Cyber range, security centre and antivirus software: how Tatarstan combat hackers?
The republic is going to create a cyber platform that will allow not only to resist attacks but also to stay ahead of threats
Cases of hacker attacks have become more frequent in Russia in general and in Tatarstan in particular. The companies surveyed by Realnoe Vremya attribute this to the switching of employees to remote work, economic crisis, digitalisation, and speculation about the pandemic. Is it enough to be vigilant, to use anti-virus software and rely on the centres to ensure information security? How will the hacker competition platform help you deal with cyber threats? Read the details in our article.
The “activation” operation
The number of cyber threats to banks has increased in Russia. In particular, more phishing attacks have been made on the email addresses of employees of financial organisations. Experts to prevent cyber-attacks at Group-IB noted at the international forum of Academy of Management of MIA of Russia in October that they see a significant growth in financial fraud and the exploitation of the pandemic in malicious mailings and switch ransomware operators on the larger target. They cited the consequences of the spread of the coronavirus, the transfer of employees to remote work, and the financial crisis as reasons.
In total, according to the ministry of internal affairs, in January-June alone, cybercrime increased by 91,7% compared to the first half of 2019. According to statistics of the Security Council, banks and authorities in Russia are most often subject to cyber attacks — 38% and 35%, respectively, of the total number of attacks. They are followed by defense enterprises, organisations in the field of science and education — 7%.
Digitalisation as a vulnerability
The press service of the ministry of finance of the Republic of Tatarstan explains that in Tatarstan they are recording an increase in the number of attacks using SQL injections (when a resource is vulnerable, code injection allows you to manage the database — editor's note). We are talking about state-funded and state organisations, but the agency does not keep statistics on commercial companies.
“Unfortunately, detailed statistics are classified information. However, we can say that we managed to reduce the number of attacks on websites and information systems in Tatarstan compared to last year. Computer networks and information systems in schools are most vulnerable to attacks. The most common attack is password mining," the press service explains in response to questions about the dynamics of attacks in 2019 and 2020, as well as the most common cyber threats in the republic.
The ministry of finance of the Republic of Tatarstan believes that the transfer of employees to remote work has also affected the growth in the number of cyber attacks both in Russia and in the world. In Tatarstan, the situation is further complicated by that due to the high degree of digitalisation, the republic is even more susceptible to information threats.
The press service of MegaFon notes that the forced transition of companies to remote operation has affected information security in many industries, including telecom. According to the operator, vigilance when using digital services by companies and individuals during the pandemic has significantly decreased, which has led to an increase in the number of cybercrimes.
Big businesses in the Republic of Tatarstan note a growth of cyber threats
The press-service of the ministry, for the request of Realnoe Vremya on the dynamics of crimes connected with attacks, at the time of publication has not responded. However, the increase in the number of information threats is noted by other surveyed companies operating in Tatarstan in addition to MegaFon.
“Unfortunately, recently there has been an increase in fraudsters on the banking market who seek to find out confidential customer information and use it for illegal purposes," the press service of Home Credit bank comments.
“This year, compared to 2019, of course, there is a slight increase in the number of attempts to launch cyber attacks. Hackers, using the increased information request of the population, actively use the topics of world events, such as the pandemic, in their phishing attacks," the Bank of Kazan states.
If you're being attacked, you are on you own
Cyber attacks can cause not only loss of money, but also reputational risks, the violations of technological processes, destruction of data, and simple infrastructure.
InnoStage Group, which also develops and delivers services in the field of information security, explains that modern technologies allow cybercriminals to gain access to smartphones, computers and entire systems. As a result, e-wallets and online banking of individuals, as well as databases of clients of companies and users of state portals, and internal information of enterprises fall into the risk zone.
One can use a number of tools to protect company and agency data from cyber attacks and leaks. The main one is modern antivirus systems that allow give the opportunity to find and block malicious files in corporate mail even before an employee opens an email and clicks on a link containing a virus; track the danger inside the system.
To ensure that information threats do not disrupt the company's work, one should approach protection in a comprehensive manner, so it is better to use antivirus software that tracks attacks in various data streams. In addition to mail, it can be network and web traffic, and visited Internet portals.
This is the path taken by the operator from the big four.
“MegaFon has a number of procedures in place to protect customers from cyber threats. The company has developed comprehensive technical solutions that protect infrastructure, Internet resources and prevent unauthorized access to subscribers' smartphones. For corporate clients, an ecosystem of solutions has been implemented that help businesses manage risks in the field of data security, protect against hacking, internal and external threats," the press service reports.
The banks surveyed by Realnoe Vremya add that they also regularly remind their customers about vigilance and security rules, and advise them not to disclose confidential data. And some of them also provide special training for their employees.
“The bank has worked to strengthen security measures and prevent incidents. The bank also regularly conducts training and awareness-raising of bank employees on information security and secure information processing," the Bank of Kazan explains.
Not defending, but avoiding
As information technologies evolve and digitalisation continues to gain momentum, new versions of malware are being released. It is not always possible to protect yourself from them using the old methods, so modern threats require modern solutions.
With the mass departure to the remote format of work, the attack vectors have also changed. The data of companies specialising in digital intelligence shows a sharp increase in attacks using social engineering tools and using the human factor in 2020. Transferring employees to remote work, the organisation of multiples increase the risk of access to their servers.
“A remote workplace is a tempting prey for a fraudster, because it is enough to overcome only one barrier of trust — a specific person who, for example, did not read the email sender's address very carefully," InnoSTage comments. “Having gained access to the official's mail, hackers can send out letters on his or her behalf, issue invoices for payment, and distribute malicious programmes. The solution here is complex: on the one hand — advanced configuration and regular adaptation of servers, on the other — user training. This includes teaching the basics of digital literacy and practical work. For example, sending phishing emails, as a real hacker would do. Online criminals have a huge set of tools. As specialists, it is important for us to work ahead of the curve here.”
The ministry of digitalisaion of Tatarstan note that for prompt containment of cyber threats, the first stage of creating a special centre respond to information security incidents — SOC — has been completed at government agencies.
In order not just to protect themselves, but to prevent attacks, the professional community began to practice competitions among cybersecurity experts. At the hackathon held in China, for example, vulnerabilities were identified in the world's most common applications and operating systems, after which all data was passed to developers.
InnoSTage also participates in similar digital competitions. From November 12 to 17, the company's team under the speaking name “Cybertatars” is testing their capabilities on a virtual model of a modern city at The Standoff international online cyber training sessions. Exercises on the cyber range include two opposing sides — attacking hackers and defending cyber security experts from attackers. Hackers will try to take control of the city: manage the transport system, banks, television, and businesses. The task of defense is to repel these attacks. The Tatarstan team acts on the “good” side and is engaged in providing protection against information threats.
Such cyber training allows companies and agencies to test their safety loop, find weaknesses, predict the possible consequences of hacker attacks, and think through a scenario for further actions during a threat. InnoSTage notes that such a cyber range is planned to create in Tatarstan as well.
“The cyber range is a format that effectively solves a number of problems. First, it is safety testing in conditions that are as close as possible to combat, opposing professional, “live” hackers. Second, it is an opportunity to increase the level of competence of your team and gain unique experience in repelling attacks. And third, getting a valuable resource for analytical work, understanding the attack vectors that were demonstrated by hackers. The creation of a permanent platform on the basis of the republic can become the basis for the formation of a developed cybersecurity ecosystem involving various sectors of the economy," comments Aydar Guzairov, the head of InnoStage Group.
Подписывайтесь на телеграм-канал, группу «ВКонтакте» и страницу в «Одноклассниках» «Реального времени». Ежедневные видео на Rutube, «Дзене» и Youtube.