Hackers are using increasingly sophisticated methods of attacks that can lead to serious consequences for business and the state.
The Russian company F. A. C. C. T., a developer of cybersecurity solutions, has published its annual report on cyber threats in Russia and the CIS. The authors of the study predict that in 2023-2024, Russian companies and government agencies will face new powerful cyber attacks from hacker groups, hacktivists and ransomware amid the ongoing geopolitical conflict.
In 2023, experts recorded 14 pro-state hacker groups that attacked organizations in Russia and the CIS countries. The largest number of incidents occurred in Russia (28 attacks), Azerbaijan (6 attacks), Belarus, Kyrgyzstan and Kazakhstan (4 attacks each). The attackers mainly targeted government agencies, organizations associated with critical infrastructure, military departments and enterprises of the military-industrial complex.
As F. A. C. C. T. found out, pro-Ukrainian hacktivists were behind the majority of DDoS attacks and the publication of compromised databases of Russian companies in 2023. At the same time, groups from countries not directly involved in the conflict, such as China or North Korea, continue to engage in cyber espionage in Russia and the CIS.
There are cases of sabotage of the Russian IT infrastructure by former employees located abroad.
The number of ransomware attacks jumped by 160% last year. The average size of the buyout increased to 53 million rubles. Retailers, manufacturing, construction, travel and insurance companies are the most affected.
The report focuses on the Comet (Shadow) — Twelve crime syndicate, which was named "discovery of the Year". This group has demonstrated a new trend — the emergence of "dual-use" groups that pursue both financial and political goals. One of the new tactics of the attackers was the theft of Telegram accounts on victims ' devices, which allowed spying on employees of the attacked company after the attack.
In addition, some groups, including Shadow (Comet) and Werewolves, for the first time in Russia began using their own DLS resources to publish data about attacked Russian companies. This method, long used abroad, has become a new tool of pressure on Russian targets, threatening to publish stolen data.
F. A. C. C. T. experts predict that in 2024, ransomware programs will retain their leading positions among cyber threats to Russian companies. The success of their attacks is due, among other things, to the growing shadow market for selling compromised access to the infrastructure of potential victims, which greatly facilitates the preparation and implementation of attacks.
The report also highlights the role of log clouds (UCL) as a valuable data source for attackers. In 2023, the number of such clouds tripled, reaching about 300, which indicates their popularity among cybercriminals. Particularly worrisome is the fivefold increase in data related to major banks in Russia and the CIS, which underscores the importance of strengthening security measures in the financial sector.
Underground markets that sell bank card data, access to servers and user accounts have also developed significantly. In addition to Russia, Azerbaijan (5,523), Uzbekistan (2,183) and Armenia (798) were among the CIS countries whose compromised data was put up for sale on underground markets.
According to the company's forecasts, in the coming 2024, Russian companies and government agencies will again face increased activity of cyber spies, ransomware attacks, data leaks, DDoS and site defaces performed by hacktivists.
The Russian company F. A. C. C. T., a developer of cybersecurity solutions, has published its annual report on cyber threats in Russia and the CIS. The authors of the study predict that in 2023-2024, Russian companies and government agencies will face new powerful cyber attacks from hacker groups, hacktivists and ransomware amid the ongoing geopolitical conflict.
In 2023, experts recorded 14 pro-state hacker groups that attacked organizations in Russia and the CIS countries. The largest number of incidents occurred in Russia (28 attacks), Azerbaijan (6 attacks), Belarus, Kyrgyzstan and Kazakhstan (4 attacks each). The attackers mainly targeted government agencies, organizations associated with critical infrastructure, military departments and enterprises of the military-industrial complex.
As F. A. C. C. T. found out, pro-Ukrainian hacktivists were behind the majority of DDoS attacks and the publication of compromised databases of Russian companies in 2023. At the same time, groups from countries not directly involved in the conflict, such as China or North Korea, continue to engage in cyber espionage in Russia and the CIS.
There are cases of sabotage of the Russian IT infrastructure by former employees located abroad.
The number of ransomware attacks jumped by 160% last year. The average size of the buyout increased to 53 million rubles. Retailers, manufacturing, construction, travel and insurance companies are the most affected.
The report focuses on the Comet (Shadow) — Twelve crime syndicate, which was named "discovery of the Year". This group has demonstrated a new trend — the emergence of "dual-use" groups that pursue both financial and political goals. One of the new tactics of the attackers was the theft of Telegram accounts on victims ' devices, which allowed spying on employees of the attacked company after the attack.
In addition, some groups, including Shadow (Comet) and Werewolves, for the first time in Russia began using their own DLS resources to publish data about attacked Russian companies. This method, long used abroad, has become a new tool of pressure on Russian targets, threatening to publish stolen data.
F. A. C. C. T. experts predict that in 2024, ransomware programs will retain their leading positions among cyber threats to Russian companies. The success of their attacks is due, among other things, to the growing shadow market for selling compromised access to the infrastructure of potential victims, which greatly facilitates the preparation and implementation of attacks.
The report also highlights the role of log clouds (UCL) as a valuable data source for attackers. In 2023, the number of such clouds tripled, reaching about 300, which indicates their popularity among cybercriminals. Particularly worrisome is the fivefold increase in data related to major banks in Russia and the CIS, which underscores the importance of strengthening security measures in the financial sector.
Underground markets that sell bank card data, access to servers and user accounts have also developed significantly. In addition to Russia, Azerbaijan (5,523), Uzbekistan (2,183) and Armenia (798) were among the CIS countries whose compromised data was put up for sale on underground markets.
According to the company's forecasts, in the coming 2024, Russian companies and government agencies will again face increased activity of cyber spies, ransomware attacks, data leaks, DDoS and site defaces performed by hacktivists.
