14 DAY TRIAL // Nikolai Patrushev, Secretary of the Russian Security Council, has said that, since the beginning of the year, Russian state agencies have suffered more than ten million cyber-attacks against its Web-exposed infrastructure.
Patrushev claims that most of the attacks were against Web servers, and as an example, he detailed the actions aimed at the website of Vladimir Putin that started last year and continued through 2016 as well.
Speaking to SC Magazine, the official explained that most of these attacks were mitigated, but that foreign states participated in the whole affair. Just today, Reuters has reported about Russian authorities complaining about spyware being found on state computers.
Russia faces cyber-attacks from other countries as well
The reasons behind these assaults are simple, and they were linked to collecting intelligence on state agencies, through sophisticated attacks. On the other hand, the most common incidents were DDoS attacks, used usually by hacktivists to annoy their targets, or by state actors to mask more serious intrusions.
Ever since the Snowden leaks, cyber-attacks between nation states have intensified and come out of the shadows and are now a weekly occurrence, even if no country has ever officially acknowledged carrying out offensive cyber-operations.
The Russian official has also decried the lack of trained professionals working for state agencies, with only six percent having adequate information security studies. This issue is not unique to Russia alone, with many other countries having problems filling infosec jobs.
Furthermore, Patrushev also brings to attention the ignorance of state officials who continue to use Web services hosted outside Russia, where state agencies can't guarantee the data's secrecy, inadvertently leading to information leaks of sensitive data.
The official's statements are a rare case when Western reporters get a glimpse inside Russia's internal affairs regarding cyber-security, a topic that officials have been silent on.
A rise in cyber-attacks against PoS systems
But Russian state agencies aren't the only ones that have been targeted increasingly across Russia. Another SC Magazine report highlights the rise in cyber-attacks aimed at PoS (Point of Sale) systems across the country.
Based on FinCERT data, the report highlights an unprecedented increase in PoS malware attacks that steal credit card details from PoS systems.
Russia has been historically sheltered from such attacks, mainly because a large part of the cyber-crime underworld operates from within the former Soviet space, where there's an unwritten rule that forbids targeting Russians in order to avoid investigations from local law enforcement authorities.
FinCERT says that crooks managed to steal at least 200 million rubles ($3,03 million) from such attacks, either carried out by infecting PoS systems with clever exploits or by collaborating with malicious insiders that infected the payment systems on purpose.