Over the first 9 months of 2023, the volume of cyber attacks through compromised employee data increased by 10%

Over nine months, the number of hacker attacks on companies through compromised employee data increased by 10% compared to the same period last year. Such attacks accounted for 80% of all illegal penetrations into infrastructure. Among the latest hacks are attacks on the NSPK website, the Transtelecom provider and telecom operators in Crimea. The increase in information leaks over the year and the use of the same credentials by employees on work and personal resources are having an impact, experts say. They admit that import substitution of foreign solutions has also increased the number of vulnerabilities in the corporate sector.

In October, the IT infrastructure of Russian companies was again subjected to strong cyber attacks, including those that resulted in the hacking of various organizational resources. Thus, on October 30, the website of the National Payment Card System was unavailable as a result of an attack by the hacker group DumpForums, and the infrastructure of the large provider Transtelecom was hit by an encryption virus that same evening. Attackers attacked providers in Crimea, causing digital services in the region to work intermittently.

Data from cybersecurity analysts at Informzashchita, which Kommersant reviewed, indicate that in general, over the nine months of 2023, the volume of cyber attacks based on compromised identification data (employee credentials) on the company amounted to about 80% of the total attacks with an increase of 10% compared to the same period last year. Company experts explain this by a multiple increase in data leaks over the year.

However, the number of successful attacks carried out in this way during the specified period decreased by approximately 15–20% compared to last year, Informzashita estimates. “Companies are reviewing their account security policies not only for privileged employees, but also for ordinary employees. This is especially true for large organizations from the financial sector and retail,” analysts note, adding at the same time that state-owned companies, small and medium-sized enterprises, as well as the industrial sector with a distributed network of branches remain at risk.

In Russia, medium and small businesses now account for about 20% of cyber attacks, estimates Natalya Nazarova, director of the Institute for Entrepreneurship and Economic Development. Industrial software vendor Tsifra believes that the current situation is influencing the growth of companies’ investments in cybersecurity. Rostec did not answer Kommersant.

“There is indeed an increase in attacks on corporate accounts; this year the share of such attacks has increased tenfold since the beginning of the conflict in Ukraine,” says Ashot Oganesyan, founder of the DLBI data leak intelligence service. At the same time, corporate credentials themselves go on sale on shady forums relatively rarely, and hacking is almost always done using user data obtained from other leaks not related to the corporate network, the expert explains.

Often people use the same password on different resources – for example, on a corporate network and on some small forum, says Fedor Dbar, commercial director of Security Code. Such small sites, he clarifies, are regularly hacked, and the data of participants is leaked. “Then the attackers use the accounts to find corporate email and get inside the network,” the expert sums up.

Alexander Vurasko, an expert at the Solar AURA external digital threat monitoring center at Solar Group, connects the increased threat directly with the growth of data leaks: “In 2023, we consistently record eight to nine such events per week.” He also added that in the last month there has been a huge number of incidents related to fake messages being sent to employees in instant messengers, allegedly from their managers through fake accounts.

However, Kommersant’s interlocutor in the IT market believes that the risk of hacking of corporate infrastructure in Russia has increased this year, including due to import substitution: the rapid restructuring of infrastructure and the transition to Russian software have opened up new entry points for attackers.

Tatiana Isakova