MOSCOW, Nov 16 – RIA Novosti. The cyber war unleashed against Russia has become a serious test of strength for the domestic IT system, but it failed to cause serious damage, according to Igor Lyapunov, Vice President of Rostelecom for Information Security.
He spoke at the SOC-Forum-2022 information security forum in Moscow, where representatives of the community of professionals working in the field of information security (IS) discussed new realities and practices of countering modern cyber threats.
According to Lyapunov, in Russia since February, government agencies, critical information infrastructure facilities, as well as the media have been attacked, among other structures.
However, he stressed, "the situation requires a serious structural change in the cybersecurity system, which should become part of national security."
According to many participants of the forum, the cyber war unleashed against Russia has turned into a full-scale national threat, the situation requires the unification of public and private structures in countering cyber attacks, coordination of all relevant structures and a change in attitude to information security, since cybersecurity has ceased to be a concern of individual companies.
At the SOC-2022 plenary session "Cybersecurity-New Realities", heads of government agencies in charge of information security issues and top managers of key companies, including InfoWatch, Positive Technologies, Kaspersky Lab, the Federal State Statistics Service of Russia, the National Coordination Center for Computer Incidents (NCCI), the Ministry of Finance, the Bank of Russia, announced figures illustrating the scale problems.
So, according to the speakers, the number of attacks on Russian web resources has increased 60 times over the year. At the same time, the volume of cyber attacks on infrastructure institutions has increased 17 times. More than a third of the attacks were on government agencies and almost a quarter - on the enterprises of the military-industrial complex. The speakers stressed that at the first stage the attacks were characterized by a large volume of simple from a technical point of view DDOS "assaults". So-called "motivated amateurs" can also participate in such attacks. From various chats they receive instructions and means of penetration into systems. These attackers improve their skills and gradually move on to coordinated actions. Vladimir Dryukov, director of the Solar JSOC Cyberattack Counteraction Center of Rostelecom-Solar, answering journalists' questions, noted that at least a quarter of a million devices involved in botnet networks were involved in DDOS attacks in 2022.
At the same time, according to him, there is a possibility of increasing this potential by 10 times due to the purchase of paid botnets.
According to the representative of the NCC Sergey Korelov, the top vectors of penetration into IT systems included exploitation of vulnerabilities on the perimeter (that is, at points of interaction with external resources), phishing and malware. "Industrial enterprises, government agencies and IT contractors are in the greatest risk zone today," Korelov said.
Natalia Kaspersky, President of the InfoWatch Group of companies, proposed at the forum to create an intellectual club of the IT community and regulators, whose priority task will be the creation of a unified national information technology platform. As Kaspersky said, due to the withdrawal of a number of Western companies from the market, "there are fewer resources and more tasks." Against this background, it is necessary to unite and develop the Russian information security system together, and not spend resources on solving the same problem one by one. The forum participants also called for a change in the attitude to information security issues in Russian companies. According to the deputy director of the FSTEC of Russia, Vitaly Lyutikov, an inspection conducted recently by his department showed that half of the organizations do not check their contractors for information security, and 34% have never checked perimeter nodes for software vulnerability.
