– How has the number of fake calls in Russia changed since February 24?
– It shrunk. After it all started, the rate of users receiving fraudulent calls from unknown numbers in Russia dropped to 9% per week. Although it was in December, this figure was around 10-11%.
– What do you think, will there be a return to previous indicators?
– It’s already happening. In May, that figure was already almost 13%.
Maria Namestnikova
Kaspersky Lab
– Do the scammers come back with old schemes like “Hello, I’m a bank employee, transfer all your money to me immediately” or is there something new?
– There are well-tested schematics and they continue to work. And there are new scenarios that are becoming relevant in the new environment. For example, stories began to emerge about fake compensation payments from the Social Insurance Fund, new plans from fake bank employees, and alleged calls from military registration and enlistment offices.
– Wait a minute, where is the enlistment office?
– They call themselves parents, introduce themselves as military commissars and blackmail them: “Pay this much money, or you know where your son will be drafted tomorrow and sent to the army.”
– You said that fake bank employees also have new leverage. Give examples?
– We have seen new plans of such scammers regarding the departure of Russian banks from the SWIFT system. They call and say: “Our bank will be leaving SWIFT soon, transfer your currency savings to a secure account immediately.”
There is little logic here, but the attackers are betting on people’s ignorance of the SWIFT functions. And if they do, apparently, they find such people.
– Since we have touched on the subject of SWIFT, I cannot help but ask how the attackers themselves withdraw money from the country?
– No problems. The attackers were always in the black zone and used various workarounds. Now, practically nothing has changed for them: they both used and still use cryptocurrencies.
– I accidentally heard from colleagues that it is better not to make fun of intruders on the phone. For example, there were cases when fraudulent employees of banks, with a sharp tongue, actually threatened the victim with violence: he gave the address of residence, workplace, etc. It’s possible? This is true?
– It’s possible. However, we do not record such behavior of intruders in bulk. Let me remind you that their main purpose is not to intimidate but to attract money.
– Do you think it is worth spending time with scammers: talking, making fun of them?
“Of course not. I can’t stop anyone, but I’ll warn you that this is just a waste of time.
We recommend that the average user hang up immediately and, if in doubt, call the bank himself, using the phone number on the bank card or on the official website, not the number the potential scammer called.
– What other new mobile threats can you note that emerged after February 24?
– New threats have emerged around app stores and stores. Popular apps disappeared from Google Play and App Store. However, users are not always aware of this. They still go to the store, for example, drive on behalf of games, but instead of official application they end up with counterfeit products that can be malicious.
– Are there examples?
I can give an example from my personal experience. A game my kids loved so much has been removed from Google Play. One of them had a smartphone. Tried to download the game from the store. How? Search, problem, list of similar apps. But all or almost all of the output consisted of very dubious programs using the name of this or that game.
We found a way to install it differently. But that’s us: we’re focused and understand what we’re up against. And if there is an ordinary user in our place? It seems to me that in many such cases problems are inevitable.
– Now it turns out that downloading apps, even from stores, is dangerous?
– In official stores, of course, it is much safer than downloading applications from other sources. Pre-checking reduces the risk of encountering malicious applications there. But now they are not the problem. The most important of these are phishing applications.
After February 24, dozens or even hundreds of applications appeared on the Russian Google Play promising all kinds of compensation, social benefits and child benefits. So the internet used to be full of such sites, but now they are multiplying as applications on Google Play.
Also, the functionality of the apps is nonsense. You are setting them up. Icons appear on the desktop. If you click on them, a browser window will open with a phishing site where they promise “millions of money”. Just to get them you need to pay a commission of 300 rubles.
– How do you interpret the reason for the emergence of such practices?
– In my opinion, this is an attempt by scammers to test the strength of moderation in the Russian Google Play. It should be noted that the moment was chosen well, because in Russia Google is now in limbo. However, this is just speculation, I have no proof.
– Could this be the result of the activities of Ukraine’s so-called cyber army and their hacktivists?
– Not. We are talking about fraud in its purest form. And hacktivists are all about cyber vandalism.
I wouldn’t be surprised if this is just a coincidence. They decided to work on a new scheme and once it worked. And if it worked, the scammers will not “rust” – they quickly duplicate their work plans.
– Is there such a problem in the App Store?
– If it exists, then it appears very rarely, we do not see it. With the App Store, in principle, this is extremely difficult, if not impossible – Apple has a ruthless scrutiny.
Recently, there was a case when an unofficial application for a bank appeared in the App Store. But this case is one. And then, most likely, it was the result of a mistake made by a certain moderator.
Additionally, the developer of the clone app quickly contacted and publicly explained their purpose.
– Any changes in the hardcore cybercriminal community, hacker community? Have hackers increasingly used smartphones as entry points into corporate infrastructures? Or is it more like spy movie fiction?
– No, the use of smartphones to pierce the environment is no longer science fiction or fiction. Over the last few years we’ve seen attackers start using Android in scripts one after another. That is, hackers, who previously had all the “master keys” configured only for Windows, suddenly began to dominate the mobile operating system.
However, it should be noted here that since there is an ART group behind every case, there are not and cannot be detailed statistics on this subject. [advanced persistent threat, термин в кибербезопасности, обозначающий противника, который представляет высокий уровень угрозы]. And every event involving ART is unique.
– Still, hackers are trying to hack smartphones not just for money, but espionage, compromising corporate infrastructures, etc. Is it possible to talk about a trend that it attacks for purposes as well?
– There is a trend – 100%. There are more and more such hacker groups. They all migrate there gradually.
– Why do you think?
– I can attribute this to the fact that a lot of people have started working remotely over the past few years. Some even work only from a smartphone. Smartphones are a less secure segment for hackers. If our corporate computers are monitored by the information security service, this application is not yet widely used on smart phones.
For intruders, the route through the smartphone is easier and therefore more attractive. Therefore, they change their code base so that smartphones can also access company networks.
– How does it work? Are there any popular scenarios?
– Everything is always different, especially if we talk about spying and targeted attacks, given the fact that ART groups are often involved in hacking smartphones. However, in most cases the goal is the same – to use a smartphone to access the corporate network.
The logic is this: if you have access to the company’s infrastructure from your smartphone, you have credits there: login and password. Therefore, they must be stolen.
– Has the number of hacker attacks on Russian smartphones increased after February 24: so with viruses, espionage and other features of an action movie?
– I cannot answer this question. But I will say this: acts of cyber vandalism have become more frequent. Viper blockers have appeared – malicious programs that block access to the device or delete all files on the device, or both.
You downloaded a file or application, opened it and that’s it. Data is being cleared or the screen is locked. At the same time, no ransom or anything else is demanded from you. Just vandalism, a manifesto…
This is similar to the situation before the era of cybercrime in the late nineties and early zero. Why don’t hackers shut down all the computers in the world when they sit down and think? Not for a cause… But just because they can.
Source: Gazeta
