Changing landscape of information security threats in Russia

Currently, cyber threats are becoming more common in Russia and around the world. Every year the level of threats increases, and this trend will obviously continue in the near future. This is due to the increase in the number of people who use the Internet and digital technologies, as well as the increase in the number of devices connected to the Internet.

Among the main cyber threats that may be important for Russia, one can single out espionage, cyber terrorism, fraud, cyber attacks on government and commercial organizations, as well as on CII objects, such as energy systems, transport networks, etc. Below, in Figure 1 clearly shows the distribution of threats in a number of Russian companies, from statistics for the 3rd and 4th quarters of 2022.

Figure 1 - Distribution of incidents with different levels of criticality by category — Figure 1 – Distribution of incidents with different levels of criticality by category

One of the factors that may contribute to the increase in cyber threats in Russia is the low level of cyber security in organizations and users, including their low cyber literacy. Often people use weak passwords or do not update software, which can lead to a cybercriminal gaining access to systems, including through software vulnerabilities. In addition, some companies and government organizations may not be investing enough resources in cybersecurity and this is a big problem, because of which it becomes a matter of time for them to be hacked. Figure 2 provides information on the distribution of incidents with a high proportion of criticality, from statistics for the 3rd and 4th quarters of 2022.

Figure 2 - Distribution of incidents with a high degree of criticality — Figure 2 – Distribution of incidents with a high degree of criticality

While malware remains the most important tool for cybercriminals, the wave of phishing attacks that occurred in Q3 subsided by Q4. This may indicate unsuccessful attempts by attackers to use social engineering and may be due to more efficient operation of antivirus software and, possibly, increased awareness of company employees on cybersecurity issues, but it is still at a rather low level.

Mass attacks by hacktivists that were noticeable last year are gradually fading, which also affects the decrease in the number of incidents related to malware. The attackers may still be interested in Russia, but their attacks have become more targeted and deliberate, aimed at stealing customer data and compromising it.

Hackers began exploiting vulnerabilities more frequently in Q4, possibly due to the ineffectiveness of phishing. However, the number of critical incidents of this type has decreased by 80%, which may be due to the fact that companies have switched to domestic solutions and began to work regularly to identify and close vulnerabilities.

Web attacks returned to the top by the end of the year. Although they were leaders in Q1 and Q2, their share dropped sharply in Q3. However, in Q4 we saw the return of the web hacking trend, which manifested itself in attempts to hack sites and gain access to confidential customer and employee data. Last year, all recorded attempts had a high degree of criticality. This may indicate that the hackers were better prepared for the “hot” season and planned their actions more thoughtfully.

Recently, the government has been actively working to strengthen the country’s cybersecurity, including through the development and implementation of new laws and standards. In 2020, a new Information Security Doctrinewhich sets priorities in this area.

When studying the opinions of many experts in the field of information security, we come to the conclusion that the forecast for the spread of cyber threats in Russia is currently ambiguous, since attack vectors are constantly changing based on the geopolitical situation in the world, but, taking into account the increase in the number of devices connected access to the Internet, and an increase in the number of people using digital technologies, the likelihood of cyber threats will increase. It should be noted that the improvement of cyber security in Russia and the development of new technologies such as artificial intelligence and blockchain can significantly increase the level of protection against cyber threats.

In addition, there are new methods for combating cyber threats, such as using machine learning and big data analysis to prevent and detect attacks. These techniques can help organizations and governments deal with cyber threats more effectively.

Thus, the forecast for the spread of cyber threats in Russia will depend on several factors, including the level of cybersecurity, the level of development of digital technologies, as well as the protection methods used by organizations and government agencies. In general, it can be assumed that the level of cyber threats in Russia will continue to increase in the near future, but with the development of new methods of combating them, it may be possible to achieve a greater degree of security.

For example, The Russian Foreign Ministry recorded in 2020, more than 1 billion cyber attacks on digital objects.

It should be noted that at present, Russian organizations have begun to actively introduce new technologies, such as blockchain and artificial intelligence, into cybersecurity. The volume of the Russian market of products and services designed to ensure information security (IS) in 2021 amounted to slightly more than 24 billion rubles. This is about 1 billion rubles more than a year ago, but still corresponds to only 1% in the total global spending on information security solutions. This is evidenced by the data of J’son & Partners Consulting analysts published in January 2022.

The study notes that sales of cybersecurity technologies in the Russian Federation are growing more slowly than in the world as a whole, which experts explain by two main facts:

· extremely small size of dynamically growing cloud segment (SECaaS, security as a service);

· Dynamics close to stagnation in the segment of hardware and software systems.

Thus, although the level of cyber threats in Russia remains high, there are real opportunities for improving the situation in the future through the active work of organizations and government structures, as well as through the introduction of new technologies and methods to combat cyber threats.

In my estimation, the level of cyber threats in Russia will continue to grow in the coming years, as many organizations do not yet have a sufficient level of cyber security and are not ready to counter new threats. You can find more news in my profile IB telegram channel: https://t.me/belyaevsec