Ilya Sachkov: if the data was leaked, they will remain there forever
Pandemic coronavirus planted home the whole world, but untied the hands of cyber criminals, who immediately reacted to a new reality. About new methods in the Arsenal of hackers, what threats should prepare global companies to protect their data and wallet in the network, why can not reduce vigilance on remote, people often attack the virus-coders, what cyberhooliganism can arrange the students during the exam and how to recognize that calling you a crook, in an interview with RIA Novosti said the head of the international company Group-IB, specializing in the prevention of cyber-attacks, Ilya Sachkov. Interviewed By Mariam Baghdasaryan.
— To quarantine, working in the office, we were all in a good way under the supervision of employers inside the protected perimeter of the corporate network. When employees of the majority of Russian companies have moved on udalenku, they represent for criminals a very interesting target.
First, both the employer and the security service of the employer, IT-services are far away, gradually erased the psychological barrier of "friend or foe", and, of course, reduced vigilance.
Secondly, when missing the opportunity to go to the store, the online share trading began to grow, the increased demand for delivery of food and goods of Prime necessity, medical advice, certificates, permits, training, and any other digital services. People with money, with the banking card and Internet banking who wants something quick to order online, it is for intruders the ideal goal. So, naturally, the attackers moved on to attack individuals.
There are interesting statistics. According to the interior Ministry, the decline in January-April 2020 the number of murders and attempted murders, robberies and robberies, the growth of the IT crime amounted to 82.4% and greatly influenced the increase in the total number of registered crimes in the country for 4 months by 0.8%. Will not be mistaken if I say that most of the accounts on all sorts of financial fraud such growth is not even similar to the regular seasonal increase, as, for example, before the New year. It is ten times more victims and much more.
The attackers, who are already in jails and prisons, understand that during a pandemic they have a free hand. We saw a newsletter in which people were fined for violation of the regime of self-isolation on the basis of a non-existent decision of the FSIN. Since different regions had different quarantine conditions were so chaotic.
— We have identified several schemes. In principle, their essence has not changed, only the new content associated with the coronavirus. For example, there is selling fake digital badges on websites, in Telegram channels and groups in social networks.
In addition, we have identified a fraudulent scheme relating to payments and refunds of money on behalf of non-existent organizations. This, in my opinion, the most immoral criminals, because first and foremost they attack the most vulnerable segments of the population — pensioners, large families, families with young children, which, of course, in times of crisis, hearing about support from the state, are trying to find information and are, unfortunately, in the wrong hands.
Every month hundreds of these resources have appeared in the period of the pandemic, their number significantly increased. For the first quarter of this year, our response Center CERT-GIB has blocked 4790 phishing resources, for comparison only for the entire 2018 was about 4400 resources. Such a sharp increase in the number of locks due not only to the efficiency of detection of criminal schemes, but also change the tactics of fishers, resulting in increased duration of phishing attacks. In previous years the attackers for the most part stopped their campaign after blocking fraudulent web-resources and quickly switched to other brands. Today, they continue creating new pages to replace is locked. If we talk about the goals of the attackers, in the first quarter, the largest number of phishing pages focused on online services (61,35%), postal services (11,88%) and financial institutions (of 8.42%).
In addition, during the first quarter we recorded more than 14 thousand malicious e-mails or links. The vast majority of them — mailing (91%) and contained "on Board" backdoors (they accounted for 26%), viruses-spyware (25%) and banking Trojans (10%). The top 3 most popular with cybercriminals malware in the newsletter included background Pony (14%), bunker RTM (9%) and backdoor Formbook (6%), but the coders compared to the previous year, are rarely used.
As for the calls, they just became many times more. This technology is called vishing — fraudulent phone calls, to which were added new marketing shell: skip, shipping, employment, all that people cared about. During the conversation, the scammers are angling for a credit card, are forced to make a transfer or set a remote access program to steal money.
Characteristic than all this cybercriminal activity period of a pandemic? Such a scale of fraud has never happened before — the first time in history people are at home online.
Obvious consequences of the pandemic is long-term growth of kiberprestupniki. In the period of the pandemic has formed the situation, when people from dysfunctional families find themselves without work and were forced to seek means of earnings. Now history repeats itself 90 years, but she is ten times worse, because a strong increase in the penetration of digital services, the descriptions of the crimes were online. In the period of the next 3-5 years we will see an increase of cybercrime, and is the main long-lasting the conclusion of the pandemic. If now we will not see serious technological shifts, then fundamentally we should understand that in many regions of Russia's difficult economic situation will cause the growth of cybercrime.
— A few days before a digital badge launched on the Moscow portal was attack and on the day of its opening it had slowed its work.
As for the portal "public Services", we are not responsible for their safety at the moment who is responsible for the communications Ministry. But we have seen the emergence of phishing sites, bots that attacked the "public Services" as a DDoS attack (denial of service).
Note that these intruders, in contrast to those who create phishing resources, there are probably professional ethics, I hope so. We have seen in many countries, attacks on medical facilities, in Russia this did not happen. That is, no ads on hackers ' forums, no infections, no attacks of cryptographers. There was some kind of rare for our observations of ethics, as if considering what was happening, it realized that the Russian medical institutions — a matter of life or death for many people.
This, as we have seen in the UK, the US, where it has attacked the websites of the clients construction health facilities, was not. This, of course, my assumption, I wouldn't associate with hackers, but I noticed. In principle, it would be Supermarine.