Information security consultant at R-Vision Karen Baghdasaryan believes

[tanjimajuha20]

Nikita Nazarov, Technical Director of IT company HFLabs, said that DDOS attacks affect the availability of the service, but do not lead to the leakage of sensitive data. "The number of such attacks has already decreased and will most likely remain at the current level, since "Gosuslugi" is currently unavailable from foreign IP addresses. And within Russia, such stories, even if they suddenly happen, are easier to stop. The number of attacks aimed at finding vulnerabilities uk cell phone number list and hacking, as well as attacks that use password guessing or social engineering, will grow. This is due to the growing popularity of "Gosuslugi" and the expansion of the capabilities that the portal provides. For example, for managing personal assets or people's documents. Hacking even one account can be extremely interesting and profitable for attackers. Two-factor authentication only protects against password guessing attacks. Despite the fact that this initiative is correct, it can also add complications. For example, people who, for various reasons, do not have access to a phone number may encounter difficulties. Moreover, there are known cases when attackers managed to reissue SIM cards using fake documents, - says Nikita Nazarov. - As for the bug bounty program, this is a common practice used by many large services. It's great that the Ministry of Digital Development has also decided to take this path. Let me remind you that just a few years ago, those who wanted to tell a large service or company about a cyber vulnerability, at best received "thank you, we'll take a look" in response, and at worst - accusations of malicious intent. It's enough to recall the story when one of the users gained access to the Russian Railways video surveillance network and told about it. But it's not enough to announce a bug bounty program - it's also important to comply with its rules and adequately qualify the level of criticality of the vulnerabilities that will be found, so that pentesters are motivated to participate in it, and not sell information about vulnerabilities on the darknet."
that, given the ongoing geopolitical situation in the world and the emergence of new types of threats, it is impossible to rule out an increase in attacks on critical information infrastructure facilities in Russia this year. "If we talk about the nature of the attacks, I assume that compared to 2022, it will change insignificantly: attempts to carry out targeted attacks on specific sectors of the Russian economy and government agencies will continue, while phishing and malware remain among the most popular types of attacks among intruders. However, thanks to government initiatives in the field of information security and the protective measures that many organizations are taking, it is likely that in 2023 such attacks will become less effective," says Karen Baghdasaryan.