IB-2022 trends: how the market situation has changed
Despite the rapidly changing conditions in the Russian and
“At the beginning of 2022, it seemed that with ransomwareit may be over - there were arrests, some of the groups fled, some lay low and rebranded, Due to political disagreements, there was a split in the Conti team, which led to the publication of internal files and correspondence, but by the end of 2023 it turned out that the ransomware empire was still powerful and very dangerous,” notes Valery Baulin, CEO of Group- IB in Russia and the CIS.
There are several reasons for the success of ransomware.Firstly, attackers do not need to hack the infrastructure themselves or look for loopholes in corporate networks. They have a developed market for selling access to corporate networks. According to Group-IB experts, it has more than doubled, while the price of access has fallen by about half. 70% of access types that appear on sale are RDP and VPN accounts.
Secondly, to gain access to corporatenetworks began to actively use logs obtained by stealers - malicious software that steals logins/passwords to SSO services, VPN, and Citrix services. Stealers have become the second most important cyber threat in 2022 after ransomware, says Valery Baulin.
What did you encounter Russia
Dramatic changes in the field of information security occurred at the end of February, notes Anton Kuzmin, head of the Center for Countering Cyber Threats Innostage CyberART:
“We see the coordinated activity of so-called “hacktivists” - users with no experience in carrying out attacks, who act according to certain instructions.”
Everything is at gunpoint
Previously faced with cyber attacks morebanking, financial sectors, large enterprises thought about the security of activities on the Internet. Today, any company whose work is connected with the Internet is under the gun - that is, almost the entire business.
The attitude towards information security has changed
Just a year ago, the importance of information security had to be conveyed to the management of enterprises. There is no need to do this now - the current situation has done its job for everyone.
“Today, many leaders not only know thatThis is cybersecurity – many people have directly encountered the issues of its provision at their enterprises. Both large and small businesses face DDoS attacks, disruptions in information systems, and data leaks. Any company whose work is connected with the Internet, that is, almost the entire business, is under threat,” emphasizes Anton Kuzmin.
Exit of foreign companies
The landscape of protective equipment has changed dramatically,which can be used. The departure of foreign IT and information security players from Russia, such as McAfee, PaloAlto, Microsoft, IBM, ESET, Fortinet and Cisco Systems Inc., had a strong impact on the market. Termination of activities in the country of foreign vendors has reduced the level of confidence in them on the part of Russian companies and most of them are not ready to work with foreign solutions, even if their developers resume their activities in Russia.
Import substitution
Russian business has been building for yearsinfrastructure based on Western solutions, however, after the departure of foreign companies, as well as restrictions and bans on the use of their solutions, I am forced to look for a new path.
Techniques used by attackers in 2022
Cyber attacks recorded in Russia this year can be divided into seven types:
- Denial of Service (DDoS) attacks- this is the main type of attacks used today, the main goal of which is to disable systems or hide other types of cyber attacks.
- Defacecharacterized by replacing the contents of the hackedinformation resource and placing on it any defiant message for the purpose of propaganda and causing reputational damage to the site owner.
- Phishing emails- a type of Internet fraud based onmethods of social engineering, the purpose of which is to psychologically manipulate people to perform certain actions or disclose confidential information, most often to steal bank card data.
- Injection of malicious software (VPO)— implementation of malware in information systemsvarious organizations with the aim of penetrating the infrastructure or carrying out destructive actions (for example, data encryption) aimed at the IT infrastructure.
- Enumerating accounts (Brute Force)to remote access services - the essence of the approachconsists of a sequential automated search of all possible combinations of characters in order to find the correct combination of username and password.
- Automated scanninginformation resources for the purpose of searching onnetwork perimeters of organizations have critical vulnerabilities and misconfigured software that hackers can use to penetrate the infrastructure or compromise data and information systems.
- Arbitrary code execution on a web server. For example, SQL-injection, or cross-site scripting (XSS). Attacks allow access to databases, as well as injecting malicious code into web systems.
It is obvious that the events that took place oncyber arena in 2022 are only a consequence of the geopolitical crisis. Hacktivists, together with pro-government hackers, began to conduct joint campaigns - this became most noticeable in the story of massive and clearly coordinated DDOS attacks and hacking of companies to steal databases.
“In general, this year set an anti-record fornumber of leaks, and the “leader” was August, when 100 leaks were posted, including databases of 75 Russian companies. We see that the criminals’ motive has changed: if previously stolen databases were put up for sale, now they are made publicly available for free in order to cause reputational or economic damage to businesses and their clients,” notes Valery Baulin.
What about import substitution?
The country's business today is aimed at import substitutionsoftware and hardware. Even the rising prices of Russian developers do not stop him from buying domestic products. Domestic companies expect the emergence of Russian analogues of foreign products that are at the development stage. Moreover, they are ready to purchase and test them with weaker functionality than their foreign counterparts. True, there is a condition - it is important to quickly refine it to the required state.
“Many Russian vendors are quite activeexpand the line and refine products, receiving feedback from customers, due to which the maturity of solutions is growing. Now there are new players, the market is growing. It is interesting that large companies develop their products, which they offer to the market in the future,” emphasizes Anton Kuzmin, head of the Innostage CyberART Cyber Threat Countermeasures Center.
The main work on import substitution has begunafter the 250th presidential decree “On additional measures to ensure information security” and the departure of foreign vendors from the Russian Federation, namely the impossibility of purchasing, renewing current licenses, disconnection from cloud services and lack of vendor support. According to Anton Kuzmin, if we take the classic approach to modernizing infrastructure, then before introducing something new, it is necessary to: test the product, analyze and record the necessary functionality, conduct a pilot and only then implement the solution. Each of these stages usually takes a long time, especially if it concerns complex and critical systems, such as information security tools (information security tools).
Forecasts for 2023
Considering the dependence of the market climatecybersecurity from the political situation in the world, it is unlikely that the situation in cyberspace will change much. The trends of 2022 will continue, but on some fronts the pressure may intensify.
“Ethics in hacktivist attacks will be definitivelyforgotten. If earlier it was very bad form to encrypt hospitals, now it will become “bad, if not in Russia.” Due to the political background, there will be more professional cyber operations (APTs), and both ordinary people and commercial companies will be involved, as a possible path to the targeted infrastructure or collateral damage. Attacks on supply chains will become more relevant, and the chains themselves will become more difficult to build due to politics,” says Anton Bochkarev, CEO of 3side.
The trend towards import substitution will intensify
During 2022, the developers "rebuilt"solutions, and as early as next year, a massive market launch of new products is expected. At the same time, against the background of an increase in the number of new GIS, there will be a need for a sustainable domestic ecosystem. In addition to information security products, it should include Russian-based hardware, operating systems, and application software. At the same time, they must interact “seamlessly” with each other, emphasizes Anton Kuzmin, head of the Innostage CyberART Center for Counteracting Cyber Threats.
Consequences of the departure of foreign companies
Russian companies have not yet fully felt the departure of foreign companies, because many were contracted a year in advance. 2023 will show the practical consequences of the departure of foreign vendors.
Cyber exercises and cyber polygons
During 2022, many companies are intensivelyupgraded their protection systems with new protection means. In this regard, there should be an increase in demand for training in practical work with new security equipment and their connection with other company security equipment.
Operation support services (outsourcing/outstaffing)
The need is related to the availability of trained personnel to ensure the correct functioning of information security systems.
“During attacks or pentests, many companiesrealized that the implemented protection tool, left without the constant attention of a responsible employee, ceases to guarantee the correctness of its work over time, it requires its own or hired personnel to continuously monitor the state of protection systems, ”notes Anton Kuzmin.
Investment in personnel
After living for a year in the new reality, many companies clearly understood that they themselves must invest in the development of the cybersecurity market in Russia, in particular, in increasing its human resources potential.
Read more:
Benefits of vitamin D for cancer prevention vary by weight
Hidden colony of penguins accidentally discovered from space images
A giant sunspot is turning towards the Earth. It is visible to the naked eye