Regulators forced to solve old problems
Posted: Wed Jan 22, 2025 9:10 am
During the plenary session "Resilience in the BANI world: barriers, strategies and opportunities" at SOC-Forum-2023, Deputy Head of the National Coordination Center for Computer Incidents (NCCI) Petr Belov called the changes in the structure of attacks cardinal: if in 2022 attacks by poorly organized masses of hacktivists dominated, then in 2023 they were replaced by professional representatives of foreign intelligence agencies. The goal of the attacks in 2023, as stated by the NCCI representative, is to gain access to data (38% of attacks) and disrupt the functioning of the IT infrastructure of the attacked organizations (25%).
Read also
In 2023, FSTEC identified latvia whatsapp number database about 700 violations in the field of protection of critical information infrastructure facilities. Typically, the category and possible damage are underestimated. A third of the applications are sent back for revision.
According to the Solar 4RAYS cyber threat research center of the Solar Group, 20% of all attacks were carried out by professional groups, 42% by financially motivated cybercriminals and cyber fraudsters, and about 30% by cyber hooligans. Most cyber attacks were carried out on government organizations (44%), telecom (14%), agriculture (9%), industry (7%), the financial sector (7%), and with equal shares of 4% retail, services, education, NGOs, and energy. The main goals of the attacks were data theft and direct damage to infrastructure.
As noted by Igor Zalevsky, Head of the Solar 4RAYS Cyber Threat Research Center of the Solar Group, presenting the results of the study "Techniques and Tactics of Cybercriminals. Yesterday, Today, Tomorrow", Chinese and North Korean groups are highly active in Russia, their main targets are government agencies and defense enterprises. The goals of pro-Ukrainian groups are usually attacks aimed at destroying infrastructure. "The goals of yesterday's hacktivists have changed: instead of DDoS and defacement, fraudsters are trying to hack and carry out destructive actions against the infrastructure of organizations, including critical information infrastructure (CII). We believe that in 2024 the number of incidents with destructive consequences will increase, and with the growth of import substitution, hackers will begin to use Russian software to penetrate through software vulnerabilities," said Vladislav Lashkin, Head of the Cyber Threat Counteraction Department of the Solar 4RAYS Research Center of the Solar Group. He also noted that it is easier and cheaper for an attacker to introduce a ransomware or wiper than to organize a DDoS attack, which Russian organizations have successfully learned to combat.
According to statistics from the PT ESC Information Security Threat Response Department of Positive Technologies, attackers have already mastered attacks on users of Linux-based systems, including Russian ones. As Denis Goydenko, Head of the PT ESC Information Security Threat Response Department, noted in response to a ComNews correspondent, attackers usually take advantage of the fact that operating systems are installed with default settings, and penetration into such infrastructure is well-practiced among attackers.
According to Positive Technologies, professional groups account for about 40% of attacks on Russian companies. However, Denis Goydenko made an important caveat that this only concerns incidents that were identified. According to his estimates, the share of attacks that are backed by APT groups or foreign intelligence agencies can reach 60%. However, attackers rarely invent new attack methods, while the number of incidents using already known vulnerabilities continues to grow. This suggests that companies at least do not update their software to the latest versions and do not audit the infrastructure perimeter.
https://www.comnews.ru/content/230
Read also
In 2023, FSTEC identified latvia whatsapp number database about 700 violations in the field of protection of critical information infrastructure facilities. Typically, the category and possible damage are underestimated. A third of the applications are sent back for revision.
According to the Solar 4RAYS cyber threat research center of the Solar Group, 20% of all attacks were carried out by professional groups, 42% by financially motivated cybercriminals and cyber fraudsters, and about 30% by cyber hooligans. Most cyber attacks were carried out on government organizations (44%), telecom (14%), agriculture (9%), industry (7%), the financial sector (7%), and with equal shares of 4% retail, services, education, NGOs, and energy. The main goals of the attacks were data theft and direct damage to infrastructure.
As noted by Igor Zalevsky, Head of the Solar 4RAYS Cyber Threat Research Center of the Solar Group, presenting the results of the study "Techniques and Tactics of Cybercriminals. Yesterday, Today, Tomorrow", Chinese and North Korean groups are highly active in Russia, their main targets are government agencies and defense enterprises. The goals of pro-Ukrainian groups are usually attacks aimed at destroying infrastructure. "The goals of yesterday's hacktivists have changed: instead of DDoS and defacement, fraudsters are trying to hack and carry out destructive actions against the infrastructure of organizations, including critical information infrastructure (CII). We believe that in 2024 the number of incidents with destructive consequences will increase, and with the growth of import substitution, hackers will begin to use Russian software to penetrate through software vulnerabilities," said Vladislav Lashkin, Head of the Cyber Threat Counteraction Department of the Solar 4RAYS Research Center of the Solar Group. He also noted that it is easier and cheaper for an attacker to introduce a ransomware or wiper than to organize a DDoS attack, which Russian organizations have successfully learned to combat.
According to statistics from the PT ESC Information Security Threat Response Department of Positive Technologies, attackers have already mastered attacks on users of Linux-based systems, including Russian ones. As Denis Goydenko, Head of the PT ESC Information Security Threat Response Department, noted in response to a ComNews correspondent, attackers usually take advantage of the fact that operating systems are installed with default settings, and penetration into such infrastructure is well-practiced among attackers.
According to Positive Technologies, professional groups account for about 40% of attacks on Russian companies. However, Denis Goydenko made an important caveat that this only concerns incidents that were identified. According to his estimates, the share of attacks that are backed by APT groups or foreign intelligence agencies can reach 60%. However, attackers rarely invent new attack methods, while the number of incidents using already known vulnerabilities continues to grow. This suggests that companies at least do not update their software to the latest versions and do not audit the infrastructure perimeter.
https://www.comnews.ru/content/230