The number of cyber attacks on Russian organizations has increased

tanjimajuha20 · Post by **tanjimajuha20** » Mon Jan 20, 2025 5:25 am

This was reported by the press service of Solar LLC (Solar Group is part of Rostelecom PJSC) with reference to a study by the company's experts who analyzed 30 cases of successful attacks. From January to June 2024, according to the company, about 60% of successful targeted cyberattacks on Russian companies and departments were carried out by professional hacker mercenaries or groups. A year earlier, during the same period, most hacker attacks were carried out by cyber hooligans and hacktivists.

Read also

Cybercriminals carried out iran whatsapp resource381 thousand attacks on Russian companies in the second quarter of 2024. This is 17% more than in the same period in 2023. In total, in the first half of 2024, hackers attacked Russian companies 676 thousand times.

The report is based on the data of investigations conducted by the Solar 4RAYS team from January to June 2024. The study contains information about the attacked industries, the goals of the attackers, their techniques and tactics. The report also presents the main characteristics of the cyber groups discovered by the experts. In total, more than 30 incidents related to penetration into the IT infrastructure of various companies and organizations were analyzed during the reporting period.

According to the study, the level of technical "savvy" and qualifications among attackers is growing, and professional hackers who attack targets on request are increasingly making their presence known. Thus, in the first half of 2023, they carried out 10% of all investigated attacks, and in 2024, already 44%. In 2024, professional mercenaries overtook fraudsters (28%), hacker groups (16%) and automatic scanners (12%). The leaders of 2023 among hacktivists and cyber hooligans have completely disappeared from the field of view of experts. The customers of hacks are often governments of other countries.

The main goal of the attackers is cyber espionage. Having obtained the necessary information, hackers try to cause as much damage to the victim's infrastructure as possible, encrypting data without demanding a ransom. Most often, victims are government organizations (31% of investigated attack cases), companies in the industrial sector (22%), telecom (10%) and IT development (10%).

Read also
Solar Group: Women Violate Information Security Policies More Often Than Men Because They Work More
Experts from Solar Group analyzed 70 information security incidents identified during the piloting of the Solar Dozor DLP system in large and medium-sized businesses in the first half of 2024. The analysis showed that more than two-thirds of all cases of violation of information security policies are due to the fault of women, but they act in the interests of the employer, wanting to optimize work processes, while men violate for selfish reasons.

The most popular methods of penetrating the system were compromised company accounts (43%) and vulnerabilities in web applications (43%). Phishing, which was popular in 2023 (then it was used in 31% of the analyzed attacks), was used in only 7% of cases in 2024. The average duration of attacks (from the moment of penetrating the system to the moment of detection of activity) ranged from several days to six months, with every third incident lasting less than a week.

Experts were unable to determine the exact nationality of the hackers, but most of them (including the groups Lifting Zmiy, Shedding Zmiy, Moonshine Trickster, Morbid Trickster, Fairy Trickster) are from Eastern Europe or (the group Obstinate Mogwai) Asia. The origin of two hacker groups (NGC6160 and NGC4020) has not yet been determined.