Schools are asked not to update – Newspaper Kommersant No. 243 (7444) dated 12/29/2022
[ad_1]
The Ministry of Education sent a letter to subordinate regional educational institutions about the growing danger of cyber attacks. The regulator proposes to refuse updates of foreign software, as well as block foreign traffic and exclude downloading files from foreign resources. The attention of regulators to the educational segment has intensified after the incident with the hacking of the Moscow Electronic School service, experts say. But the proposed measures, in their opinion, will not be very effective.
“Kommersant” got acquainted with the letter of the Ministry of Education dated December 19 to the regional executive authorities in charge of education. The ministry notes that the risk of hacker attacks is growing by introducing malicious code into Russian systems through updating foreign software.
In this regard, it is proposed not to update the software on which regional structures operate, and to conduct a cybersecurity audit, as well as disable unused services and web services, remove foreign built-in applications and traffic counters from sites (ReCAPTCHA, YouTube, Google Analytics, etc.) , embedded video and audio files downloaded from third-party sites, “replacing them with a hyperlink to such resources.” The Ministry of Education also asks to block traffic from the “shadow Internet”, the Tor browser, as well as “coming from IP addresses whose country of origin is the United States” and other unfriendly countries.
The letter says that an analysis of security threats by the Federal Service for Technical and Export Control (FSTEC) showed that hacker groups, including Anonymous, are calling on administrators of state information systems to disclose data about the features of their work so that attackers can gain access. The ministry did not answer “Kommersant”.
At the end of September, hackers attacked the IT infrastructure of the capital’s mayor’s office, which caused the Moscow Electronic School service to work unstably for several days (see Kommersant of September 21). Later, data from the system, 17 million lines with full names, phone numbers, SNILS and dates of birth of MES users, got into the network (see Kommersant of December 13). Kommersant’s interlocutor in the government noted that one of the consequences of the leak could be “targeted attacks on the children of Russian civil servants and businessmen.”
First of all, the appeal of the Ministry of Education was sent to the regions not to strengthen the protection of networks, but to implement the recommendations of the FSTEC, Dmitry Galushko, CEO of Ordercom, believes: “After the high-profile incident with the MES leak, supervisory authorities paid attention to the security of IT systems in the field of primary and secondary education “. But the appeal of the department will not have a noticeable effect on cybersecurity itself in the regions, he is sure.
In general, hacker activity in Russia increased after the outbreak of hostilities in Ukraine. Back in the spring, the government instructed state sites and services to switch to using DNS servers (domain name system – a domain name system that provides a link between a site address and its IP) in the Russian Federation, remove downloads from foreign sites (banners, counters, etc.) (see . “Kommersant” dated March 6). But even six months after the order to remove codes downloaded from abroad, state sites continued to use them (see Kommersant of October 28).
The most useful advice from the list of the Ministry of Education is a cybersecurity audit, says Denis Sivtsov, head of DDoS-Guard protection. The document mentions foreign hacker groups and proposes to block traffic from the US and Europe, but this is not a solution to the problem, the expert explains: firstly, there are hackers in Russia, and secondly, nothing prevents attackers from any countries from organizing an attack from Russian IP -addresses. Meanwhile, he clarifies, restricting access based on geographic characteristics can lead to the loss of legitimate traffic if site visitors use a VPN or are abroad.
Experts of Informzaschita agree with this: nothing prevents attackers from renting a Russian IP address, but this can become a problem for real users. “It is strange that the issue of blocking is raised with educational institutions, and not with providers,” adds Mergen Doraev, partner at the EMPP Law Office. Educational institutions, he believes, can purchase new software to replace software that is recognized as unsafe, but “given the existing budgeting system and tender procedures, this will take a very long time.”
[ad_2]
Source link
