Access denied: who is being attacked by hackers in Tatarstan

12% of Tatarstan business users were exposed to local threats in the first half of the year. The greatest interest among attackers in the network is caused by the resources of government agencies, industrial enterprises,

Less money, more destruction

According to Kaspersky Lab, in Tatarstan in the first half of the year, 12% of business users were subjected to local threats, 6% were subjected to attacks on the Internet. 12.8 thousand attacks on Tatarstan business users were recorded using encryption programs.

In general, 16% of Tatarstan users were attacked in January-June 2022, 7% - attacks on the Internet. 297,000 attacks on mobile devices were registered, and 502,000 attempts to navigate to phishing pages were stopped with the help of the laboratory's solutions.

28% of users faced telephone fraud in Tatarstan in the first quarter, and 33% in the second quarter. 97% of Tatarstan users had to deal with telephone spam.

Dmitry Galov, an expert on cybersecurity at Kaspersky Lab, told RBC Tatarstan that cyber attacks in the Russian Federation do not have a pronounced regional specificity. However, cybercriminals are especially interested in developed industrial regions.

“B2b suffered more and there were more changes in this segment. For ordinary users, the level of danger has even decreased now, because, for example, no one needs Russian bank cards anymore, because nothing can be done with them abroad,” Galov said.

According to the laboratory, in RUSSIA as a whole, the number of DDos attacks on organizations in the first quarter of 2022 increased by 4.5 times. 16% of business users were subjected to local cyber threats, 7% - to attacks on the Internet, more than 254 thousand attacks were carried out using encryption programs.

If in January and February ransomware attacked business users 1.3 thousand times, then in March the number of attacks increased to 1.7 thousand, and in May it amounted to 4.4 thousand. Another surge was recorded in July - over 3.5 thousand. In August, the number of such attacks decreased to 1.7 thousand.

At the forefront of attack

Dmitry Galov said that these threats this year have become less financially motivated, but more destructive. “According to our statistics, when we compare all the incidents that we know and divide them into 3 categories according to the degree of criticality, we are in the lead by telecom, the financial sector and IT companies. According to other statistics, when we do not break down into industries, we had industry in the broadest sense in 1st place. If we talk about a targeted story related to espionage, then government and diplomatic organizations, research centers and so on are in the first place, ”said Galov.

Read on RBC Pro Pro China's housing market is in a bubble.Can he provoke a global crisis Articles Pro Rich pensioner:how to save millions in a low paying job Pro Articles Why Aggressive Selling Still Works ArticlesPro What phrases should be stocked up before negotiations in English Instructions Pro Startup at 46 years old:how an IT specialist made $1 billion on loans for studentsPro Turkey or UAE: what to choose for investment in residential real estate Instructions Pro DOLLAR for 120:when to expect a new reality Articles

Galov noted that in 2021, the industrial sector was number one for attackers: it accounted for more than 30% of all incidents. The amount of damage from one successful attack on a company ranged from $105,000 (SMB) to $1 million (Enterprise).

In 2022, attacks targeted critical infrastructures and important commercial vendors, information portals and government resources, and an expanded range of target companies involved in important supply chains. At the same time, 71% of attacks are financially motivated, one of the leading places among them is occupied by penetration attempts using encryption programs. But if earlier the attacks came primarily from European countries, now the CIS states have taken the leading position.

Galov noted that if last year cybercriminals actively exploited topics related to covid-19 , now after the pandemic, the problem remains that a significant part of employees continue to work remotely. As a result, the security perimeter is somewhat blurred, and an unrelenting increase in remote access attacks is recorded. 49.7% of attempts to exploit vulnerabilities when compromising an internal network in 2022 were in MICROSOFT Office.

“I think DDos has plateaued. Everyone has already taken some action. The period of transformation and prolonged waiting and the realization that it will be necessary to switch to some other protective technologies will have its consequences. For users, in my opinion, no cardinal changes will happen,” said Galov.

Anton Kuzmin, HEAD of the CyberART Cyberthreat Prevention Center of the Innostage group, told RBC Tatarstan that in the first quarter of the year, according to companies related to information security, the number of attacks on Russian organizations increased 4 times compared to the same period last year.

“Most often in 2022, large state-owned companies were attacked: they accounted for 48% of all attacks. In second place in terms of the number of attacks are large companies involved in the supply of products and building materials. Hacks of these organizations accounted for 29% of the total number of attacks. The third place belongs to the financial sector: attacks on it accounted for 10% of all attacks. Fourth - telecom operators and transport companies, which accounted for 6% of all attacks. Attacks were also made on the media, but their scale was much smaller, ”Kuzmin said.

State Information

According to him, the most common type of attack was data compromise, which accounted for 37% of the total number of attacks. E-mail hacks, as well as hacks with the aim of substituting and damaging information, accounted for 19% of all attacks, phishing - 17%. DDoS attacks accounted for 7% of incidents.

“As for the latter type, appeals were recorded in open TELEGRAM channels and instructions were given for attacks on the following objects of the Republic of Tatarstan: websites of state institutions and service portals, republican media, Tatarstan banks, large republican enterprises. To date, various types and techniques of denial-of-service attacks have been recorded. The result of successfully implemented DDoS attacks is the complete or partial unavailability of a resource on the Internet for up to several hours,” Kuzmin said.

According to the Ministry of Digital Development of Tatarstan, in the first half of the year, about 410,000 hacker attacks were made on state information systems. While for the whole of 2021 their number exceeded 72 thousand (+30% compared to the same period the year before last).

Most often, according to the ministry, state information systems, websites of government agencies, banks, commercial enterprises, gaming and entertainment services, the media, public organizations, and medical institutions were subjected to attacks. They were produced with more than 14 thousand addresses, reaching a capacity of 1 Gbps.

“At the peak of the attacks, there were short-term slowdowns in the operation of sites. The protection measures taken made it possible to block all illegitimate requests, reducing the load on the sites and restoring their regular work, ”Deputy Minister Albert Yakovlev said in August at the collegium of the Ministry of Digital Development of the Republic of Tatarstan.

Subscribe to Telegram RBC Tatarstan