Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Experts found a vulnerability in the application of the Moscow State Services

Specialists of the company Postuf reported a vulnerability in the application of the Moscow State Services, with which it was possible to gain access to the account, knowing only the user's mobile number.

This made it possible to get all the information that the user specified on the site: full name, e-mail, year of birth, medical insurance number, list of movable and immovable property, information about the foreign passport, about children, students in schools, etc. Knowing the number of the medical insurance number and the year of birth, it was possible to get access to medical information: which doctors a person visits, what prescriptions are written to him, the history of attachment to clinics, etc.

"The vulnerability made it possible not just to view, but also to change the data", said the founder of the company Postuf Bekhan Gendargenoevsky.

The expert notes that it is impossible to cause serious harm by knowing the data from the portal, but personal data can be used by hackers for phishing attacks.

"It is impossible to steal money directly [with such information], although hackers can use their knowledge in social engineering and try to steal bank card data from a person," said the computer security specialist.

He also noted that since the system has no restrictions on the number of requests for access to accounts, requesting the so-called beautiful numbers, it was possible to get information "about a number of well-known personalities who, as a rule, have such numbers."

A representative of the Moscow Department of Information Technology did not confirm the information about the vulnerability, stressing that authorization in the Moscow State Services mobile application without specifying a password is impossible.

State Services is a federal state information system. It provides individuals and legal entities with access to information about state and municipal institutions and organizations, and the services they provide in electronic form.


Russian hackers hacked the first level Olympiad in a second

A new Olympic season has begun in Russia. Many competitions have been moved online due to the COVID-19 pandemic. The first level Olympiad allows the winner to enter the university without exams.

It turns out that the hacker could theoretically ensure admission to the best universities in the country, putting graduates in unequal conditions.

SQL injections and XSS vulnerabilities were discovered on the site, which make it is possible to influence the results of the competition. As a result, according to the hacker, it is easily possible: 1) find out the tasks in advance and change the answer data during the Olympiad; 2) see the sessions and data of other users; and 3) massively upload user information, including personal information (information from the passport, registration, phone, e-mail).

"SQL injection is one of the easiest ways to hack a site. Indeed, in a very short period of time and by replacing several characters, an attacker can gain access to all personal data of the Olympiad and to all tasks," said Oleg Bakhtadze-Karnaukhov, an independent researcher on the Darknet.

According to the researcher, most likely, there was not enough time to detect such errors during the programming of this site, although it takes little time to find and fix them.

"If the site contains vulnerabilities, then a command in a specific programming language can be inserted, for example, in a link, and the page will display information that was not intended for users initially," explained Dmitry Galov, Cybersecurity Expert at Kaspersky Lab.

According to Alexei Drozd, head of the information security department at SearchInform, the reason may be design errors, as a result of which the site, for example, poorly checks or does not check incoming information at all.

"Unfortunately, when developing websites and applications, security issues are always in the background. First, there is a question of functionality," concluded Alexey Drozd.


Russian IT company reportedly lost contract in USA because of serving sites with content from Trump supporters

The CEO of the Russian provider DDoS-GUARD Evgeny Marchenko explained why the American CoreSite refused to work with his company.

DdoS-Guard, a company registered in Rostov-on-Don, has lost access to partner data centers in the United States. The reason for this was the fact that the company provided services to protect the websites of supporters of Donald Trump. This is reported by the Telegram channel Mash.

According to the founder of the company, Yevgeny Marchenko, the formal reason was to provide hosting to a site associated with the Hamas movement.

"The story began in November last year. One of our partners found out that we are working with a website related to the Hamas movement, which is banned in the United States. We immediately stopped cooperation, but the story was continued at the beginning of the year," said Marchenko.

Already on January 7, CoreSite announced that cooperation with DDoS-Guard was terminated, explaining the same reason - cooperation with Hamas.

"We conducted an internal investigation and found out that one of our partners distributed information to supporters of the current President Trump. Moreover, the content was distributed by a Canadian company. It all looks like an attempt to find at least some Russian company and by any means make a scandal that suggests that Russians support Trump," added Marchenko.

Also, the owner of DdoS-Guard noted that Hamas is now quietly working with the American company.

The DDoS-Guard company has already been repeatedly accused of supporting not entirely legitimate sites, but no measures were taken against them.

DDoS-Guard was founded in 2011 by Evgeny Marchenko and Dmitry Sabitov. The company provides traffic filtering services to protect against DDoS attacks to retail and corporate customers on the basis of its own network of filtering nodes located in several countries. DDoS-Guard also acts as a provider of secure hosting services. The company's head office is located in Rostov-on-Don.

Recall that almost all IT companies are against US President Donald Trump. The reason was the attack by his supporters on the Capitol, which took place on January 6. Many felt they were prompted to do so by Trump's words. After that, his accounts were blocked on almost all major social networks.

Hackers accessed thousands of surveillance cameras, network devices and even the displays on the platforms of Russian Railways

 A user of the Habr website discovered a vulnerability that allows him to penetrate the video surveillance system of Russian Railways. According to him, during the day, the holding's specialists managed to close it. Information security experts said that now Russian Railways needs to conduct an audit of internal systems to make sure that the attackers who gained access could not go further.

Specialists of Russian Railways closed the vulnerability that allowed access to video cameras and internal services of Russian Railways, as follows from the blog of one of the Habr users. Earlier, on the morning of January 13, the author of the blog published an article about how he managed to gain access to the Russian Railways system by exploiting a vulnerability in its perimeter. According to him, the problem was related to non-changed passwords installed by default on MikroTik routers.

"The vulnerability could allow attackers to block all cameras on the railways in a week, which would cost the holding at least 130 million rubles ($1,8 million), and the restoration of video surveillance would take at least a month," warned the hacker.

Russian Railways were unable to promptly confirm information about the vulnerability and its elimination and stressed that illegal access to computer information is a criminal offense.

"After changing the accounts of Russian Railways, it is necessary to check for traces of outsiders in its infrastructure, conduct a large-scale audit of all IT systems, as well as review existing threat detection scenarios", recommended information security expert Alexey Lukatsky.

MikroTik routers, which, according to the author of the blog, are used by Russian Railways, belong to the segment of home and office equipment, and users often leave default passwords on such devices and on video cameras of any manufacturer. Attackers often use this in automated DDoS attacks.

Russian Railways had security problems before: in August 2019, the personal data of 703 thousand employees of the state monopoly were publicly available, and in November 2020, the database of the Russian Railways Bonus website "leaked" to the network.

The Russian expert explained why scammers distribute free SIM cards

 

SIM cards that are distributed on the street without signing a contract are most likely issued to someone else. Most often, they are used to establishing control over your account in a service. According to Dmitry Pudov, Deputy General Director for Technology and Development of the Angara Group of information security companies, the use of such a SIM card can turn into various troubles.

"It is better to refuse such offers and certainly not to use these SIM cards. The main argument is that you can't prove that this SIM card belongs to you. Accordingly, from the point of view of the law, you are not a subscriber and do not have any rights," explained the expert.

Fraudsters can reissue the card and then all calls and SMS messages will be sent to the new SIM card. Now there are a lot of services and applications that use SMS to restore access in case you forget your password.

"Be prepared to lose access to these services if you use free SIM cards", warned the expert.

Many Internet services still use SMS for delivery and other confidential information. However, for several years now, short text messages (SMS) have been recognized as an unreliable means of communication. Increasingly, this method of data transportation discredits itself and leads to various incidents.

According to Mr. Pudov, attackers will try to establish control over your accounts, they will request a password reset and, if the password comes to the number of the SIM card issued to you, they will get access to it. Then the only question is how they can benefit from this: monetize the traffic of your social network account, send your friends a request to "urgently help with money", use your account to send phishing messages.

"Previously, this attack was actively used to intercept online banking confirmation codes to steal money, even if the SIM card belonged to you. Using banking Trojans or other hacking methods, hackers obtained the victims 'online banking credentials, and then a duplicate SIM card," concluded Pudov.

The data of 1.3 million Russian Hyundai customers are on sale

The database, which contains information about 1.3 million Russian owners of Hyundai cars, is put up for sale on Darknet. This is reported by Telegram-channel "Information Leaks".

According to him, the data of 1.3 million registered users of the hyundai.ru website were put up for sale. The database contains the full names, phone numbers, email addresses and home addresses of the automaker's customers, as well as information about the vehicles they purchased, spare parts orders and participation in the brand's marketing activities.

Ashot Hovhannisyan, the founder of the DLBI data leak intelligence service, said in an interview that the database with Hyundai customer data is sold for about $2 thousand. According to him, the seller of the database has a high rating and has not previously been seen selling fake data. Hovhannisyan clarified that the latest data on user operations contained in the "testers" of the database refers to 2019.

The seller of the database, as other interviewed information security experts told, has a good reputation, so the leak is similar to the real one. One of the interlocutors claims that the seller of the base is a Russian who lives in Moscow.

According to Hovhannisyan, the database is a "dump" of the SQL server that serves the site of the Russian office of Hyundai, so most likely the source of the leak was a vulnerability in this server found by an automatic scanner or a backup copy of the data accessed by cybercriminals.

According to KELA analyst Viktoria Kivilevich, the seller of the database has many ads in which he offers databases of other companies in the same format, so it is likely that the hacker massively scans vulnerable networks, "selects those that are more delicious" and exploits vulnerabilities.

Security Expert listed the largest data leaks of Russian residents in 2020

Founder of DLBI data leak intelligence service Ashot Hovhannisyan spoke about the most large-scale database leaks in the Russian Federation in the past year.

According to him, one of the most high-profile cases of data leakage in Russia occurred at the end of 2020. In December, a database of more than 100 thousand lines containing personal data of Moscow residents who had recovered from COVID-19 was made publicly available.

In November more than 1.3 million lines of data of Russian Railways Bonus customers appeared on the black market, containing the e-mail address and user ID, an encrypted password, the date of registration and last login, as well as service data.

"In June, there were data leaks from clients of the SuperJob.ru portal and the Skyeng online school of English, each of which was about 5 million lines and contained the full name, gender, date of birth, phone number, email address and other data," said Mr. Hovhannisyan.

He also recalled that in April there were leaks of 12 million records of Russians who issued microloans in various microfinance organizations in 2017-2019. At the same time, “almost a million lines of data of clients of the loyalty program of the retail chains K-Ruoka and K-Rauta appeared on the Internet, containing their full name, e-mail address, mobile and home phone numbers, gender, date of birth, date of filling out the questionnaire, numbers loyalty cards".

“Finally, the largest leak of nearly 600 million lines of data of customers of the Premium Bonus service, which was discovered in March 2020, containing personal data of customers of the service, was the largest leak this year. It provides loyalty programs to popular cafes and restaurants, for example, Mu-Mu, Jean Jacques, Pizza Empire”, concluded the expert.

The Ministry of Internal Affairs of Russia is creating a cyber police

 Deputy Interior Minister Igor Zubov noted that the number of cybercrimes has increased significantly in the context of the coronavirus pandemic

The Ministry of Internal Affairs of Russia organizes cyber police in its structure, the corresponding decision has already been made by the head of the department, Vladimir Kolokoltsev.

"Today we can talk about the phenomenon of influence on the mass consciousness of young people in terms of changing their behavior in a destructive way. Therefore, this part of the work requires very serious attention. We are making serious changes directly in our structures. The Minister of Internal Affairs Kolokoltsev Vladimir made the decision on the creation of cyber police, it is a question not of one day, it will take a lot of time, demands both money, and equipment, and changes of qualification of employees" said he.

Zubov also noted that in the context of the coronavirus pandemic, the overall crime rate in Russia remained the same, but the number of cybercrimes increased significantly.

"For a number of reasons, this is the impact of digitalization of society, and the fact that people, being isolated, have more opportunities to draw on the Internet various knowledge, including criminal plan, and try themselves in this," added he.

Zubov said that once he tried to file a complaint with a district police officer about an Internet crime, but the officer did not understand anything. Accordingly, here we are talking about concentrating all competent people in one place and investigating cybercrime.

At the same time, the ex-adviser to the president doubted that the Ministry of Internal Affairs will be able to provide such specialists with decent wages since professionals in the IT-sphere are highly paid employees.

Earlier this year, it was reported that the investigative Department of the Ministry of Internal Affairs created units to combat IT crimes. This measure has become necessary, as police investigators increasingly have to investigate crimes of this kind.

Group-IB presents patented-technologies to protect against cyber threats

The international company Group-IB presented its own patented technologies designed to identify hackers, search for threats on the Internet and investigate cybercrime

Using artificial intelligence technology, the patented system of Group-IB has helped Interpol identify members of the Nigerian hacking group TMT, which has attacked hundreds of thousands of private and state-owned companies in recent years.

In addition, Group-IB was involved in the Carding Action 2020 operation of Europol and the UK police, which aims to combat the illegal market for the sale of stolen bank cards. Using its own technologies, Group-IB analyzed and transmitted to the police data on 90 thousand compromised cards of clients of financial organizations in Europe. As a result, it was possible to prevent damage that could have been caused to European banks in the amount of 40 million euros.

"Law enforcement agencies effectively use our technology in cybercrime investigations to find criminals. There is a result, so our technologies work, "said Ilya Sachkov, founder and CEO of Group-IB.

Group-IB presented its solutions at the CyberCrimeCon 2020 cybersecurity conference. The Threat Intelligence&Attribution system, which has no analogs, saves all possible data about hackers, including those that were tried to delete, and sets detailed information about them, up to the identity of the criminals.

The second system, Threat Hunting Framework, is able to protect the entire company: from traditional IT networks to remote workplaces of employees. The AI system finds unknown threats and targeted attacks both inside and outside the protected perimeter, giving the security service the tools to properly respond to an incident.

All Group-IB technologies are integrated into a single system that automatically blocks attacks and immediately goes to specific criminals.

Cyber criminals scam bank customers pretending to be from bank security

 Attackers call a potential victim and offer to install an app on their phone that "reliably protects money from theft." And then, with the help of this app, they steal the money from the card or get a loan on behalf of the victim.

According to Sergey Sherstobitov, head of the Angara information security integrator, fraud is committed using a malicious program that can intercept passwords when they are activated in banking applications. Then, with their help, the attackers can easily transfer funds to another account.

Dmitry Kuznetsov, head of methodology and standardization at Positive Technologies, warns that Bank employees never ask customers for card or account details.

The police do not exclude that such fraud may be widespread and asks Russians to remain vigilant.

According to the Central Bank, the activity of telephone scammers increased four times in the first six months of this year. In total, the regulator recorded more than 360 thousand unauthorized transactions with funds of Russians for a total of about 4 billion rubles ($51,8 million). Banks returned about 485 million rubles ($6 million) of stolen money to their clients.

The low percentage of refunds from the Bank is due to the fact that people, in fact, become victims of their own free will. After all, the client signs an agreement with the Bank that prohibits the transfer of confidential information about the Bank card to third parties, said lawyer Yakovlev.

However, it should be noted that the data of clients of Russian banks has risen in price on DarkNet. Ashot Hovhannisyan, the founder of the DLBI DarkNet search and monitoring service, explains that the increase in the cost of such services indicates a decrease in the number of offers on the market. This, in turn, means that credit institutions reduce the chances of hackers to steal data and increase security.

The Russian Duma has introduced a bill to strengthen control over foreign e-wallets

The document obliges citizens to report to the Federal Tax Service on the movement of funds in their foreign electronic wallets

Parliamentarians have submitted to the State Duma a bill according to which Russian citizens will have to report to the tax authorities on the use of foreign e-wallets. For refusing to do this, its authors propose to fine Russians by 40% of the amount transferred to these wallets for the year.

"Those who do not comply with the law can be fined 40% of their annual income. The law applies only to transactions over 600 thousand rubles ($7,600). This is done to ensure that citizens comply with the law," explained Anatoly Aksakov, one of the authors of the new bill, a State Duma Deputy and Chairman of the Council of the Russian Banking Association.

The Creator of the law noted that earlier e-wallets were simply overlooked. Now the new norm has restored a gap in the legislation. First, the innovation will affect those Russians who have accounts abroad in the form of electronic wallets.

"This law will most of all affect those who have accounts abroad, for example, those who work or study there. I think that a fine of 40% is quite a decent amount that will make you think about whether to hide your accounts and, most importantly, operations,” said Aksakov.

Previously, Russian banks were required to inform the tax service about the opening of personalized e-wallets. Financial organizations automatically send data to the Federal Tax Service, in addition, during a tax audit, they are required to notify the tax authorities about wallet transactions.

In addition, in August, Russia banned adding cash to anonymous e-wallets. Restrictions also made it impossible to add cash to transport cards where they are implemented in the form of an electronic wallet.


Russian experts predict a shortage of cybersecurity specialists

Despite the funding cuts caused by the pandemic crisis, companies around the world are going to hire more and more cybersecurity specialists. But the shortage of specialists in the market is already observed and will only increase next year

The recruiting agency HeadHunter confirmed the growing demand for specialists in the field of cybersecurity, the number of vacancies for such specialists in Russia is growing at a double-digit rate. If for the whole of 2018 more than 17 thousand of them were opened, then from January to October 2020 - almost 30 thousand.

Natalia Golovanova, head of the SuperJob research center, notes that specialists and managers in the field of information security are most in-demand today in IT and financial companies. “Now the competition in this segment of the labor market is only 2.5 CVs per vacancy, which indicates a lack of specialists and a low level of competition,” she said.

Next year, Golovanova expects "a smooth increase in demand for specialists in the field of information security”.

It is worth noting that the average market salary of information security specialists is now 150 thousand rubles ($1,800) in Moscow, and 130 thousand rubles ($1,600) in St. Petersburg, and 320 thousand ($4,000) and 300 thousand rubles ($3,700) for information security directors.

Oleg Sedov, Director of Development for the Cybersecurity for the Population business at Rostelecom-Solar, confirms that the demand for information security specialists is significantly higher than the supply. "The problem of personnel is manifested not only in the shortage of employees but also in the lack of qualified specialists,” said Sedov.

According to a study by the consulting company PwC, more than half (52%) of Russian companies plan to increase spending on information security in 2021, and 42% of organizations intend to increase the number of employees employed in this area.

For example, PwC estimates that more than 3.5 million new cybersecurity jobs will be opened worldwide in 2021.

The study was conducted based on the results of a survey of more than three thousand managers of companies, technology and information security departments in various industries.

Numerous fraudulent sites disguised as well-known brands have appeared on the Runet


In autumn, experts recorded mass registration of domain names with the names of well-known brands in the .RU zone

Specialists at Infosecurity, a Softline company, recorded mass domain registration in Runet with the name of well-known brands and the ending –off, which can be used for sales.

As an example, the company cited the domain names familiya-off.ru, detskiy-mir-off.ru, tele2-off.ru, rosneft-off.ru and citilink-off.ru. According to the head of the Infosecurity special server Sergey Trukhachev, on October 20, the Ethic threat detection service detected the registration of 192 such domains. All of them are registered through the same Russian structure with servers at ISPIRIA Networks Ltd, located in Belize (Central America). As Trukhachev noted, the company is often used for hosting malicious sites.

At the end of September, the appearance of hundreds of similar domains in Runet was noticed by SearchInform. According to Alexey Drodd, head of the company's information security department, it’s about very diverse brands (furniture companies, clothing stores, jewelry stores, mobile retail).

According to Kirill Kirillov, co-founder of BrandMonitor, domains with the names of major brands are registered every day, and the earnings of scammers depend on the method of monetization. For example, according to Kirillov, counterfeit dealers can earn 3-10 million rubles ($39,000 - $117,000) annually.

Such a site can be blocked in a day if it is obvious that it is phishing or distributes malicious software. There are also cases when it is technically impossible to block access to a resource: if their servers are located in a country where hosting providers do not block sites (for example, in Belize).

The companies surveyed said they monitor domain registrations with similar names and fight them when signs of fraud appear.

Russian experts says the number of cyber threats increased during COVID-19

Cyber attack prevention experts recorded a sharp increase in the number of cyber threats and outlined the main trends in computer crimes during the COVID-19.

The report was presented at the international forum of the Academy of Management of the Ministry of Internal Affairs of the Russian Federation "Strategic development of the system of the Ministry of Internal Affairs of Russia: state, trends, prospects".

The main conclusion of the study is the rapid growth of computer crime, primarily financial fraud using social engineering, as well as the exploitation of the COVID-19 theme in malicious mailings, switching operators of encryption viruses to large targets, as well as active recruitment of new participants to criminal communities.

According to the Ministry of Internal Affairs, one of the main trends of digital transformation is the development of remote methods of committing crimes, crimes have gone from offline to online. Almost 70% of registered crimes related to illegal arms trafficking in 2020 were committed using the Internet - remotely and anonymously. The same applies to the illegal sale of drugs, counterfeit money, securities and documents.

Throughout 2020, Group-IB recorded an increase in the number of financial scams using social engineering - vishing, phishing -the victims of which were mainly Bank customers.

At the same time, the fraud implementation schemes themselves have not actually changed. The main motive of cybercriminals is the same: stealing money or information that can be sold. Now it is popular to sell fake digital passes, send messages about fines for violation of quarantine, fake courier sites, fraudulent mailings on behalf of the Zoom video conferencing service.

This year has given birth to even more groups and partner programs, as well as new collaborations. So the operators of the QakBot banking Trojan joined Big Game Hunting, and recently the FIN7 group, which actively attacked banks and hotels, joined the REvil ransomware partner program. The size of the ransom has also increased significantly: cryptolocker operators often ask for several million dollars, and sometimes tens of millions.

Russian military companies were reportedly attacked by hackers from North Korea

North Korean hacker group Kimsuky has reportedly conducted several attacks on the Russian military-industrial complex in order to obtain military and technological secrets of Russia

According to the cybersecurity company Group-IB, attacks by hackers from the Democratic People's Republic of Korea on the Russian defense industry took place in the spring of 2020. North Korean cyber criminals sought to obtain data from aerospace and defense companies, as well as from enterprises that produce artillery equipment.

Telegram-channel SecAtor reported that Rostec was among the companies that were attacked. RT-Inform, a subsidiary of Rostec that deals with information security, did not confirm or deny these data, but noted that the number of cyber attacks on the resources of the state corporation increased from April to September.

"Most of the attacks were poorly prepared and did not pose a significant threat when they were exposed, but this could only be preparation," said RT-Inform.

Experts believe that in this case, hackers from the DPRK will soon launch new, more well-prepared attacks.

Kimsuky is also known by the names Velvet Chollima and Black Banshee, it is engaged in cyber espionage. According to Group-IB, North Korean hackers previously attacked facilities in South Korea, but then engaged in enterprises in the production of artillery equipment and armored vehicles in Russia, Ukraine, Slovakia and Turkey, using fraudulent mailings.

According to Denis Legezo, a cybersecurity expert at Kaspersky Lab, some fraudulent emails from North Korean groups contain information about vacancies in the aerospace and defense industries. He believes that this indicates the interest of hackers in industrial espionage.

As reported by E Hacking News, in September in Russia there were cases of attacks by the Chinese hacker group Winnti on software developers for banks, as well as on companies in the construction sector. Winnti has previously repeatedly hacked the networks of industrial and high-tech companies from Taiwan and Europe, but the group's activities have not yet been reported in Russia.

Money stolen from bank accounts of Russians twice as much as last year

In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled.

According to the Prosecutor General's Office, now every fifth fact of theft is associated with the theft of funds from accounts.

The Central Bank said that hacker attacks are more frequent in 2020, but the effectiveness of attacks on banks has not increased. Fraudsters are now increasingly trying to deceive citizens using social engineering, so the number of calls has increased four times. At the same time, new criminal schemes have not appeared, but now criminals have begun to actively use the topic of COVID-19.

Vitaly Trifonov, Deputy head of the Group-IB Computer Forensics Laboratory, explained the reasons for the increase in attacks: "On the one hand, this is facilitated by the gradual digitalization of life, when more and more people make purchases online, pay with a card and use an ATM less. On the other hand, there are simple and working fraud schemes that do not require special skills or investment”.

Moreover, in the past year and a half, cases of theft of money from citizens using social engineering methods have become more frequent in Russia. According to a study by Digital Security, when files are transferred via email and cloud services, metadata about them is saved and used by fraudsters.

Spending on information security in Russia will increase eightfold

Russia intends to sharply increase the cost of information security, and mainly on cryptography, and not on personal data protection

According to the published draft of the Federal budget for the next three years, it was decided to increase the expenditures on information security in the amount of 2 billion rubles (25 million dollars) initially laid down for 2022–2023 to 16 billion rubles (204 million dollars). This is the most significant increase in the budget in comparison with other Federal projects included in the Digital Economy direction.

The authorities plan to pay the greatest attention to the development of domestic cryptography, the functioning of cyber polygons, filtering Internet traffic and countering computer attacks. At the same time, the creation and operation of the national center for the introduction of modern cryptography methods can take over more than half of the total budget of the Federal project.

Budget money should also be used to analyze the security of state systems. However, the largest expenditures are allocated for the technical implementation of various project areas: equipment, specialized software, and staffing and production support.

The disadvantage of the project is the lack of measures aimed at preventing data leaks and protecting the personal information of Russians. Analysts pointed out that it would be logical to allocate part of the funds to system security in matters of interaction between the state and citizens on digital platforms. In addition, according to market participants, specialized education and training of qualified specialists receive insufficient funding.

Ivan Mershkov, technical Director of NGRSOFTLAB, said that it is critically important to envisage measures to increase digital literacy among the population. The number of phishing attacks shows explosive growth, which will only increase with the increase in digital consumption.

Nevertheless, the increase in funding for this federal project was seen as a good sign, indicating that the issue of cybersecurity is coming to the fore in Russia.

Russian authorities prohibit modern Internet protocols because they make it difficult to block websites


 The Ministry of Digital Development of Russia wants to ban the use of experimental encryption protocols DNS over TLS, DNS over HTTPS and ESNI in Russia, which can be used to bypass access blocks to prohibited sites. Experts warn that to implement such a ban, it will be necessary to block the servers of Google, Cloudflare and Cisco.

On September 21, the Ministry submitted for public discussion a bill that prohibits the use of encryption protocols in the Russian Federation, which allow to hide the name of an Internet page or site. In particular, the Ministry believes that this will help to increase the effectiveness of blocking sites that are prohibited in the territory of the Russian Federation.

According to the head of the Ministry of Digital Development Mister Shadaev, all the advantages of the new DNS request encryption protocols for users are obvious, "but we must understand that their wide distribution will also allow us to bypass all existing filtering and blocking systems for prohibited sites, including sites that contain illegal content."

"Mozilla decided last year to enable DoH Protocol in Firefox by default. DoH Protocol is also already included in the Google Chrome browser. Naturally, all this creates opportunities for many users of these browsers to go to blocked sites and bypass the parental control mode. I don't think that many parents would be very happy about this," the Minister explained the need to develop the bill.

So, mister Shadaev gave an example when, at the request of the UK government, Mozilla agreed not to include the DoH function in its browser by default for users in this country. The head of the Ministry of Digital Development noted that this was done largely under pressure from the public and the Association of British Internet service providers. 

Russian-speaking hackers attacked Russian companies and demanded ransom

Group-IB recorded a successful attack by the criminal group OldGremlin on a Russian medical company. The attackers completely encrypted its corporate network and demanded a ransom of $50,000.

Russian-speaking hackers from the OldGremlin group attacked several Russian companies, despite the ban: among cybercriminals, there is an unspoken rule "do not work on RU".

According to experts, since the spring of 2020, hackers from OldGremlin have conducted at least nine attacks on Russian companies. It is noted that they send malicious emails allegedly on behalf of the Russian media holding RBC, the Russian metallurgical holding, the Minsk Tractor Plant, the Union of microfinance organizations and other individuals and enterprises. Under various pretexts, attackers are asked to click on the link and download the file. After trying to open it on the victim's computer, the backdoor malware TinyPosh runs.

This time a large Russian medical company became the victim of the criminals. After gaining access to the computer of one of the employees, they deleted the organization's backups, and also spread the TinyCrypton ransomware virus on the computers of the employees. As a result of their actions, the work of regional branches of the medical company was stopped. Then the hackers demanded a ransom: they wanted to get 50 thousand dollars in cryptocurrency for restoring access.

"The lack of a strong communication channel between organizations that resist cybercrime, as well as the difficult political situation, lead to the emergence of new criminal groups that feel safe," said Rustam Mirkasymov, head of the dynamic analysis of malicious code at Group-IB. The expert also stressed that businesses often underestimate the threats posed by cybercriminals, and do not use the necessary means of protection. 

Russia is planning to create a working group to protect the digital rights of citizens

The Presidential Council for the Development of Civil Society and Human Rights is planning to create a working group. Its specialists will protect the digital rights of Russians

In Russia, a group will be created whose task will be to protect the digital rights of citizens. This was announced by the head of the Presidential Council for the Development of Civil Society and Human Rights Valery Fadeev.

Members of the working group will try to understand how to minimize the damage from progress in the field of IT technologies, he explained.

According to him, the process of digitalization has not only a positive impact but also a negative one. "Digitalization cannot be stopped, progress, of course, cannot be stopped. As with any powerful technological or technical process, there are always various negative sides, negative aspects, and they accumulate, “ said Fadeev at the round table "Digital threats to human rights".

Negative examples include bullying on social networks and surveillance of people through city surveillance cameras.

"Today there was a message in the media that Anna Kuznetsova filed a lawsuit. The girl conducted an experiment – she bought online from someone for 16 thousand rubles ($213) information about where she was last month, providing her photo. Two days later, she received information from Moscow cameras,” said Mr. Fadeev.

Examples like these show that there is a security problem in the digitalization space. People are no longer protected and cybercriminals take advantage of this. Another problem is a fraud, which has begun to actively manifest itself on the network. Therefore, the main task of the working group is to understand how to minimize the damage from progress in the field of IT technologies.