In 35% of attacks, the attackers' goal was to steal data from
Posted: Mon Jan 27, 2025 6:44 am
According to estimates by Sergey Gorelov, a representative of the National Cybersecurity Center for Cybersecurity, who spoke at the SOC Forum 2022 with a report entitled "Trends and Key Features of Information Security Threats to Information Resources of the Russian Federation in 2022", the threat landscape has changed little this year. However, he drew attention to factors such as the reduction in the time between the identification of vulnerabilities and the emergence of tools that allow them to be exploited, the widespread use of professional tools, including those using a service model. At the same time, there is an increase in the average qualifications of attackers.
The intensity of attacks and cyprus cell phone number list their scope also increased, and this coincided with the shutdown of foreign security tools. Mass certificate revocations and the disconnection of Russian telecom operators from international trunk communication channels also played a role.
the attacked company. In 30% of cases, the goal was to achieve an image effect. In every fifth attack, the goal was to gain access to the infrastructure of a partner company. In 15% of cases, the goal was to infect with ransomware. Most often - in 40% of attacks - the target was government agencies. In 22% of cases, the victims were industrial enterprises, in 13% - financial sector institutions, in 11% of cases, transport companies were attacked, in 3% - medical institutions, in 2% - energy facilities.
The most widespread types of attacks were DDoS and defacements of websites, primarily of government agencies and the media. At the same time, DDoS were often used as a cover for other attacks. Up to 300 thousand people participated in them, their activities were coordinated from a single center. At the same time, tools that were previously available only to professionals were widely distributed among the participants.
As Vadim Uvarov, Director of the Information Security Department of the Bank of Russia, noted, the growth in the intensity of DDoS attacks against the Russian financial sector at its peak in May increased 80 times compared to the same period of the previous year. However, on average, the growth in the number of attacks over the nine months amounted to about 80% in annual terms.
Large-scale data leaks have become widespread, as noted by Sergey Gorelov. The main reason for such incidents is the negligence of IT personnel. Alexey Kubarev, an expert at the Dozor product center "RTK-Solar", commented on the incident in the Yandex.Food service: "Leaks through SQL dumps are a fairly common phenomenon. The reasons for such incidents can vary - these include errors in the configuration of servers where client databases are stored, and personnel errors, and malicious actions of internal employees."
Read also
The intensity of attacks and cyprus cell phone number list their scope also increased, and this coincided with the shutdown of foreign security tools. Mass certificate revocations and the disconnection of Russian telecom operators from international trunk communication channels also played a role.
the attacked company. In 30% of cases, the goal was to achieve an image effect. In every fifth attack, the goal was to gain access to the infrastructure of a partner company. In 15% of cases, the goal was to infect with ransomware. Most often - in 40% of attacks - the target was government agencies. In 22% of cases, the victims were industrial enterprises, in 13% - financial sector institutions, in 11% of cases, transport companies were attacked, in 3% - medical institutions, in 2% - energy facilities.
The most widespread types of attacks were DDoS and defacements of websites, primarily of government agencies and the media. At the same time, DDoS were often used as a cover for other attacks. Up to 300 thousand people participated in them, their activities were coordinated from a single center. At the same time, tools that were previously available only to professionals were widely distributed among the participants.
As Vadim Uvarov, Director of the Information Security Department of the Bank of Russia, noted, the growth in the intensity of DDoS attacks against the Russian financial sector at its peak in May increased 80 times compared to the same period of the previous year. However, on average, the growth in the number of attacks over the nine months amounted to about 80% in annual terms.
Large-scale data leaks have become widespread, as noted by Sergey Gorelov. The main reason for such incidents is the negligence of IT personnel. Alexey Kubarev, an expert at the Dozor product center "RTK-Solar", commented on the incident in the Yandex.Food service: "Leaks through SQL dumps are a fairly common phenomenon. The reasons for such incidents can vary - these include errors in the configuration of servers where client databases are stored, and personnel errors, and malicious actions of internal employees."
Read also