“On the eve of a grandiose ruse”: Professor Zhdanov explained the main threats in cyberspace

– Yuriy Nikolaevich, what cyber threats are emerging now and where do they come from?

– How can one not recall the colorful figure of Popandopulo from “The Wedding in Malinovka” and his famous phrase – “we are on the eve of a grandiose nix.”

Accelerating digital innovation provides fertile ground for cybercriminals. It really is a matter of woe. For some reason, crooks are the first to use new technologies. This, of course, does not mean that scientific research and technological progress must be stopped. But it is necessary to take it into account.

Of course, financial organizations are often targets of cybercriminals.

According to IBM’s Cost of Data Breach 2023 report, which examines cybercrime in 16 countries, the financial sector ranks second in the global toll from cyber incidents. But the average cost of a cyber attack among financial institutions is the highest compared to other institutions, with organizations incurring losses of almost $5.9 million per incident.

On average, according to the IBM report, the cost of a cyber hack in the world increased by 2.3% and amounted to 4.45 million US dollars. Most importantly, the report highlighted that it took organizations an average of 207 days to identify a breach and another 73 days to contain it. “Only” a little less than a year!

Again, small businesses faced significantly higher data breach costs in 2023 compared to 2022. And – here it is, the direct road to the crisis: due to the high cost of each cyber attack, most organizations (regardless of size), everything has risen sharply, data leakage has led to increased prices for services and products. Naturally, all costs are passed on to consumers.

– Where is the highest cost of damage from a cyber attack?

– In terms of location, the US is the region with the highest average cost of a data breach ($9.48 million), while the UK fell out of the top five most affected regions in 2023 after the average cost fell 16% to 4.21 million US dollars. However, I foresee your skepticism – little consolation…

– What types of cyber attacks are used today?

– Globally, the biggest cyber threat to financial institutions continues to be malware. Thus, in 2023, ransomware made up 63% of attacks, compared to 18% in 2022. This is such dangerous explosive growth.

But there are other types of malware: forklifts, remote control Trojans, spyware, banking Trojans, data erasing malware. True, there are interesting nuances – in 2023, there were changes in the methods of delivering malware. While the number of social engineering attacks has decreased (from 47% to 25%), the number of incidents involving the exploitation of software vulnerabilities has increased significantly. Another type of attack that is becoming increasingly popular is supply chain attacks, where cybercriminals exploit vulnerabilities in an organization’s supply chain to spread malware across multiple businesses.

–Hackers showed themselves with high-profile actions?

– Yes, in 2023 there were several cybercrimes that caused great concern in the world community. Thus, in May last year, the LockBit ransomware group launched an attack on one of the largest banks in Indonesia, BSI. The bank refused to pay the requested $20 million ransom, so the attackers published more than 1.5 TB of the bank’s confidential data online, including the personal and financial information of approximately 15 million customers and employees.

In another example, exploiting vulnerabilities in the technology stack of the US unit of the Industrial and Commercial Bank of China (ICBC) allowed criminals to launch a ransomware attack that temporarily disrupted trading of US Treasuries in November 2023. ICBC ended up paying the ransom to regain access to the full technology stack.

In the first half of 2023, a group of cybercriminals also actively exploited a zero-day vulnerability in the secure data transfer application MOVEit Transfer. As a result, several organizations using this application suffered from a data breach and a new update was released in June 2023.

Again, in the spring of 2023, application security company Checkmarx identified a series of attacks on open source software specifically targeting the banking sector. Using advanced techniques and deceptive tactics, cybercriminals used legitimate services to deliver open-source malicious packages. To guard against trouble, Checkmarx issued a warning that industry-wide collaboration is essential to strengthen defenses against these attacks, as current controls and enforcement often fall short of preventing breaches. In general, law-abiding users, regardless of state affiliation, need to unite to counter hackers. This idea is already in the air.

– What is the situation with cybercrime in Russia?

– Not very happy either. As official representative of the Russian Ministry of Internal Affairs Irina Volk reported, summing up the results of 2023, “every third crime was committed using information and telecommunication technologies. In this area, 29.7% more criminal offenses were registered than in January-December last year. There are 21% more such crimes solved than in 2022. Their prevention still remains one of the most important tasks of the internal affairs bodies.”

Moreover, the head of the Department of Security Problems in the Information Sphere of the Office of the Security Council of the Russian Federation, Alexei Petrov, said at InfoForum-2024: “The Internet has turned from a safe environment for the economic development of sovereign countries into an arena of geopolitical confrontation. As a result, in recent years we have seen a change in the nature and scale of information threats. Thus, in 2023 alone, about 200 thousand of the most dangerous computer attacks were committed against the information infrastructure of the Russian Federation.”

– That is, we are no longer talking about “ordinary” criminality, but about sabotage planned by other states?

– It turns out that way. According to Alexey Petrov, such attacks were mainly organized by foreign intelligence services.

The head of the Main Communications Directorate of the Armed Forces of the Russian Federation, Deputy Chief of the General Staff of the Armed Forces of the Russian Federation, Vadim Shamarin, also spoke about this at InfoForum-2024: “In order to achieve information superiority, more than 120 countries of the world have begun to create information weapons capable of disorganizing state military control , demoralize and disorient the population, and create mass panic.”

According to him, the cost of developing information weapons is significantly lower than other types of weapons, the use of which can lead to similar damage.

– Can Russia do anything to counter this?

– Undoubtedly. Vadim Shamarin stated that the funds allocated in recent years for the creation and development of the information security system of the Ministry of Defense have increased the security of the Armed Forces of the Russian Federation: “The security of our automated systems from external and internal threats is increasing, together with leading domestic organizations and enterprises, work continues on the development of The Armed Forces of cloud technologies, secure telecommunication networks and other promising computing systems.”

– Does this mean that a round of confrontation is unfolding in cyberspace?

– But Russia is trying to stop this unwinding.

– How?

– Russia proposed signing the UN Convention “On Combating the Use of Information and Communication Technologies for Criminal Purposes,” which will help create a structure for operational cooperation at the international level and help developing countries combat a new type of threats. Ernest Chernukhin, head of the department of the Department of International Information Security of the Russian Ministry of Foreign Affairs, stated this at InfoForum-2024. According to him, this will be the only document in the world on combating cybercrime, which is being developed at the UN site on the initiative of Russia.

Ernest Chernukhin emphasized: “Our main task is to strengthen and strengthen the capabilities of law enforcement agencies in terms of countering, combating and preventing cybercrime.”

The negotiations are proceeding very difficultly due to opposition from the United States and its satellites. The universalization and codification of the fight against cybercrime frightens our partners, so to speak, since the current situation allows them to manipulate tools to combat crime and not take into account the interests of developing countries. The business lobby is pushing solutions on the world market that suit the United States, but do not take into account the legislation of the countries where these companies are represented.

“It’s difficult for us to work with them because of the narratives of Western partners about their “human rights” and gender component. Those processes that, from the point of view of traditional values, have received return mechanisms, are strongly reflected in the work of the special committee. The West also wants to provide in the agreement all the possibilities for refusing cooperation,” says Ernest Chernukhin.

According to him, even the formation of a special committee was difficult due to the reluctance of a number of countries to vote for a unified approach to combating cybercrime and the creation of common transparent mechanisms. Ernest Chernukhin predicts a difficult vote on this issue due to the fragility of the balance in modern diplomatic relations. Nevertheless, in his opinion, the adoption of the convention will help develop a multipolar world.