Friend
Professional
- Messages
- 2,670
- Reaction score
- 899
- Points
- 113
Attackers often work on behalf of foreign government agencies.
In the first half of 2024, the majority (60%) of successful targeted cyberattacks on Russian organizations were carried out by professional hackers, in particular cybermercenaries and pro-government groups. For initial access to the infrastructure, attackers most often used compromised employee accounts and vulnerabilities in corporate web applications. In 2023, cyberbullies and hacktivists were responsible for the majority of attacks, and the number of incidents related to stolen accounts was four times lower. Such data follow from the report of the Solar 4RAYS cyber threat research center of the Solar Group of Companies.
The study is based on data from investigations conducted by the company between January and June 2024. It reflects data on the areas of activity of the attacked organizations, the goals of cybercriminals, as well as the techniques and tactics they use. The report also describes the main characteristics of the cyber groups discovered by experts. During this period, more than 30 incidents related to unauthorized access to the IT infrastructure of various companies were investigated.
There is an increase in the level of qualification of hackers attacking Russian infrastructure. In the first half of 2023, cybermercenaries were responsible for only 10% of the investigated attacks, while in 2024 their share increased to 44%. Often the customers of such attacks are foreign government agencies. In the reporting period, the Solar team of Solar Group of Companies encountered hackers from Eastern Europe and the Asia-Pacific region. The most active groups remain Lifting Zmiy and Shedding Zmiy.
The main target of most attacks is cyberespionage. After obtaining the necessary information, some cybercriminals purposefully destroy the company's infrastructure, usually by encrypting data without a ransom demand. This behavior is most often observed among groups from Eastern Europe. In most cases, the attackers were on the victim's network for no longer than a week, but there were also cases when hackers remained in the infrastructure for more than two years.
The hackers toolkit has also changed over the past year. In 2024, compromised accounts were used for initial infiltration in 43% of cases, compared to only 15% in 2023. Probably, the increase in the number of such incidents was facilitated by massive data leaks, which have become more frequent in the recent period.
Exploitation of web application vulnerabilities recorded a significant level of activity: 43% of incidents in 2024 and 54% in 2023. Web applications remain one of the most vulnerable elements of the IT perimeter, which is confirmed by the results of penetration tests. According to data for 2023, 56% of corporate web applications studied by Solar Group experts had vulnerabilities of high or medium criticality, which could potentially cause serious damage to the information assets of companies. Similar data were observed in 2022.
As noted in the company, attackers continue to complicate and diversify their tools. In the first half of 2023, specialists encountered 92 different attack techniques, and in 2024 their number increased to 122. Particular attention is paid to the stages of reconnaissance, evasion of detection and consolidation in the network. In such conditions, it is important to realize that the number of sophisticated targeted attacks will only grow, and basic protection measures are no longer enough. Regular software updates, study of current threats, training employees in cybersecurity skills, regular infrastructure audits, and the use of modern monitoring and protection tools are required.
Source
In the first half of 2024, the majority (60%) of successful targeted cyberattacks on Russian organizations were carried out by professional hackers, in particular cybermercenaries and pro-government groups. For initial access to the infrastructure, attackers most often used compromised employee accounts and vulnerabilities in corporate web applications. In 2023, cyberbullies and hacktivists were responsible for the majority of attacks, and the number of incidents related to stolen accounts was four times lower. Such data follow from the report of the Solar 4RAYS cyber threat research center of the Solar Group of Companies.
The study is based on data from investigations conducted by the company between January and June 2024. It reflects data on the areas of activity of the attacked organizations, the goals of cybercriminals, as well as the techniques and tactics they use. The report also describes the main characteristics of the cyber groups discovered by experts. During this period, more than 30 incidents related to unauthorized access to the IT infrastructure of various companies were investigated.
There is an increase in the level of qualification of hackers attacking Russian infrastructure. In the first half of 2023, cybermercenaries were responsible for only 10% of the investigated attacks, while in 2024 their share increased to 44%. Often the customers of such attacks are foreign government agencies. In the reporting period, the Solar team of Solar Group of Companies encountered hackers from Eastern Europe and the Asia-Pacific region. The most active groups remain Lifting Zmiy and Shedding Zmiy.
The main target of most attacks is cyberespionage. After obtaining the necessary information, some cybercriminals purposefully destroy the company's infrastructure, usually by encrypting data without a ransom demand. This behavior is most often observed among groups from Eastern Europe. In most cases, the attackers were on the victim's network for no longer than a week, but there were also cases when hackers remained in the infrastructure for more than two years.
The hackers toolkit has also changed over the past year. In 2024, compromised accounts were used for initial infiltration in 43% of cases, compared to only 15% in 2023. Probably, the increase in the number of such incidents was facilitated by massive data leaks, which have become more frequent in the recent period.
Exploitation of web application vulnerabilities recorded a significant level of activity: 43% of incidents in 2024 and 54% in 2023. Web applications remain one of the most vulnerable elements of the IT perimeter, which is confirmed by the results of penetration tests. According to data for 2023, 56% of corporate web applications studied by Solar Group experts had vulnerabilities of high or medium criticality, which could potentially cause serious damage to the information assets of companies. Similar data were observed in 2022.
As noted in the company, attackers continue to complicate and diversify their tools. In the first half of 2023, specialists encountered 92 different attack techniques, and in 2024 their number increased to 122. Particular attention is paid to the stages of reconnaissance, evasion of detection and consolidation in the network. In such conditions, it is important to realize that the number of sophisticated targeted attacks will only grow, and basic protection measures are no longer enough. Regular software updates, study of current threats, training employees in cybersecurity skills, regular infrastructure audits, and the use of modern monitoring and protection tools are required.
Source
