Hackers have intensified attacks on objects of the critical information structure of the Russian Federation
The number of cybercrimes against Russian companies has doubled compared to last year.
A PolitNavigator correspondent reports this, Kommersant reports.
Referring to the report of the Center for Monitoring and Responding to Cyberattacks Solar JSOC of Rostelecom-Solar, the publication indicates that in January-November 2020 more than 200 professional hacker attacks on Russian companies were recorded.
This is double the figure for all of 2019. Of these, 30 attacks were carried out by groups of the highest level, working, as Rostelecom suggests, for foreign countries. Most often, professional groups tried to hack critical information infrastructure (CII) facilities, which include, for example, banks, nuclear enterprises, healthcare facilities, electricity supplies, military facilities and government agencies.
It is noteworthy that in 85% of cases, the report notes, hacker groups find so-called zero-day vulnerabilities (that is, unknown to developers) in the software of Russian CII objects, and then try to hack mail servers and computers of top officials of companies and departments.
Attackers also attempted to gain control over the infrastructure of facilities by attacking workstations of IT administrators with a high level of privileges. At the same time, Vladimir Dryukov, director of the center for monitoring and responding to cyber attacks at Solar JSOC Rostelecom-Solar, warns that the high level of security of the company’s IT infrastructure does not guarantee that hackers will not be able to gain access to it.
“Increasingly, attackers do not attack the organization itself directly, but act through its contractor, who cares less about information security and at the same time has access to the infrastructure of the final target of the attack,” says Dryukov.
And the director of the InfoWatch ARMA project management department, Andrey Yurshev, emphasizes that the increase in attacks on industrial systems is a global trend associated with the spread of software for hackers and the interest of states in cyber operations.
“Imported software sends so-called telemetry information to its manufacturers. Therefore, corporate networks, whose employees, even only for official duties, have access to the Internet, have already transmitted abroad all the necessary information to organize an intrusion into them or host sleeping malware,” Yurshev said.
Thank you!
Now the editors are aware.