Phishing activity in Russian and regional domains surged in early 2024
During January and February this year, phishing sites on the domains ending in .ru and .рф reached a total of 5.2 thousand. That figure nearly tripled the count from 2022, which stood at 1.85 thousand. The assessment comes from a report in the newspaper News, focusing on the autonomous non-profit organization ANO Domains Coordination Center.
ANO’s director, Andrey Vorobyov, pointed to a key factor behind the rise. There was widespread confusion about SSL certificates after Western certificate authorities ceased operating in the Russian Federation. This disruption influenced how many organizations issued digital credentials and how quickly some fraudsters could exploit misperceptions about secure connections.
Before February 2022, foreign certificate authorities issued SSL certificates for sites operating in Russia. After February 24, 2022, several well-known providers declined service to entities within the country. The shift created a gap that local certification centers began to fill over the subsequent period, helping to stabilize the landscape, according to Vorobyov.
In a broader view, Vorobyov noted that the cycle of detection and blocking for malicious domains remained a dynamic process. He observed that in a typical window, about 25.5 hours pass from the moment a new malicious domain is identified to the moment it is blocked on Runet, the Russian segment of the Internet. In 2022, authorities and partner organizations blocked roughly 15.3 thousand phishing sites across the Runet. The vast majority of these takedowns affected the .ru domain zone, underscoring how dominant that namespace remains in malicious activity and in the response efforts of the security community. [Source: News] The data illustrates the persistent challenge of protecting users when external certificate ecosystems shift and local providers take on greater responsibility for authentication and trust
Experts emphasize that the consolidation of local certificate centers has helped restore some balance to the market. Strong collaboration between government bodies, service providers, and cyber defense teams is seen as critical to reducing the window of opportunity for phishers. The ongoing work includes improving domain monitoring, speeding up the dissemination of threat intelligence, and refining the workflows used to suspend or block suspicious sites. [Source: News]
Ultimately, the situation highlights how certificate management and timely response play central roles in online security. Stakeholders are encouraged to maintain vigilance in domain registration practices, verify the legitimacy of SSL certificates, and support initiatives that strengthen local certification infrastructure. The goal is to protect users from deceptive sites while maintaining smooth access to legitimate online services. [Source: News]