Search This Blog

Showing posts with label Moscow Cyber Security. Show all posts

Bloomberg spoke about the “laundering” companies for cybercriminals in the Moscow City Tower

At least four companies suspected of money laundering and allegedly linked to ransomware hackers are based in the 97-storey Tower East of the Federation Complex in the Moscow City Business Center.

According to the agency, we are talking about the companies Suex OTC, EggChange, CashBank and Buy-bitcoin.pro.

Suex OTC is under US sanctions for helping cyber extortionists launder money. According to the research company Chainalysis, since 2018 Suex has processed at least $160 million in bitcoins from illegal and high-risk sources.

The largest shareholder of Suex at the time of the sanctions, Egor Petukhovsky, denied the involvement of his business in money laundering by hackers in October and announced that he would defend his position in an American court.

According to three Bloomberg sources, the US and Europe are also investigating EggChange on charges of money laundering. The world's largest cryptocurrency trading platform Binance said it also noticed “illegal flows” of funds going through EggChange and CashBank.

Chainalysis claims that the company Buy-bitcoin.pro, whose headquarters are also located in the Tower Federation-East, processed hundreds of thousands of dollars of funds from ransomware and other illegal operators, including Russia's largest darknet drug market Hydra.

Bloomberg writes that at least 50 companies converting cryptocurrency into cash are registered in Moscow City Tower. Cybersecurity and cryptocurrency experts consider Moscow City Tower to be one of the most influential points in the world of cryptocurrency cashing. Experts added that such operations are not illegal, but without serious supervision, such a business can help hackers to cash out criminal proceeds.

Stanislav Bibik, a partner at Colliers, explained the large concentration of cryptocurrency firms in the Tower Federation-East by the fact that this address is trustworthy. “Working there gives the tenant a high status and indicates that he has a solid business,” Bibik said.


Hackers put up a database of drivers in Moscow for sale

 The attackers put up for sale a database of drivers in Moscow and the Moscow region on the darknet. The database worth $800 contains 50 million lines with the data of drivers registered in the capital and Moscow region from 2006 to 2019. It was put up for sale on October 19, 2019. Information from 2020 is offered as a bonus for purchase.

The buyer can get the name, date of birth, phone number, VIN code, and car number of the car owner from the database, as well as find out the make of the car, model, and year of registration.

According to the seller, the information was obtained from an insider in the traffic police. Alexei Parfentiev, head of the Serchinform analytics department, also calls the insider's actions the reason for the leak. “It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection from external attacks, are extremely strict,” he said.

However, Andrey Arsentiev, head of analytics and special projects at InfoWatch, noted that the database could have been obtained not through the actions of an insider, but as a result of external influence, for example, through vulnerabilities in system software.

The forum where the database archive was put up for sale specializes in selling databases and organizing information leaks. The main buyers of personal data are businessmen and fraudsters. For example, companies can organize spam mailings or obtain information about competitors, and attackers can use personal data for phishing.

This is not the first time that traffic police databases have been put up for sale. For example, in August 2020, an announcement appeared on one of the hacker forums about the sale of a database with personal data of drivers from Moscow and the region, relevant to December 2019.

“This is not a single leak. This is a systematic (monthly) drain,” said Ashot Oganesyan, founder of DeviceLock.

The number of DDoS attacks on Russian companies has increased 2.5 times since the beginning of the year

The press service of Rostelecom reported that the number of DDoS attacks on Russian companies in the three quarters of 2021 increased 2.5 times compared to the same period last year.

According to the report, “the main targets of the attackers were financial organizations, the public sector, as well as the sphere of online commerce. The number of DDoS attacks on data centers and gaming, which were the focus of hackers a year ago, has decreased”.

The largest number of attacks occurred in Moscow, their share was 60% of the total number of incidents, the shares of other regions did not exceed 7%.

The company added that the number of DDoS attacks on banks increased by 3.5 times, almost 90% of them occurred in September.

The number of DDoS attacks in the online trading segment increased by 20%. The number of DDoS attacks on the public sector also doubled in August and September compared to the same period in 2020.

“Every year, the power and complexity of DDoS attacks increases. This is due to the active use of larger-scale botnets by hackers. They consist of a variety of devices, and more and more vulnerabilities are used to hack them,” said Timur Ibragimov, head of the Anti-DDoS and WAF platform of Solar MSS cybersecurity services at Rostelecom-Solar.

According to him, in particular, in September, the attackers organized the largest DDoS attack using the Meris botnet, the estimated scale of which is 200 thousand devices. “Such attacks are already directed at well-protected organizations and companies whose resources can only be disabled by a very powerful DDoS. For example, it can be banks, large industrial or energy enterprises, etc.,” he added.

It is worth noting that, according to Atlas VPN, the number of DDoS attacks worldwide in the first half of the year increased by 11%, reaching 5.4 million. Thus, the number of attacks in the first half of the year turned out to be a record.

Experts reported a possible data leak from the Mosgortrans website

According to their data, more than 1,000 phone numbers with names and more than 30,000 email addresses could have been leaked into the network.

Files containing names, email addresses, phone numbers, as well as usernames and passwords of the Mosgortrans (a state-owned company operating bus and electrical bus networks in Moscow and Moscow region) website users were publicly available. In total, the hacker posted about 1.1 thousand phone numbers and 31 thousand email addresses on the Internet.

The fact that the data appeared on the Network was reported by the Telegram channel “Information Leaks” on Thursday, October 14.

A representative of Kaspersky Lab confirmed that the company's employees found a message on one of the forums about a data leak, which presumably relates to the Mosgortrans website.

“According to a post on the forum, among the leaked data there are a number of configuration files: group, hosts, motd, my.cnf, networks, passwd, protocols, services, sshd_config, as well as files containing presumably user data: mails.txt , mostrans_admins.txt , Names.txt , phones.txt ", reported in the company.

Alexander Dvoryansky, Communications Director of Infosecurity, said that the company has not yet been able to confirm the authenticity of the database. But if the database is still real, the attackers can use the received data for phishing and targeted advertising.

It is noted that there is no possibility to create a personal account on the Mosgortrans website, where users could specify personal data, but there is a feedback form.

The company itself denies the fact of data leakage. “The published documents contain the standard contact information of employees, which is available in any bus depot, branch and office. In fact, this is a phone book, and most of the information is outdated. There was no hacking of the website and the internal database, this was already checked by our IT -specialists“, said the representative of the company.