Search This Blog

Showing posts with label Moscow. Show all posts

Moscow Exchange Downed by Cyber-Attack


On Monday morning, the website for the Moscow Stock Exchange went down, becoming inaccessible. 
The Ukraine crowdsourced community of hackers operated by the Kyiv officials took responsibility for the outage in a message posted to Telegram while claiming the responsibility behind the attack.  

According to the officials early on Monday, the Kyiv officials called on its IT army members to launch attacks on the website. Following the attack, on Telegram, the IT Army claimed that it took only five minutes to knock the site down. However, as of now, its claims could not be verified. 

NetBlocks, a global internet connectivity tracking company reported that the site went offline on early Monday. However, the root cause behind the incident is still unknown. Mykhailo Fedorov, Ukraine’s deputy prime minister made a formal public statement on the incident and celebrated the formation of the IT army on Facebook. “The mission has been accomplished! Thank you!” the statement read. 

Also, last week Mykhailo Fedorov announced the formation of the IT Army and listed names of prominent Russian websites that the state-sponsored hackers could look to attack. 

In the middle of Monday afternoon, Sberbank, Russia’s largest lender website also went offline. The outage was reported by NetBlocks and celebrated by Fedorov, who declared: “Sberbank fell!” on social media. 

Further, Bloomberg reports that depositary receipts for Sberbank of Russia PJSC sank as much as 77%, while Gazprom PJSC dropped by 62%. 

Following the ongoing Russian war in Ukraine, the cyber threat Intelligence in their latest reports explained threats on cyberspace while saying that the outcome of this will affect every nation in the coming days, not just Ukraine. For now, the current situation changes the cybersecurity picture and worries the nations with the latest developments in cyberspace. 

Ultimately, critical infrastructures like power, banking, military infrastructures, and telecom are being targeted by the state actors, and the assets of several countries are increasingly coming under its grip. The US and UK have already issued warnings of potential cyber-attacks coming in the backdrop of the Russian military invasion in Ukraine.

Bloomberg spoke about the “laundering” companies for cybercriminals in the Moscow City Tower

At least four companies suspected of money laundering and allegedly linked to ransomware hackers are based in the 97-storey Tower East of the Federation Complex in the Moscow City Business Center.

According to the agency, we are talking about the companies Suex OTC, EggChange, CashBank and

Suex OTC is under US sanctions for helping cyber extortionists launder money. According to the research company Chainalysis, since 2018 Suex has processed at least $160 million in bitcoins from illegal and high-risk sources.

The largest shareholder of Suex at the time of the sanctions, Egor Petukhovsky, denied the involvement of his business in money laundering by hackers in October and announced that he would defend his position in an American court.

According to three Bloomberg sources, the US and Europe are also investigating EggChange on charges of money laundering. The world's largest cryptocurrency trading platform Binance said it also noticed “illegal flows” of funds going through EggChange and CashBank.

Chainalysis claims that the company, whose headquarters are also located in the Tower Federation-East, processed hundreds of thousands of dollars of funds from ransomware and other illegal operators, including Russia's largest darknet drug market Hydra.

Bloomberg writes that at least 50 companies converting cryptocurrency into cash are registered in Moscow City Tower. Cybersecurity and cryptocurrency experts consider Moscow City Tower to be one of the most influential points in the world of cryptocurrency cashing. Experts added that such operations are not illegal, but without serious supervision, such a business can help hackers to cash out criminal proceeds.

Stanislav Bibik, a partner at Colliers, explained the large concentration of cryptocurrency firms in the Tower Federation-East by the fact that this address is trustworthy. “Working there gives the tenant a high status and indicates that he has a solid business,” Bibik said.

Hackers put up a database of drivers in Moscow for sale

 The attackers put up for sale a database of drivers in Moscow and the Moscow region on the darknet. The database worth $800 contains 50 million lines with the data of drivers registered in the capital and Moscow region from 2006 to 2019. It was put up for sale on October 19, 2019. Information from 2020 is offered as a bonus for purchase.

The buyer can get the name, date of birth, phone number, VIN code, and car number of the car owner from the database, as well as find out the make of the car, model, and year of registration.

According to the seller, the information was obtained from an insider in the traffic police. Alexei Parfentiev, head of the Serchinform analytics department, also calls the insider's actions the reason for the leak. “It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection from external attacks, are extremely strict,” he said.

However, Andrey Arsentiev, head of analytics and special projects at InfoWatch, noted that the database could have been obtained not through the actions of an insider, but as a result of external influence, for example, through vulnerabilities in system software.

The forum where the database archive was put up for sale specializes in selling databases and organizing information leaks. The main buyers of personal data are businessmen and fraudsters. For example, companies can organize spam mailings or obtain information about competitors, and attackers can use personal data for phishing.

This is not the first time that traffic police databases have been put up for sale. For example, in August 2020, an announcement appeared on one of the hacker forums about the sale of a database with personal data of drivers from Moscow and the region, relevant to December 2019.

“This is not a single leak. This is a systematic (monthly) drain,” said Ashot Oganesyan, founder of DeviceLock.

The number of DDoS attacks on Russian companies has increased 2.5 times since the beginning of the year

The press service of Rostelecom reported that the number of DDoS attacks on Russian companies in the three quarters of 2021 increased 2.5 times compared to the same period last year.

According to the report, “the main targets of the attackers were financial organizations, the public sector, as well as the sphere of online commerce. The number of DDoS attacks on data centers and gaming, which were the focus of hackers a year ago, has decreased”.

The largest number of attacks occurred in Moscow, their share was 60% of the total number of incidents, the shares of other regions did not exceed 7%.

The company added that the number of DDoS attacks on banks increased by 3.5 times, almost 90% of them occurred in September.

The number of DDoS attacks in the online trading segment increased by 20%. The number of DDoS attacks on the public sector also doubled in August and September compared to the same period in 2020.

“Every year, the power and complexity of DDoS attacks increases. This is due to the active use of larger-scale botnets by hackers. They consist of a variety of devices, and more and more vulnerabilities are used to hack them,” said Timur Ibragimov, head of the Anti-DDoS and WAF platform of Solar MSS cybersecurity services at Rostelecom-Solar.

According to him, in particular, in September, the attackers organized the largest DDoS attack using the Meris botnet, the estimated scale of which is 200 thousand devices. “Such attacks are already directed at well-protected organizations and companies whose resources can only be disabled by a very powerful DDoS. For example, it can be banks, large industrial or energy enterprises, etc.,” he added.

It is worth noting that, according to Atlas VPN, the number of DDoS attacks worldwide in the first half of the year increased by 11%, reaching 5.4 million. Thus, the number of attacks in the first half of the year turned out to be a record.

Experts reported a possible data leak from the Mosgortrans website

According to their data, more than 1,000 phone numbers with names and more than 30,000 email addresses could have been leaked into the network.

Files containing names, email addresses, phone numbers, as well as usernames and passwords of the Mosgortrans (a state-owned company operating bus and electrical bus networks in Moscow and Moscow region) website users were publicly available. In total, the hacker posted about 1.1 thousand phone numbers and 31 thousand email addresses on the Internet.

The fact that the data appeared on the Network was reported by the Telegram channel “Information Leaks” on Thursday, October 14.

A representative of Kaspersky Lab confirmed that the company's employees found a message on one of the forums about a data leak, which presumably relates to the Mosgortrans website.

“According to a post on the forum, among the leaked data there are a number of configuration files: group, hosts, motd, my.cnf, networks, passwd, protocols, services, sshd_config, as well as files containing presumably user data: mails.txt , mostrans_admins.txt , Names.txt , phones.txt ", reported in the company.

Alexander Dvoryansky, Communications Director of Infosecurity, said that the company has not yet been able to confirm the authenticity of the database. But if the database is still real, the attackers can use the received data for phishing and targeted advertising.

It is noted that there is no possibility to create a personal account on the Mosgortrans website, where users could specify personal data, but there is a feedback form.

The company itself denies the fact of data leakage. “The published documents contain the standard contact information of employees, which is available in any bus depot, branch and office. In fact, this is a phone book, and most of the information is outdated. There was no hacking of the website and the internal database, this was already checked by our IT -specialists“, said the representative of the company.

Moscow has completed a large-scale study on the security of 5G

The press service of the Moscow Department of Information Technologies informs that the specialists of the Scientific-Research Institute of Metallurgical Heat Engineering (VNIIMT) completed research work on the security of mobile communications of all standards, including 5G.

Scientists have determined that the levels of the electromagnetic field created by mobile communication base stations of all standards, including the fifth generation, are safe for human health. 

For a year and a half, specialists conducted street measurements of electromagnetic field levels day and night in six residential districts of the capital, where 2G-4G communication standards are presented, as well as 5G in pilot zones. Laboratory measurements were carried out in full compliance with Russian and international standards and methods.

Scientists have determined the safe level of the electromagnetic field in the prospective use of 5G standard base stations, including in millimeter frequencies such as 28 GHz and 37 GHz. In addition, the staff also analyzed the international practice of applying sanitary norms, safety standards, and recommendations.

"Like many progressive cities, Moscow strives to develop a modern communication infrastructure. At the same time, the well-being of the residents of the capital remains a priority for us. On the eve of the commercial introduction of fifth-generation networks, we wanted to get scientifically based data and be sure that 5G is safe," said Alexander Gorbatko, deputy head of the Information Technology Department. 

He added that in February 2019, the department initiated fundamental research work, which gave a final answer to the question of the security of 5G networks. 

"As for the current sanitary norm in Russia of 10 µW/cm2, which is one of the strictest in Europe: measurements and laboratory studies have shown that even with its increase, the level of the electromagnetic field will still remain at a safe level for humans," said Sergey Perov, the Doctor of Biological Sciences, head of the Laboratory of electromagnetic fields of the VNIIMT.

The results of the study were sent to the Ministry of Health of the Russian Federation and to the Federal Service for Surveillance on Consumer Rights Protection and Human Wellbeing (Rospotrebnadzor) for final decisions.

It is worth noting that in Russia, investments for the development of 5G in 2021-2027 may amount to about 1 trillion rubles ($13.6 million).

5G is the fifth generation of mobile communications, operating on the basis of telecommunications standards following the existing 4G standards. Now the fifth-generation networks are already deployed in South Korea, China, the United States, and a number of European countries.

Experts found a vulnerability in the application of the Moscow State Services

Specialists of the company Postuf reported a vulnerability in the application of the Moscow State Services, with which it was possible to gain access to the account, knowing only the user's mobile number.

This made it possible to get all the information that the user specified on the site: full name, e-mail, year of birth, medical insurance number, list of movable and immovable property, information about the foreign passport, about children, students in schools, etc. Knowing the number of the medical insurance number and the year of birth, it was possible to get access to medical information: which doctors a person visits, what prescriptions are written to him, the history of attachment to clinics, etc.

"The vulnerability made it possible not just to view, but also to change the data", said the founder of the company Postuf Bekhan Gendargenoevsky.

The expert notes that it is impossible to cause serious harm by knowing the data from the portal, but personal data can be used by hackers for phishing attacks.

"It is impossible to steal money directly [with such information], although hackers can use their knowledge in social engineering and try to steal bank card data from a person," said the computer security specialist.

He also noted that since the system has no restrictions on the number of requests for access to accounts, requesting the so-called beautiful numbers, it was possible to get information "about a number of well-known personalities who, as a rule, have such numbers."

A representative of the Moscow Department of Information Technology did not confirm the information about the vulnerability, stressing that authorization in the Moscow State Services mobile application without specifying a password is impossible.

State Services is a federal state information system. It provides individuals and legal entities with access to information about state and municipal institutions and organizations, and the services they provide in electronic form.

Facial recognition payments(Face ID) to be introduced in Moscow metro in 2021

Deputy Mayor for Transport Maxim Liksutov said that paying for public transport in Moscow using facial recognition technology (Face ID) will be available next year.

All turnstiles in the Moscow metro already have cameras that recognize faces. If a passenger has linked biometric data to their Bank card, the turnstiles will open automatically in front of them. The reading speed should be no more than a second in order to avoid crowding. The system will be able to recognize faces even in masks. Mr. Liksutov clarified that the personal data of passengers will be stored in banks. The metro will provide only infrastructure.

Banks have been actively collecting customer biometric data for several years. Thanks to this, many operations can be safely performed online. However, there are certain risks. It is unclear how this data will be protected.

In addition, there is a risk of incorrect identifications. And if the system recognizes another person instead of one person and the money is debited from the wrong passenger, it is unclear how this will be formalized legally. There is no legal basis for such a case.

Last fall, the capital of Kazakhstan, Nur-Sultan, tested a similar fare payment mechanism, but in buses. Passengers sent their photos to a special telegram bot, and then linked the image to a Bank card account. At the entrance to the bus, the passengers' faces were captured by cameras. The fare was automatically debited from Bank cards. The test showed good results, the project is going to be launched in two more cities.

Criminals sending malicious emails claiming to be from the rector of Moscow State University

A malicious program that steals passwords was sent out in mid-September by scammers in letters claiming to be from the rector of Moscow State University. The recipients were financial, industrial, and government organizations in Russia.

The mailing, as noted in the company Group-IB, was held in the period from 9 to 16 September.

"In the letter, the attackers, on behalf of rector Viktor Sadovnichy, ask recipients to read the attached document “ A description of the budget for 2020” and promptly send their commercial offer,” reported the company's press service.

The texts of the letters are illiterate and contain stylistic errors. In addition, the order of words and sentences indicates that fraudsters use an automatic translation program. The authors of the letter were too lazy to change or check all the links in the template before sending them out. Probably, similar attacks have already been carried out on behalf of other universities, most likely foreign ones.

The addresses of Moscow State University were indicated as the sender in the letters. In fact, the correspondence was sent from the hacked mail server of the Hotel Alfonso V in the Portuguese city of Aveiro. The hotel has already been notified of the break-in.

All the scammers’ emails contained an archive called "Request for a commercial offer" with an executable .exe file inside. After it was launched, a malicious program was installed on the user's device that could steal usernames and passwords.

"In the future, hackers can use them to gain access to email accounts or crypto wallets, for financial fraud, espionage, or sell stolen data on hacker forums,” said Group — IB.

According to Vasily Kuzmin, Deputy head of the information technology department of Moscow State University, neither the rector nor the University administration ever send letters with such content.

Personal data of one million Moscow car owners were put up for sale on the Internet

On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, his phone number and date of birth, registration region, VIN-code, series and number of the registration certificate and passport numbers of the vehicle.

This is not the first time a car owner database has been leaked.  In the Darknet, you can find similar databases with information for 2017 and 2018 on specialized forums and online exchanges.
DeviceLock founder Ashot Hovhannisyan suggests that this time the base is being sold by an insider in a major insurance company or union.

According to Pavel Myasoedov, partner and Director of the Intellectual Reserve company, one line in a similar archive is sold at a price of 6-300 rubles ($4), depending on the amount of data contained.
The entire leak can cost about 1 bitcoin ($11.1 thousand).Information security experts believe that the base could be of interest to car theft and social engineering scammers.

According to Alexey Kubarev, DLP Solar Dozor development Manager, knowing the VIN number allows hackers to get information about the alarm system installed on the car, and the owner's data helps to determine the parking place: "There may be various types of fraud involving the accident, the payment of fines, with the registration of fake license plates on the vehicle, fake rights to cars, and so on."

Against the background of frequent scandals with large-scale leaks of citizens data, the State Duma of the Russian Federation has already thought about tightening responsibility for the dissemination of such information. "Leaks from the Ministry of Internal Affairs occur regularly. This indicates, on the one hand, a low degree of information security, and on the other — a high level of corruption,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy.

Moscow is turning into a "digital concentration camp", say locals

The Moscow authorities refused to issue 900 thousand digital passes per day due to incorrect information submitted by the applicants. Those who try to get a pass using incorrect information will face punishment, warned the head of the Department of information technology, Eduard Lysenko.
It should be noted that walking, according to the authorities, will still be possible without a QR code from the city hall, but no further than 100 meters from the house. And the police, by the way, has already begun to issue fines to everyone who was caught further than 100 meters from the place of residence.

Experts believe that the coronavirus will pass sooner or later, but the amendment introduced on March 31 to the Moscow Code of Administrative Offenses, which allows to fine with CCTV and geolocation, will remain. This is a fundamentally new norm, which allows to fine residents of Moscow on the basis of only video recording from cameras in almost automatic mode, similar to how fines are now issued to drivers.

In fact, the city authorities began to monitor residents of Moscow a long time ago, but until now they have not dared to use this system openly.

It is worth noting that the Chairman of the Moscow City Court Olga Egorova recently misspoke: "People do not know, but the courts already have a system for recognizing citizens. When the courts heard cases on the rallies last year, six people who were wanted were detained in the courthouse. They came just to listen and support the defendants, and the police detained them."
In other words, the system of electronic tracking of people has already been established and tested.

This system is being introduced into mass use in Moscow right now. And the epidemic is a good reason for such actions.

It is worth adding that in the Russian pharmacies it is still impossible to buy masks and sanitizers, even ordinary paracetamol was not easy to find. Remedies are not enough to even for doctors.
It is interesting to note, according to Russian scientist Olga Chetverikova, the danger of digitalization is that society turns into a totalitarian sect. And the most effective way to manage people is to provoke a sense of fear. In a state of depression, despair and hopelessness, a person is ready to accept any apocalyptic scenario. For example, the "digitization of schools" is designed to create human robots that will be controlled by the world's non-digital elite.

Earlier, E Hacking News reported that on the eve of the city hall website was subject to hacker attacks.

Dozens of cyberattacks on the website of the Mayor of Moscow have been recorded since the beginning of February

Group-IB specialists recorded several DDoS attacks on Moscow electronic services, including the portal. This was announced by the CEO of the company Ilya Sachkov.

As the head of the Moscow Government’s IT department, Eduard Lysenko, reported, the site experienced as many attacks in three hours as it has not experienced in the last two quarters.
At the moment, the cyber defense company Group-IB is figuring out who needed to carry out massive attacks on government resources and is looking for perpetrators.

"The investigation has begun, our task is to understand the reasons for cyberattacks and find the perpetrators. At the moment, we can not provide details, this will interfere with the tasks of investigators", said the head of Group-IB, Ilya Sachkov.

According to him, the huge load on the website it also caused many requests for passes from citizens. In addition, the interruptions were affected by the interest of Moscow residents, as there were numerous attempts by users to go to the portal just to explore and understand how it works.

At the same time, Sachkov added, it is possible to ensure stable operation of, even despite increased loads. “The portal experiences problems that are standard when launching large-scale services of this kind. Such services are tested for fault tolerance, security, and implementation quality in order to ensure stability and continuity of service.”

Recall that from March 30, Moscow introduced a regime of complete self-isolation. Residents of Moscow are allowed to leave the apartment only as a last resort. Starting April 15, they will need to have a special pass to travel around the city by public or private transport. Such measures are designed to stop the spread of coronavirus infection.

Earlier, E Hacking News reported that hackers hacked the digital Pass System of Moscow residents.

Attackers Hacked the Digital Pass System of Moscow residents

Moscow's residents are warned about scammers who offer to issue digital passes for moving around the city on social networks

Recall that on last week Moscow Mayor Sergei Sobyanin and Moscow Region Governor Andrei Vorobyov signed a decree according to which special digital passes are introduced for trips in Moscow and the Moscow Region on personal and public transport. Quarantine residents of Moscow will need to receive a QR code on the City Hall website for each exit from their homes. QR codes can begin to be issued on Monday, April 13, 2020.

A bot appeared in Telegram that offers citizens to get a digital pass through the messenger. It asks for the phone number and personal data of the citizen, including passport. Also, hackers offer to issue a pass on social networks.

Moreover, Telegram channel 4chan posted information that while the QR code issuing system was in beta testing, unknown hackers managed to hack it.

"The program for generating QR codes for quarantine from the Moscow government has not yet left the beta test, but it has already been hacked and generated universal promotional codes that will allow you to go around Moscow unlimited," the channel authors write.

The author of the microblog @A_Kapustin in the social network Twitter managed to post several electronic passes. Some of them, according to the user, allows you to walk within a kilometer from home, and others give the owner the opportunity to freely walk around Moscow. Some QR codes are already blocked, according to the author, but new generations appear in the network.

At the same time, scammers became active in another segment. Russians began to receive SMS messages notifying them of violations of their self-isolation regime and demanding to pay a fine for these offenses.

Experts believe that the situation is complicated, because the Russians do not have time to follow the rules that the authorities of a particular region introduce, which means they are afraid to make something wrong. This is used by scammers, organizing entire schemes using SMS, social networks and messengers. The goal is to get access to data for emptying Bank cards.