclear”. 

In June 2021, the world witnessed an important summit between Putin and US president Joe Biden wherein cybersecurity was one of the main topics on the agenda.

Furthermore,  in April 2021, Biden's administration slapped sanctions on the Russian government over the SolarWinds cyberattack that targeted several US federal organizations and more than 100 US private companies.

More than 3 million Russians have become victims of a new online fraud scheme

Experts of the cybersecurity company Group-IB note that fraudsters skillfully disguise fake payment pages: they often contain logos of the international payment systems Visa, MasterCard.

"By creating phishing sites for popular services and online stores, scammers have learned to imitate payment pages protected by 3-D Secure, a technology that was previously considered one of the most effective to ensure the protection of user payment data when paying for online purchases worldwide", said the experts.

Attackers attract the victim with fraudulent advertising or spam mailing to the phishing page of the online store. There, the user enters payment data, paying for the selected product or service. Then SMS code is sent to the user's phone number to confirm the transaction. The user enters the code into the same form on the legitimate 3-D Secure page, and the money goes to the fraudster's card.

According to experts, to protect themselves, users must first pay attention to the source of the payment in an SMS message from the bank with a transaction confirmation code.

"If the words Card2Card or P2P are specified there, but the payment was not initiated from the specified resources, you should not enter the received code to confirm the payment," noted experts.

Information security expert Alexey Lukatsky stressed that it is necessary to pay attention to the name of the site, to its design, to possibly grammatical errors that are there, and to the domain on which this site is hosted.

The expert added that it is necessary to pay attention also to the 3-D Secure page.

"Because this domain must also be identical to the domain whose bank issues a card. Accordingly, if the domain name indicates something different or similar to our bank, then this is also a sign of fraud," added Mr. Lukatsky.

Logins and passwords of at least 1.2 million Russians have been leaked online

 The credential verification service developed by cybersecurity company BI.ZONE (a subsidiary of Sberbank) has revealed that information about logins and passwords of more than 1.2 million Russians is freely available as a result of data leaks.

"BI.ZONE, a strategic digital risk management company, helped over one and a half million Russians check their credentials for leaks containing their usernames and open passwords. The owners of more than 1 million 200 thousand contacts could become potential victims," the company said.

Experts note that this information is available not only on the darknet but also on the normal Internet. At the same time, since it is freely available, attackers do not even need to buy it.

According to Anton Okoshkin, director of anti-fraud at BI.ZONE, many Russians use the same credentials for many sites, so their leakage can lead to hacking of all accounts.

"In most cases, people use the same username and password on a variety of resources: from accounts in social networks and online stores to work services. In such a situation, if your account is compromised on one of them, the risk of hacking all accounts increases," Okoshkin noted.

At the same time, the expert noted that attackers usually begin automated verification of credentials on different services a few hours after the appearance of the leak in the public domain. "It is very important to promptly warn users about the compromise of their data," he stressed.

Almost 1.7 million Russians have already used the Bi.zone company's credential verification service. The service checks for a set of 5 billion credentials that have exactly fallen into the hands of attackers and contain user usernames and passwords. The leaked database is updated weekly.

Russia intends to sign agreements with a number of countries in the field of cybersecurity

Deputy Secretary of the Security Council of the Russian Federation Oleg Khramov named several countries with which Moscow plans to sign agreements on cooperation in the field of cybersecurity.

Mr. Khramov said that intergovernmental cooperation agreements are ready to be signed with Indonesia, Nicaragua and Uzbekistan. Relevant agreements with Iran and Kyrgyzstan were signed this year.

"About half a dozen draft agreements are at the stage of expert elaboration or domestic approval," Khramov added.

"Russia is ready to cooperate with all states that share its approaches and aim to jointly counter threats to international information security. But, of course, dialogue with our closest partners in the Collective Security Treaty Organization (CSTO), SCO and BRICS will continue to develop as a priority," Khramov stressed.

He also noted that cooperation within these associations has a solid legal foundation. Thus, Russia has concluded bilateral agreements with all the BRICS countries. Within the framework of the CSTO, there are specialized agreements on cooperation in a multilateral format.

Khramov stressed that, regarding the Western countries," the dialogue with our French colleagues is progressing positively."

In May, the American media reported on the possible connection of hackers who attacked the Colonial Pipeline with Russia. However, the White House did not confirm this information. Deputy Assistant to the US President for National Security Ann Nyberger stressed that it was a group of hackers, not a state, who carried out the attack.

On June 11, White House press secretary Jen Psaki said that the US authorities are ready to discuss at the upcoming US-Russian summit the topic of cybercrimes.

On June 16, Russian President Vladimir Putin and his American counterpart Joe Biden agreed to start consultations on cybersecurity during the summit in Geneva. But after, the Russian Foreign Ministry accused the United States of trying to win back the summit agreements on cybersecurity


The Russian government plans to create a unified video surveillance system

The Russian government wants to create a single video surveillance system that will unite smart cameras in Russian cities. The devices will be able to recognize faces and license plates. The project will help to quickly respond to crimes, and in some cases, prevent them. The personal data of ordinary people is promised to be reliably protected.

The development of the project and the installation of cameras is estimated at 250 billion rubles ($3,500,000), and the implementation may take five years. Previously, the project was estimated at 97 billion rubles ($1,350,000).

Now the cameras in Moscow send video to the Data Processing Center, and in the new system, they will recognize suspicious situations themselves and only then send the video to the Data Processing Center.

It is expected that different cameras will be installed in the cities, depending on the tasks. A face recognition system will be needed somewhere and there will be cameras with powerful computing modules. In other places, there will be enough cameras with motion sensors.

According to the expert, the system will make it possible to better detect violations, respond promptly to them, and in some cases even predict them.

The emergence of a unified video surveillance system may raise fears that personal data will be sent to smart cameras. The CEO of Lab.Ag and the developer of many government sites, Artem Geller, explained that such an outcome is inevitable because the cameras are aimed at fixing the physical data of people.

"Of course, they will process the physiological aspects such as face, gait, clothing, license plate. But don't forget that cameras are already doing this,” Geller added.

Cybersecurity specialist Sergey Vakulin recalled the experience of video surveillance systems in China, where there is also a face recognition function, but each person is assigned his own identification number. And only then this data is encrypted, but even with such a process, there are vulnerabilities.

"The biggest problem is that a lot of data is stored and transmitted using a global network. And devices connected to the global network are more vulnerable," Vakulin added.

According to Vakulin, it is too early to worry about possible hacking and data leaks. He explained that each system has cybersecurity specialists, testers who detect bugs.

Putin called the accusations of launching a cyber war against the United States unsubstantiated

 Russian President Vladimir Putin said that the US accusations against Russia, including cyber attacks and election interference, are groundless, the US side has never provided any evidence.

"We are accused of a variety of things: interference in elections, cyber attacks, and so on. And they [the accusers] did not bother to provide any evidence. Just baseless accusations," he said, calling statements about Russia's involvement in cyber attacks in the United States a farce.

"The issue of cybersecurity is one of the most important today because all sorts of shutdowns of entire systems lead to very serious consequences, and this is possible," the Russian leader said in an interview with the program "Moscow. The Kremlin. Putin" of the Russia-1 TV channel.

According to Putin, the Russian Federation will be ready to extradite cybercriminals to the United States if the American side also extradites criminals to Russia.

He stressed that such agreements are expressed in the relevant interstate agreements, where the parties undertake certain obligations.

"And they are in the vast majority of cases equivalent. Both sides assume the same obligations," Putin explained.

On June 4, Putin called the accusations of cyber attacks on American companies made against Moscow ridiculous and suggested that the situation could have been provoked to increase disagreements in connection with the upcoming meeting with US President Joe Biden. The press secretary of the Russian leader Dmitry Peskov assured that Moscow will promptly consider the appeals of the American side in connection with the hacker attack on the JBS enterprises if such requests are received. He also stressed that Russia does not have data on the organizers of cyber attacks on JBS.

Putin did not rule out that Western intelligence services, including American ones, may conduct activities against Russia in the cyber sphere.

"I am not afraid of this, but I do not rule out that it may be so," the Russian leader said.

“What the US is afraid of may pose a threat to us. NATO has declared cyberspace a war zone. They are planning something, and this cannot but worry us," the Russian president added.

Experts mentioned main loophole of Russian companies in cyber attacks

 According to experts of the cybersecurity company BI.ZONE (a subsidiary of Sberbank), the main reason for successful cyberattacks on Russian companies is an access control vulnerability that allows attackers to connect to an organization's systems and, as a result, then leads to data leakage.

"The vulnerability of access control was recognized as the main reason for unauthorized access to data of Russian companies. The company for strategic digital risk management BI.ZONE recorded this problem in 61% of organizations where they managed to gain access to confidential data," the company said.

According to BI.ZONE, this number was 67% last year. "A slight improvement may be due to an increase in the quality of creating in-house applications," experts say.

Yevgeny Voloshin, director of the BI.ZONE expert services unit, explained that attackers, having hacked the administrator's account, gain access to the company's systems and use this gap to steal data. At the same time, most often it is possible to crack the account by brute-force passwords.

"This problem lies in the incorrect division of access in internal corporate applications. For example, a regular user can also work with functions that should only be available to the administrator. Attackers, having hacked his account, connect to the internal infrastructure, and then use this gap for data theft and other fraudulent actions," notes Yevgeny Voloshin.

BI.ZONE experts recommend using complex passphrases with punctuation marks and other characters, rather than just a single word. Also, the vulnerability problem may be related to access to certain types of data without additional user authentication.

Earlier, E Hacking news reported that most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

The white hat hacker has estimated the probability of a hacker attack on the websites of Internet giants

There is no need to worry about the security of Russian systems after a global failure in the work of world sites, since the servers of all state institutions are located on the territory of Russia

Information security expert Denis Batrankov explained that the problem of modern systems is that many companies do not have the opportunity to create their own office to host their servers there. As a result, they order servers from other hosting providers where they host their product. All responsibility in this case falls on the hosting provider, but the risk of failures increases significantly.

Vakulin illustrated his opinion with an example of Amazon Web Services hosting.

"Many sites are hosted by Amazon Web Services, including small and medium — sized businesses. Since there was a large and large-scale failure, then all the sites that were generally hosted on this platform go down after it", the hacker said.

The expert believes that, despite the recent attacks on the American pipeline company Colonial Pipeline and World’s Biggest Meat Supplier JBS, Russia should not worry too much about industrial safety.

"As for government agencies, their servers are located in Russia. The data is stored in our country. From a security point of view, everything has been done to prevent third parties from accessing this data", the expert said.

The programmer also drew attention to the fact that the State Duma was going to oblige foreign IT companies with an audience of more than 500 thousand people a day to open branches in Russia.

"This law can still be finalized to the point that all data will be stored on Russian servers," Vakulin said.

In conclusion, the programmer shared his vision of the future in the IT field. He believes that neural networks will control the servers.

"I carefully monitor how our technologies and knowledge of artificial intelligence and neural networks are improving," Vakulin said. " Most likely, neural networks will simply monitor everything in the future: they will be engaged in tracking the site. In 20 years, programmers and cryptographers will simply observe the work of artificial intelligence, somehow refine it, and it will already do the work for them."

Earlier, Internet users reported a global failure in the work of the sites of a number of media outlets, companies and social networks around the world. Problems were observed, for example, at CNN, Twitter, Guardian, Amazon, Reddit, New York Times. The problems occurred due to a failure in the work of the American cloud service provider Fastly. Within an hour, the problems were fixed.

The opposition has filed a lawsuit against Roskomnadzor on the illegality of slowing down Twitter in Russia


 The head of the Moscow municipal district Krasnoselsky Ilya Yashin, opposition leader Yevgeny Domozhirov, photographer Yevgeny Feldman and the capital's municipal deputy Vadim Korovin filed a class-action lawsuit against Roskomnadzor in connection with the Twitter slowdown. The plaintiffs claim that they themselves did not violate the laws, and believe that the measures of Roskomnadzor violate their rights

The plaintiffs ask the court to oblige Roskomnazdor to "stop using centralized response measures in the form of slowing down the speed and other restrictions on Twitter", and also to oblige the department "to exclude the service from the list of threats to the stability, security and integrity of the functioning of the Internet and the public communication network on the territory of the Russian Federation." According to the lawyer representing the plaintiffs, Stanislav Seleznev, the lawsuit was filed in the Tagansky Court of Moscow.

The plaintiffs claim that they "never published illegal content, did not call for violence, did not justify violence or discrimination." The lawsuit notes that the applicants were not in any way connected to the account owners responsible for posting allegedly prohibited information on Twitter. According to the lawyer, "the rights of each of the plaintiffs are largely affected by the applicable restrictions since the publication of media files is a significant part of their communication with the audience."

According to the statement of claim, interference in the normal functioning of the Twitter service by Roskomnadzor in the form of slowing down access to the entire service for all users throughout the Russian Federation constitutes an interference with the right of administrative plaintiffs to freely express their opinion.

On March 10, Roskomnadzor began to slow down access to Twitter on 100% of mobile devices and 50% of desktop devices. Roskomnadzor threatened Twitter that the social network will be blocked for a month if it does not delete posts with prohibited information. At the end of May, Roskomnadzor announced its decision not to block Twitter, as the moderators of the social network deleted more than 91% of the prohibited information. The department promised to partially remove the speed limit of Twitter.

It should be noted that earlier, Twitter has been fined almost 28 million rubles ($386.500) in Russia for not deleting illegal content according to court decisions.

The Russian expert assessed the demand of the State Department to stop cyberattacks on the United States

 "Moscow should not react to such statements until the United States is ready to seriously discuss the rules of conduct in cyberspace," said Dmitry Drobnitsky, an American political scientist, commenting on the statement of the head of the State Department Anthony Blinken that Russia allegedly has a duty to ensure an end to cyber attacks across the United States

"Mr. Blinken's words are a private statement. It is difficult to somehow assess it since the sphere of cybersecurity is not regulated in any way at the moment. At the same time, Moscow in general and the Russian president, in particular, have repeatedly offered the United States to consider this issue in a comprehensive manner, putting forward a number of initiatives, including at the UN level”, said political scientist-Americanist Dmitry Drobnitsky.

According to him, the world community needs an international agreement that establishes new rules of conduct in cyberspace, because it permeates absolutely all areas of life, and the consequences of hacker attacks on civilian and military infrastructure can be very serious. "But the Americans left our proposals unanswered", the expert added.

"Moscow should not react to such statements until the United States is ready to seriously discuss the rules of conduct in cyberspace and consider this issue as an international problem. Because in the absence of regulation, each country is forced to deal with cyber threats alone," Drobnitsky concluded.

Earlier, United States Secretary of State Anthony Blinken demanded that Russia stop cyberattacks on the territory of the United States. "I think it's the obligation of any country to do whatever it can to find these enterprises and to bring them to justice, including in the case of the attack on the Colonial Pipeline. The enterprise that was responsible [for] that attack, its leaders were in Russia, are in Russia, so I think there's an obligation on Russia's part to make sure that that doesn't continue," Blinken said.

Meanwhile, government sources on NBC have reported that United States President Joe Biden may instruct the US military to prepare "offensive cyber operations" against Russian-based hackers.

The Russian expert assessed the threat of the United States to launch "offensive cyber operations" against "Russian hackers"

"If the United States does carry out an "offensive operation", Russia will be able to both prevent it and respond symmetrically," said military expert Viktor Murakhovsky, commenting on reports about the US president's plans to instruct the US military to prepare "offensive cyber operations" against hackers based in Russia

"The US doctrinal documents say that in response to hacker attacks, they can use not only cyber weapons but also military means. However, I have little faith that the Americans, in response to an attack, would risk striking Russian territory with conventional weapons. Instead, they can carry out attacks on public networks and on local networks of Russian organizations," said Viktor Murakhovsky, a member of the expert council of the board of the Military-Industrial Commission of the Russian Federation.

In addition, according to him, the US authorities may declare some persons on the international wanted list and detain them on the territory of other states. "It is known that several Russian citizens have been charged by the US Department of Justice with participating in cyber attacks," the expert added.

"At the same time, it is extremely difficult to determine exactly where the attack was carried out. Therefore, such accusations are based on certain assumptions. However, if we talk about attacks on the cyber structure of foreign states, then DDOS attacks are used. Many Russian state information resources have already been subjected to such attacks," Murakhovsky said.

According to the expert, the problem lies in the fact that Russia proposes not to consider cyberspace, including social networks, as a battlefield. And the Americans do not agree with this view.

The expert suggests that if the United States does carry out an "offensive operation", then Russia will be able to both prevent it and respond symmetrically. "We have all the necessary technical means for this," he explained.

In addition, as Murakhovsky noted, Russia has specially trained cyber-military specialists under the control of the General Staff of the Russian Armed Forces.

On Friday, government sources told NBC that the President of the United States, Joe Biden, may instruct the US military to prepare "offensive cyber operations" against hackers based in Russia.

As the TV company points out, the head of the White House will resort to such measures if he fails to reach an understanding on the issue of hacking activity at the upcoming meeting with Russian President Vladimir Putin in Geneva on June 16.

The first users got SIM cards with Russian encryption

Voentelecom has started implementing SIM cards that should create a "trusted environment" on smartphones. The transition to such SIM cards may become mandatory for everyone with the development of 5G

One of the project participants, IDX (developer of identification services), told that Voentelecom is testing SIM cards equipped with Russian cryptography. So far, there are several hundred SIM cards and networks for the military in the experiment.

It should be noted that Voentelecom is a strategic telecommunications company of Russia, which fulfills the state defense order in the construction of military communications.

According to IDX CEO Svetlana Belova, Voentelecom is the first operator to start testing. It was the first to use a hardware security module on its network (HSM; it allows to implement domestic cryptography in telecommunications equipment used by mobile operators). Thus, Voentelecom has made its virtual mobile operator (MVNO) of the necessary security class.

"For various Russian payment applications such as SberPay, TinkoffPay, etc., foreign mobile operating systems, both iOS and Android, are untrusted environments, neither the FSB nor the bank can take responsibility for operations in them. Using a trusted SIM card, on which payment data will be stored, allows us to solve this problem,” said Svetlana Belova.

According to her, many users express dissatisfaction because of the need to provide their data in the public domain. A trusted SIM card allows to provide reliable information for business without disclosing data. For example, when buying alcohol or cigarettes, SIM card users can confirm that they are over 18 years old without disclosing the date of birth.

According to the representative of Voentelecom, the main target segments of their virtual operator are b2b and b2g.

It is worth noting that SIM cards with Russian encryption will work on imported chips. The developer is already testing chips from Samsung, although at first it was planned to use a domestic analog.

Work on the creation of trusted SIM cards began in 2013, its goal was to improve the security of domestic networks.

Every tenth significant IT system in Russia is infected with malware

 According to Rostelecom-Solar research, every 10th critical information infrastructure (CII) in the Russian Federation is compromised by malware. Even hackers with low qualifications are able to attack most of these IT networks: a significant part of the detected vulnerabilities have existed for more than 10 years, but organizations have not prevented them.

Vladimir Drukov, director of the Cyber Attack Monitoring and Response Center at Rostelecom-Solar, associates the presence of vulnerabilities in CII with the fact that the process of regular software updates has not yet been established in more than 90% of companies.

Kaspersky Lab experts agreed with the findings of the study. According to Anton Shipulin, Lead Business Development Manager at Kaspersky Industrial CyberSecurity, cybersecurity is still at a low level in most CII facilities.

"In terms of data protection, a large number of CII objects are currently in a "depressing situation", and there are no serious hacker attacks on them "by happy accident", but it is only a matter of time," added Fedor Dbar, Commercial Director of Security Code.

In addition, the number of hosts with the vulnerable SMB protocol has almost doubled. It is a network protocol for sharing files, printers, and other network resources that is used in almost every organization. Such vulnerabilities are particularly dangerous, as they allow hackers to remotely run arbitrary code without passing authentication, infecting all computers connected to the local network with malware.

The main problem in internal networks is incorrect password management. Weak and dictionary passwords that allow an attacker to break into an organization's internal network are extremely common. Password selection is used by both amateur hackers and professional attackers.

Moreover, the pandemic has also significantly weakened IT perimeters. Over the past year, the number of automated process control systems (APCS) available from the Internet has grown by more than 60%. This increases the risks of industrial espionage and cyber-terrorism.


The Secretary of the Russian Security Council spoke about the new information security strategy

The Secretary of the Security Council also reported on cyber security threats in the draft of the new National Security Strategy

The national security strategy needs to be updated, as the nature of threats in this area has undergone serious changes in recent years, said Secretary of the Security Council of the Russian Federation Nikolai Patrushev.

"The desire of the United States and a number of Western countries to maintain their global hegemony provokes the growth of interstate contradictions, leads to a weakening of the system of ensuring international security," Patrushev stressed.

According to him, both political and economic pressure are used to suppress Russia, attempts are being made to destabilize the country from the outside, to radicalize the protest movement, and to weaken the morality of Russian society. He also noted that the West is conducting a targeted campaign to falsify history, deliberately cultivating Russophobia.

Mr. Patrushev stressed that the double standards of a number of states hinder multilateral cooperation in many areas. "Such counterproductive approaches are increasingly spreading to new threats related to the emergence of previously unknown infectious diseases, ensuring international information security, and solving environmental problems," he said.

Patrushev also spoke about the security threats in the cyber sphere, which are reflected in the draft of the new National Security Strategy of the Russian Federation. "First of all, this is the use of information and communication technologies to interfere in the internal affairs of Russia, a significant increase in the number of computer attacks on Russian information resources, the desire of multinational corporations to consolidate control over the information resources of the Internet, as well as the large-scale dissemination of false information and the growth of crime using digital technologies," he said.

As the Secretary of the Security Council noted, "the more active manifestation of these threats has made it necessary to form a new strategic national priority." It became information security. "The implementation [of this priority] should ensure the country's sovereignty in the information space," concluded Patrushev.

Experts reported a twofold increase in the activity of ransomware hackers in Russia

The authors of the study called the growth "staggering." Since the beginning of April, experts have been monitoring ransomware attacks on more than 1 thousand organizations on a weekly basis. At the end of the first quarter of 2020, this figure was below 600.

"So far, there is no reason to reduce the number of attacks", said Sergey Zabula, head of the group of systems engineers working with partners of Check Point Software Technologies in Russia.
According to him, a 100 percent increase in the number of incidents can be observed at the end of 2021.

"Attackers will continue to invent new, more sophisticated attacks to grow their businesses and steal large amounts of money. And if companies do not pay special attention to training their employees and improving the level of cybersecurity of the organization as a whole, the size of the damage will grow," the expert said.

"ESET data also indicates a twofold increase in the number of incidents involving encryption viruses in 2021", said Vitaly Zemskikh, the company's technical director for Russia and the CIS. According to him, this is due to the neglect of information security in many organizations.

"Moreover, ransomware viruses are one of the most understandable ways to commercialize efforts for hackers", added Kaspersky Lab cybersecurity expert Dmitry Galov.

In addition, it became known that in April 2021, the number of powerful DDoS attacks on game servers in Russia increased by 30 times. According to StormWall experts, DDoS attacks were carried out using a new incarnation of the well-known Layer7 botnet, consisting of 25 thousand infected Internet of Things (IoT) devices.

Information security exercises will be held at five cyber polygons in Russia

Russian President Vladimir Putin has set the task of digital transformation of key sectors of the economy. Therefore, to protect them, the country has created cyber polygons.

According to Russian Deputy Prime Minister Dmitry Chernyshenko, cyber polygons will hone protection against threats to information security in key sectors of the economy.

Mr. Chernyshenko noted that the work of industries, enterprises and even entire cities is being recreated at cyber polygons. They are needed to practice the activities of various bodies to overcome cyber attacks. 

"We need to be in good shape, and to do that we need to practice all the time. And such national training grounds just allow to organize interdepartmental exercises, without endangering the existing work of current industries or executive authorities," said he.

Mr. Chernyshenko added that the practice is mainly carried out to protect the energy, credit and financial sectors and the infrastructure of state bodies. A separate segment that simulates business processes and cyberattack scenarios specific to any sector of the economy is created for each industry. However, in the future, the number of such sectors will be expanded. 

By the end of 2024 sectoral and functional development of cyber polygon infrastructure is planned. In particular, segments of the oil and gas, telecommunications, transport and metallurgy industries will be created.

"The goal of the cyber polygon is to become an effective tool that ensures the country's readiness to respond to cyber threats. Today this task has already acquired strategic importance", said Mikhail Oseevskiy, President of Rostelecom.

It is worth noting that the project to create a national cyber polygon was launched at the end of 2019 to increase the readiness of the state and Russian organizations in key sectors of the economy to repel computer attacks and strengthen state security in the digital space. 

Chinese hackers attacked a Russian developer of military submarines

Chinese hackers reportedly attacked the Rubin Central Design Bureau for Marine Engineering (СKB Rubin), which designs submarines for the Russian Navy, by sending images of a submarine with malicious code to its CEO. Experts believe the hackers are acting in the interests of the Chinese government.

According to cybersecurity company Cybereason, in April, Chinese hackers attacked the Russian CKB Rubin. The attack began with a fake letter that the hackers sent to the general director of CKB Rubin allegedly on behalf of the JCS “Concern “Sea Underwater Weapon – Gidropribor”, the State Research Centre of the Russian Federation.

The letter contained a malicious attachment in a file with images of an autonomous unmanned underwater vehicle. "It is very likely that hackers attacked Gidropribor or some other institution before that," the author of the Telegram channel Secator believes.

The RoyalRoad malware attachment used in the CKB Rubin attack is one of the tools that guarantees delivery of malicious code to the end system, which is most often used by groups of Asian origin, said Igor Zalewski, head of the Solar JSOC CERT Cyber Incident Investigation Department at Rostelecom-Solar.

Cybereason pointed out that the attack on CKB Rubin has similarities to the work of Tonto and TA428 groups. Both have been previously seen in attacks on Russian organizations associated with science and defense.

It is worth noting that the CKB Rubin traces its history back to 1901. More than 85% of the submarines which were part of the Soviet and Russian Navy at various times were built according to its designs.

According to Igor Zalevsky, the main Rubin's customer is the Ministry of Defense, CKB Rubin deals with critically important and unique information related to the military-industrial complex of the Russian Federation which explains the interest of cyber-criminals.

Experts believe that such attacks will gain momentum because specialized cyber centers are being created due to aggravation of information confrontation between states.

Information security expert Denis Batrankov noted that designers are attacked for the sake of industrial espionage mainly by special services of other states. "The problem is that we all use software, which has many hacking methods that are not yet known. Intelligence agencies are buying new vulnerabilities from the black market for millions of dollars,” added he.


Weak passwords is one of the main reasons for computer hacking in Russia

 According to Sberbank Bi.Zone branch cybersecurity specialists, most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

In addition, according to a study of the Russian payment system "Mir Plat.form", less than a third of Russians (28%) use different passwords on the Internet, and the data of other Russian citizens are under threat.

For example, most Russians are used to using the same or similar passwords for different sites. At the same time, 76% of them remember passwords, 40% use auto-save, 29% write them down on paper and 18% save them on their devices in text form.

Digital security experts believe you should use different passwords for different sites and services. Moreover, it's safer to remember them than to write them down or use auto-save. According to them, most break-ins occur because of the leakage of a single password and brute-force it to other services.

Yandex confirmed that the repeats are dangerous, if the attacker finds out the password, he will try to enter with it in social networks, in the mail services, and in online banks.

Yandex added that they monitor the appearance of various databases of stolen passwords on the Internet and, if they suspect that a person may use the same combination of characters, they send him in advance to a mandatory change of login data.

The press service of the Vkontakte said that their system will not allow the use of a combination of letters, numbers and signs, which has already been used before when changing credentials.

Specialists urge Internet users to be more responsible in choosing a password to avoid losing important information, money and not to become a victim of blackmail. The most secure password is a combination of upper and lower case letters and digits in random order, with punctuation symbols added.