not during the day
Kaspersky Lab told socialbites.ca that in Russia in recent months there has been a significant increase in the number of cyber incidents related to complex attacks on Russian businesses. Their numbers in the first three months of 2022 quadrupled compared to the same period in 2021. Complex attacks within the company are events that are carried out under the control of experienced cybercriminals and are not limited to the spread of malware. [вредоносного программного обеспечения — прим.ред.].
Intruders try to gain a foothold in the corporate environment and remain undetected for a long time, gaining full control over infrastructure systems. They adapt attacks at every stage to bypass traditional defenses, trying to exploit vulnerabilities and all possible entry points into infrastructure. As a result of such cyber events, important workflows can be disrupted, money or data stolen,” explains Alexander Gostev, chief technology officer at Kaspersky Lab.
The increase in the number of attacks on Russian business was also noted by Oleg Skulkin, head of the Group-IB digital forensics laboratory. According to him, the increase in the number of events observed by him and his colleagues has increased at least threefold from year to year. Positive Technologies noted that the peak of hacker activity in Russia occurred precisely at the end of the first quarter, namely in the last few weeks.
“We are seeing an increase in malicious attacks, including increased effectiveness of groups performing complex targeted attacks,” said Ekaterina Kilyusheva, head of the Positive Technologies information security analytics group.
In turn, the head of the Zecurion analytical center, Vladimir Ulyanov, noted an increase in the number of attacks not only external, but also internal.
“In some cases, external aggressors team up with accomplices within companies or use the negligence of company employees to carry out their attacks,” he said.
The main reason for the increase in the number of incidents in Kaspersky Lab is considered to be the ever-increasing attack area due to the incorporation of new components into the enterprise’s IT infrastructure. With the expansion of the infrastructure, the number of potential entrances for intruders is also increasing. The latter willingly takes advantage of this tendency. In addition, the cybercriminals themselves are constantly evolving, which complicates the so-called cyber threat landscape.
The company believes that the suspension of activities in Russia by a number of foreign suppliers of corporate information security tools also played a role. In March, brands such as Acronis, ESET, Avast, Symantec, Palo Alto and many more made relevant announcements. There are dozens in total.
“Some foreign information security providers have completely stopped the operation of their products. Many have unlicensed and unsubscribed their solutions. Detection updates for logic databases have stopped working on these databases, in whole or in part. Without updating such databases, the quality of threat detection deteriorates pretty quickly,” Gostev explained.
Ekaterina Kilyusheva of Positive Technologies also noted that due to the suspension of some vendors, Russian customers have lost the opportunity to receive operational technical support, which is fraught with loss of data, finances and reputation. Detecting and preventing a minor attack requires full control over what happens in the infrastructure, she says. The problems listed above do not allow this to be achieved.
“For enterprise solutions, not only the product itself, software or hardware from the vendor, but also the service is important. Support, help with installation and use, and finally regular updates. Without the support of the developer, a complex product loses its effectiveness, and without updates it can become useless and even harmful, creating a false sense of security,” said Vladimir Ulyanov of Zecurion, supporting his colleagues.
there is a solution
In order to ensure the safety and sustainability of business in the face of increasing cyber risks, experts recommend that companies immediately switch to local alternatives to Western solutions. Kaspersky Lab noted that in this case it is reasonable to use an Extended Detection and Response (XDR) class product. A similar view is shared by Positive Technologies and Group-IB, which have similar solutions in their arsenals.
XDR are universal systems for detecting and responding to sophisticated cyber attacks that allow cybercriminals to control all potential entry points into infrastructure: workplaces and servers, network, mail, Internet, including infiltration using social engineering tools.
In turn, Vladimir Ulyanov noted that XDR is just one of the solutions that will allow Russian companies to strengthen their computer networks. He said that in addition to XDR, companies would also benefit from arming themselves with products such as Data Leakage Prevention (DLP), which helps deal with internal information leaks and compromises.