Data breaches in Russia

Personal Data Law No. 152-FZ

Main article: Law on Personal Data No. 152-FZ

Industry data breaches

Data leaks in the Russian public sector

Main article: Data leaks in the Russian public sector

Data leaks from Russian banks

Main article: Data leaks from Russian banks

• Data leaks at Sberbank

Data leaks of telecom operators

Main article: Data leaks of telecom operators in Russia

Data breaches in healthcare settings

Main article: Data breaches in healthcare facilities

Data leaks in social networks

Main article: Data leaks in social networks

Fines for data breach

Main article: Fines for data leakage in Russia

2024

Data of millions of users of the online store "Online Trade" was leaked

In early March 2024, it became known that as a result of a hacker attack, the personal data of more than 3.8 million users of the online store "Online Trade" was leaked. According to reports, an attacker was involved in the hack, who had previously published on the Internet information about users of the educational portal GeekBrains and the logistics company SDEK. Read more here.

The data of hundreds of thousands of customers of the Orteka orthopedic salon network was leaked

In early March 2024, it became known that the IT infrastructure of the Orteka orthopedic salon network (orteka.ru) was subjected to a hacker attack. As a result of the hack, the data of hundreds of thousands of customers was leaked. Read more here.

Corporate mail data is leaked from every 19th employee of Russian companies

According to to data BI.ZONE Brand Protection, in 2023, 420 got into open access, databases containing more than 981 million lines, and in January 2024 - 62 databases with a total volume of more than 525 million records. They contained, among other things, passport data of citizens, addresses, telephone numbers, payment, information as well as personal and corporate email addresses. Passwords in open or hashed form were found in 13% of cases in 2023 and in 6% in January 2024. BI.Zone announced this on February 20, 2024.

Since February 1, 2024, there have been 29 leaks totaling more than 11 million lines, 85% of which contained a password or password hash.

Corporate mail leaks on average occur in every 19th employee. In 2023, BI.ZONE specialists helped Russian companies identify leaks of 75,000 email addresses and minimize their consequences.

Шаблон:Quote 'author = said Dmitry Kiryushkin, head of BI.ZONE Brand Protection.

Leaks of hashed passwords are also dangerous because they can be recovered from the original passwords. Attackers can hack into popular resources, such as delivery services, online stores, social networks, and make databases with user data publicly available. Therefore, you should not register on foreign sites using corporate mail without the need for work.

To minimize the risks associated with leaks of corporate mail data, you should come up with different passwords for different resources, periodically change them, and use special programs - password managers to store them.

It is also useful to regularly check the presence of company email addresses in leak databases. To do this, you can use digital risk protection solutions that allow you to identify corporate data leaks, as well as cases of misuse of the company's brand, for example, to create phishing pages.

If you do not take protective measures, attackers can gain access to those corporate resources where the login and password coincide with the data for entering the mail from leaks. Cybercriminals can also use compromised e-mail to send phishing, spam or malware. This type of threat is called BEC attacks (business email compromise).

In addition to leaks, cyber groups are also dangerous, which collect logins and passwords from corporate resources using special malware - steelers. The main way to deliver steelers also remains phishing emails, malicious ON in which is disguised as an attachment, most often as commercial offers or documents from official departments, as in the case of the recently discovered Scaly Wolf group.

2023

Over the year, 420 database leaks of Russian companies were recorded

In 2023, experts from the Solar group recorded 420 database leaks from Russian companies. This is reported in a study published in March 2024.

The total amount of leaked data is estimated at 103.4 terabytes. Databases that have been shared together contain 4.8 million lines, including 225 million phone numbers and 145 million email addresses. The service and e-commerce sectors have become the leaders in leaks - in part, this is due to the weak security of industries due to the fact that for a long time attackers have not been interested in these sectors.

As part of working with current clients and pilot projects of the service, 1976 incidents involving confidential information about companies that are customers of Solar Aura were recorded in various external sources. We are talking about both the detection of single documents or their arrays, and about cases when the data of employees of the organization appeared in third-party data leaks.

Also, an analysis of public leaks over the past 6 years has revealed 94,000 compromised and potentially compromised corporate accounts. The sharp increase in the number of these compromised accounts began precisely after the start of a special military operation, according to Solar.

In their study, experts also reported that in 2023 they recorded a total of 13.3 thousand ads on the dark web and Telegram channels offering various kinds of illegal services. Analysts found that hackers are most interested in offers to sell accounts, break through data and recruit employees to carry out cyber attacks on large Russian organizations and departments (38%), as well as to sell bank cards and access to the bank's client's personal account or issue bank accounts without a visit to the bank (31%).

Key external digital threats to Russian companies in 2023

The volume of merged personal data in the Russian Federation increased by 60%

The expert and analytical center of the Civil Code InfoWatch presented a study ": limited Russia information access leaks, 2022-2023," in which it analyzed in detail the nature and dynamics of incidents INFORMATION SECURITY in the Russia last two years. It also reflects the results of a survey of industry participants on current trends cyber security that affect Russian organizations. The company announced this on March 11, 2024.

According to the report, in 2023 there was a sharp increase in the number of leaked personal data - their volume amounted to 1.12 billion records, which is almost 60% higher than the level of 2022 (then 702 million records were compromised). Moreover, the true scale of damage can be significantly underestimated, since in more than 35% of last year's PD leaks, the amount of stolen data remained unknown.

If we talk about the number of incidents, then in 2023 it decreased by 15% and amounted to 656 episodes. However, this slight decline was more than compensated for by the growing damage that organizations receive from effective leaks. In particular, the average number of PDs merged in one incident almost doubled in 2023 - from 0.9 to 1.7 million records, which indicates a noticeable increase in the effectiveness of cyber attacks. Thus, we see that hackers began to hack information systems less often, but at the same time they increasingly have large production in their hands, "said Andrei Arsentiev, head of analytics and special projects at the InfoWatch Group of Companies expert and analytical center.

According to the expert, this trend was predicted by InfoWatch specialists more than five years ago, and first of all it is associated with the emergence of large repositories of personal data (related to social services, telecom operators, marketplaces, etc.) against the background of accelerated digitalization of the economy. As of March 2024, they are the main targets for cyber attacks. It is expected that in the near future they will also be added to storage facilities related to federal services, which will become a desirable target for attackers with political motivation. Therefore, state service databases require especially careful protection.

The intensification of attacks on public sector organizations can be seen by the dynamics of the share of leaks of state secrets, which in 2023 expanded 3.6 times - from 1.8% to 6.6%. At the same time, most of the information leaked in the reporting period (73.6%) traditionally belonged to personal data. The total share of information leaked from government agencies and organizations also increased to a level of 19.2% (5.3 percentage points more compared to 2022). Also, the share of banks in the industry distribution has noticeably changed - over the year it increased from 7.5% to 10%. At the same time, companies operating in the field of IT/information security and telecommunications (their total share fell from 27.1% in 2022 to 18.8% in 2023) and trading organizations (in the reporting period, the share decreased from 19.6% to 16.6%).

Serious changes have also occurred in the structure of leaks in terms of the size of organizations. Thus, analysts noticed a significant increase in the share of individual entrepreneurs and small businesses (in the category of up to 50 employees) from 18.5% to 34.1% due to a uniform decrease in the share of large and medium-sized market players (from 54.3% to 47.3% and from 27.2% to 18.6%, respectively).

{{quote 'Since 2022, Russian infrastructure has been regularly attacked by hacktivists - attackers who are driven not by a thirst for profit, but by the desire to compromise as much data as possible for political reasons. Against the background of SVO, the number of such attacks is constantly growing. And small companies are becoming the most vulnerable link here - small and medium-sized businesses have much more modest resources to maintain information security than large players, "explained Andrei Arsentiev. }}

According to a survey by InfoWatch Group of Companies, in response to the worsening situation with leaks of confidential information in 2023, organizations used the following main measures to strengthen cybersecurity:

• Training of employees in the basics of information security and information hygiene (59%);
• Implementation of intrusion protection system (27%);
• Installation of DLP system (17%).

Russian companies began to hide personal data leaks more often

In 2023, approximately 342 million lines of leaked user data were published on the Internet. This is almost a quarter - 24% - more than the previous year. Such figures were disclosed on February 21, 2024 in a study of the Kaspersky Digital Footprint Intelligence service.

Despite the increase in the volume of stolen personal information, the number of announcements about leaks of customer data in 2023 decreased by 8% compared to 2022 and amounted to 155. This suggests that companies have become more silent about such incidents. Most often, messages posted on specialized sites indicated leaks from organizations in the field of retail and Internet services, and an increase in theft of personal data in 2023 was recorded in the financial and healthcare sectors.

Approximately 342 million lines of leaked user data were published on the Internet

Ruslan Permyakov, Deputy Director of the Competence Center of the NTI "Technologies of Trusted Interaction" based on TUSUR, notes that there are fewer announcements of leaks, since some of them are hiding. Despite the law requiring an operator to report such incidents, there is no effective control and punishment mechanism as of early 2024. At the same time, Konstantin Melnikov, head of the analytics and digital threat assessment service ETHIC of Softline Group of companies, claims that the observed trend may also be due to the fact that attackers often directly interact with the victim, trying to get a ransom without publishing information about the leak.

The Vedomosti newspaper, referring to a study by Kaspersky Digital Footprint Intelligence, notes that in 2023 the number of published records containing passwords rose by 17.5% compared to the previous year. In general, according to Kaspersky Lab, in 2023 the volume of online fraud in Russia increased significantly. In particular, the number of malicious links jumped 2.5 times compared to 2022.^[1]

The number of data leaks recorded by Roskomnadzor increased from 140 to 168

The number of data leaks recorded by Roskomnadzor increased from 140 in 2022 to 168 in 2023. This is evidenced by the data that the press service of the department published on January 9, 2024.

According to Roskomnadzor, as a result of data leaks in 2023, more than 300 million records were made publicly available. In total, in 2023, Russian courts considered 87 protocols drawn up by Roskomnadzor on the fact of personal data leaks and imposed fines totaling more than 4.6 million rubles.

According to the service, in two years the amount of penalties increased 23 times: in 2021, Roskomnadzor amounted to only four protocols for 200,000 rubles. In 2022, the department sent 66 protocols to the courts in the amount of more than 2.4 million rubles, then 600 million records about Russians got on the Internet.

According to Vedomosti, there are more fines due to the increase in the number and volume of leaks and increased attention to this problem. In their opinion, in reality there were even more leaks than the department's protocols. Due to the increasing leakage of personal data of cellular operators, they decided to withdraw from the moratorium on the ban on inspections. In December 2023, a bill was submitted to the State Duma for consideration, which will allow Roskomnadzor to conduct unscheduled inspections in the field of state control and supervision in the field of communications. The reason for them may be a leak of personal data. The authors of the document believe that the moratorium on unscheduled inspections of IT companies does not allow the department to quickly respond to emerging threats. Decisions on unscheduled inspections of such companies will need to be coordinated with the prosecutor's office. It is assumed that this will eliminate the risks of excessive administrative pressure on the business.

By the beginning of January 2024, Roskomnadzor cannot initiate verification of information about the leak, this requires an order from the prosecutor's office or the government.^[2]

The data of hundreds of thousands of customers of the Russian insurance company BASK was leaked

On December 18, 2023, it became known that the information infrastructure of the insurance company BASK was subjected to a cyber attack, as a result of which the personal data of hundreds of thousands of customers were leaked. The attackers put up the stolen information for sale on one of the shadow forums on the Internet. Read more here.

The number of leaked telephone numbers was 1.5 times higher than the population of the Russian Federation

The number of leaked telephone numbers in 2023 was 1.5 times higher than the population of the Russian Federation. Solar announced this on December 15, 2023.

According to the Solar AURA Solar Group Center for Monitoring External Digital Threats, in 2023, data from almost 400 Russian organizations got into public access. This means that at least one data leak took place in Russia every day.

From January to early December 2023, 385 organizations became victims of leaks. The total published data was 103.4 TB. The bulk of incidents are related to leaks of various kinds of structured information - databases customers, employees, users of various websites and services. However, despite the number of such incidents, the stolen databases in the total volume of the compromised information ones are only about 1% and are not the result of the most complex ones. At attacks the same time, 99% of the leaked data are huge archives of internal records of companies, obtained as a result of only 8 advanced cyber attacks, in which to hackers they managed to penetrate deeply into the infrastructure of organizations. These arrays contain document scans, dumps (snapshots) of system memory, information computers from individual users, as well as a large number of sources being developed. software

In total, 4.8 billion lines of data were publicly available, while in 78 cases, databases consisting of more than 1 million lines became the prey of attackers. In these databases, experts found over 220 million phone numbers, 142 million email addresses and 52.4 thousand passwords from various services. It is worth noting that the published databases did not necessarily contain contact information. Thus, the largest incident of 2023 in terms of the number of lines was the publication of information about booking flights. The shared database contained more than 4 billion lines of data.

The first place in terms of the number of published data in 2023 was taken by the IT industry (4.1 billion lines), a major leak occurred in September 2023. In second place were services (218.6 million), in third - retail (187.4 million). The financial sector (160.9 million) and the gaming industry (48.1 million) are in fourth and fifth places, respectively.

According to experts of the Solar Group, companies providing services and services have not yet paid due attention to information security, and therefore took second place. The entry of the financial sector, retail and the gaming industry into the TOP-5 of leaders in leaks is associated with the traditional interest of cybercriminals in these industries. Also in 2023, there was a large number of leaks in retail, which were publications of databases of various [[online trading 'online stores. ]]

Solar AURA specialists also analyzed more than 338 million credentials from 10 thousand different services that entered the network from January to April 2023. As a result, the logins and passwords of 134 thousand customers of Russian banks, 978 thousand users of Russian social networks and 888 thousand users of popular mail services were discovered.

In 2023, attackers using Big Data tools learned to find information about their victims in several databases at once (including leaks from contractors) and use it to penetrate the company's infrastructure, steal and publish data, thereby causing reputational and financial damage to the organization. That is why we at Solar AURA comprehensively analyze all data leaks in order to find as much open information as possible that may entail risks for our customer. Prompt receipt of such information makes it possible to take measures to reduce damage - at least, to investigate the incident, clean up the infrastructure and strengthen its protection, "explained Alexander Vurasko, an expert at the Solar AURA External Digital Threat Monitoring Center, Solar Group.

The data of train passengers ended up on the network.   In Russian Railways they say that they did not leak

A fragment of a database containing information about train tickets and personal data of passengers was posted on public access, the Information Leaks Telegram channel reported on December 7, 2023.

According to the channel, the cropped piece of the rzd_orders table contains 1,013,904 rows. The file includes both personal information about passengers with full name, date of birth, passport series/number, etc., and information about the route and carriers. Travel dates range from August 18, 2014 to February 14, 2017.

Russian Railways say the leak did not come from their company's database.

An analysis of the passenger database, which is distributed on the Internet, shows that it is not a database of Russian Railways, TAdviser was told in Russian Railways. - Previously, the leak occurred at one of the third-party portals that attempted illegitimate interaction with the Russian Railways website in the period 2014-2017.

Earlier in August 2019, the personal data of 703,000 Russian Railways employees were published in the public domain - the trial of the company's employee, who was found responsible for the leak, is still ongoing. In early November 2020, a section of the database of this site turned out to be freely available right on the official website of Russian Railways Bonus. In June 2022, internal documents of Russian Railways were publicly available.

The data of hundreds of thousands of customers of the insurance company USC was leaked

In October 2023, a leak of customer data of the United Insurance Company (USC) was recorded. The hacker group UHG took responsibility for it. Read more here.

The average damage from one information leak amounted to 5.5 million rubles

In 2023, a key cyber threat for Russian business was the large-scale leaks of confidential information that occur monthly. As a result, large businesses and the state segment lose an average of 5.5 million rubles from one leak. This estimate includes direct financial costs and does not take into account potential reputational losses, as well as penalties. Solar (formerly Rostelecom-Solar) announced this on October 19, 2023.

Information leaks are most often faced by companies from the retail sector (37%), the financial sector (20%) and the gaming industry (10%). The total published data is 91.8 TB. Even the loss of 5% of confidential data from leaks is enough for the company to lose market position. Reputational losses are not predictable and are closely related to financial losses, since they have a direct impact on the decline in income due to the negative perception of the company. According to experts of the Solar Group, more than 55% of the costs of eliminating the consequences of such incidents in organizations are spent specifically on solving problems associated with reputational losses.

The DLP (Data Leak Prevention) class of solutions will help to avoid information leaks, as well as financial and reputational losses caused by them. First of all, it is advisable to protect the organization from internal threats, because an insider can cause harm that significantly exceeds the possible damage from external attacks. For example, the Solar Dozor solution helps not only protect the company from leaks of confidential information, but also profile employees, identify anomalies in their behavior and promptly investigate incidents.

Attackers penetrate the infrastructure of organizations in order to gain illegal access and data theft. Thus, 98.8% of the total amount of published data is made up of archives of internal documentation, software sources and other elements of the "internal kitchen" of organizations. Data leakage can occur in any company, so it is important to competently build comprehensive protection for its digital IT infrastructure. The formation and application of an ecosystem from different classes of information security solutions is today the most mature approach, and our portfolio of import-independent cybersecurity technologies allows us to provide customers with both separate information security solutions and create comprehensive protection systems, "said Galina Ryabova, director of the Center for Cybersecurity Technologies of Solar Group.

It is critical to mitigate risks by not only protecting sensitive information, but also protecting all types of accounts that provide access to that information. Therefore, it is a good practice to use solutions of the PAM (Privileged Access Management) class, which allow you to create, use and store strong passwords, change them on a schedule or after each session of work. And the most important thing is that the system will be able to hide passwords even from the users themselves and automatically substitute them according to predetermined rules. For example, Solar SafeInspect monitors the access of privileged users, proactively enforces security policies, and records all actions of privileged users.

It is also possible to significantly reduce the risk of leaks by properly organized network segmentation by configuring security policies, as well as rules for accessing external resources and using applications. NGFW (Next Generation Firewall) solutions help you organize comprehensive protection of enterprise networks and the data stored in them from network threats. Thus, Solar NGFW provides tiered protection on the network perimeter and between internal segments of the organization's network.

Combining security tools of different classes allows you to build an effective information security system of the organization and thereby prevent the cost of covering damage from incidents.

The United Insurance Company has a major data breach about customers and their cars

On October 4, 2023, the United Insurance Company (USC) confirmed the fact of leakage of personal data of customers, which was previously reported by the Information Leaks telegram channel. According to the latter, the hacker group UHG is behind the leak, which previously announced the hacking of insurance companies ASKO and Astro-Volga, as well as the online cosmetics and perfume store "Girlfriend," the CITILAB laboratory and ticket service kassy.ru.

The current leak consists of several SQL dumps, which contain such fields as: Full name with data on the field, date of birth and passport numbers, hashed password (MD5 with and without salt), 400 thousand unique phone numbers, 1.2 million unique email addresses, driver's license numbers and insurance policies, car license plate and VIN, as well as the IP address from which the application was sent to the site. The site's CMS is FastPanel. Judging by the dates from the published dumps, the information in them is relevant on the 01.10.2023.

The hacker group began its activities in April 2023 by organizing a leak in the kassy.ru ticket service, then in May there was a leak in the CITILAB laboratory, and then it went hard: August - "Girlfriend," September - ASKO and Astro-Volga insurance companies. There were even press reports about the investigation into the leaks in "Girlfriend" and "CITILAB," but [1] they did not appear in the register of violators. However, none of the named companies has officially acknowledged the existence of a leak.

The fact is that in accordance with the requirements of Law No. 152-FZ "On the Protection of Personal Data," the offender must report within 24 hours the fact of a leak to Roskomnadzor, and within several days to prepare the results of an internal investigation of the incident. Since the leaks were not admitted earlier, there seemed to be nothing to investigate. Now the situation is somewhat different - USC recognized the fact of the leak (although, after some time, it removed information about the leak from the official website), so in the near future it should provide both information about the scale of the leak itself and information about the investigation.

Hosting company mtw.ru was the victim of a cyber attack. Hackers seized the data of 213 thousand client companies

In August 2023, it became known about a major leak of data from users of users of the hosting company mtw.ru. The hacker group DumpForums claimed responsibility for the cyber attack. Read more here.

67% of companies avoid public statements about data breach incidents

SearchInform experts analyzed the situation with information leaks in domestic companies for the first half of 2023. In particular, they investigated how companies respond to leaks and how many organizations notify Roskomnadzor of the incident. This was announced by SearchInform on August 7, 2023. Read more here.

Data of millions of Lukoil customers leaked

In early August 2023, it became known that a database with the name "Lukoil 2022" was made publicly available. It is assumed that it is related to the oil and gas company Lukoil. Read more here.

There was a leak of data of millions of customers of the chain of stores "Girlfriend"

The data of millions of customers of the chain of cosmetics and perfume stores "Girlfriend" was leaked. The profile Telegram channel "Information Leaks" reported this on August 2, 2023. Read more here.

The data of millions of users of the online bookstore was leaked book24.ru

In early June 2023, it became known about the leak of data from millions of users of the leak of an online book store book24.ru. Later, on July 24, 2023, the Telegram channel "Information Leaks" clarified that out of more than 3.5 million pairs of records including email and password, almost 99% are unique, that is, they have not previously been found in leaks. Read more here.

Data of millions of customers of the Intourist tour operator was leaked

On July 18, 2023, it became known about the leakage of data from millions of customers of the Intourist tour operator. The company itself denied the leak of information, but confirmed the cyber attack. Read more here.

There was a data leak of hundreds of thousands of children from Artek and their parents

In early July 2023, it became known about the leakage of data from hundreds of thousands of children from Artek and their parents. Roskomnadzor began checking. Read more here.

There was a leak of customer data from Bukvoed, Leroy Merlin, Yours and Eat at Home

On June 8, 2023, it became known about a data breach to customers of four large companies in: Russia the online bookstore "," Pedant the construction store, "the Leroy Merlin culinary recipe portal" Eat at Home "and the clothing store". "Yours

The fact that information from users of the sites of these brands is publicly available was reported by the research company Data Leakage & Breach Intelligence (DLBI), which specializes in information leaks.

One of the two files of the bookstore "Bukvoed" contains 3.58 million lines with full names, emails, phones, social media IDs, encrypted passwords. The second file contains 3.27 million lines with logins, emails, phones, usernames and encrypted passwords. In just two files - 5.4 million unique logins: 2.58 million unique email addresses and 2.7 million unique phone numbers.

One of the two bases of the Leroy Merlin construction store contains more than 3.3 million lines with full names, registration and birth dates, phones, social media IDs and other information. Among all this, the Company found full names, hashed passwords and work mail of company employees, including top management. The second archive contains 1.75 million lines, which contain information including information about employees, including first/last names, phone numbers, mail addresses and other technical data. The relevance of the database is May 2023.

Among the merged data of the "Yours" network are names/surnames, emails and telephones. Total - 2.26 million lines with relevance for May 2023. From the site "Eat at Home" hackers were able to "pull out" 536 thousand lines with full names, e-mails and phones. Relevance - April 2023.^[3]

Data leakage of 2 million customers of Ascona

On June 7, 2023, it became known about the Ascona data leak. In this regard, the Russian manufacturer of sleep products began an internal audit. Read more here.

Data from millions of customers of Gloria Jeans store chain leaked

On June 6, 2023, it became known about the leak of data from millions of customers of the Gloria Jeans store chain. It was reported by the Telegram channel "Information Leaks," which is maintained by Ashot Hovhannisyan, founder of the DLBI darknet detection and monitoring service. Read more (Gloria Jeans)|here.

Data of millions of customers of the Auchan and Your Home networks was leaked

On June 6, 2023, Auchan confirmed information about the leakage of data from its customers. Initially, DLBI experts reported it in their Telegram channel "Information Leaks." Read more here.

Since the beginning of the year, data from 197 million users have entered the network

During the first months of 2023, data leaks of approximately 197 million Internet users were recorded on a global scale. This is almost twice the figure for January-May 2022, when about 100 million thefts of personal information were registered. Such figures in early June 2023 were cited by Kaspersky Lab.

According to TASS, referring to the statements of Igor Fitz, an analyst at Kaspersky Digital Footprint Intelligence, 64 cases of publishing significant databases were identified during the first five months of 2023. This is a third (33%) more than the previous year. The information released on the Internet contains at least 23 million lines with various passwords and 81 million lines with the victims' phones. The largest number of leaks occurred in the retail sector, IT and credit organizations.

A study by Kaspersky Lab says that attackers in 2023 shifted their focus, focusing on big business data. If in 2022 such leaks accounted for about 28 million lines, then in the period from January to May 2023 - 163 million. At the same time, approximately 20 million lines of stolen information were published in the segment of small and medium-sized businesses against 70 million lines a year earlier. It is also said that half of all leaks are published within a month of data theft. Moreover, most often attackers report information theft through Telegram.

Online scammers are constantly changing schemes, coming up with new legends in order to deceive people of money and confidential data. At the same time, we see that the quality of phishing and scam resources is growing: fraud, design, content can mislead even those who are usually skeptical of dubious offers on the Internet, says Olga Svistunova, content analyst at Kaspersky Lab[4]

There was a data leak of hundreds of thousands of applicants "Tasty - and full stop"

At the end of May 2023, it became known about the leakage of data from hundreds of thousands of applicants "Tasty - and full stop." According to the Infosecurity Telegram channel, hackers have made publicly available a database of job seekers in a fast food chain. The dump contains 295,914 lines and covers the period from January 1, 2018 to May 25, 2023. Read more here.

"InfoTeCS" confirmed the leakage of user data

On May 22, 2023, InfoTeCS confirmed the leak of user data, which became known a few days earlier. The company's audit found that the site's user accounts had leaked to the network www.infotecs.ru. Read more here.

Since the beginning of the year, hackers have posted data from more than 120 Russian organizations on the Web

On May 17, 2023, RTK-Solar presented analytics based on the Solar AURA external digital threat monitoring service for January-April 2023. In particular, the analysis of more than 2.5 thousand. Telegram channels of illegal topics and dark web forums showed that since the beginning of the year, hackers have posted data from 123 Russian organizations with a total volume of 1.1 TB on the network. Among the information stolen from personal devices of citizens, about 340 million accounts of bank customers, users of online services and social networks were found in the public domain.

The analytics are based on the results of monitoring public and closed segments of the Internet (darknet), 1.2 million domain names and SSL certificates, as well as 50 million daily processed DNS requests. This multi-vector monitoring allows the company to obtain the most complete set of data on potential threats.

According to Solar AURA experts, the data breaches retail e-commerce financial sector (29%), as well as construction and development (13%) suffered the most from January-April. At the same time, 76% of leaks are databases, which in total contain more than 300 million lines, including 61.1 million addresses email and 144.3 million telephone numbers. The remaining 24% are arrays of documents stolen from. file servers The total amount of this information is so large that the principles of analysis are fully applicable to it. This big data makes any new leak meaningful and potentially dangerous. For example, punch bots take information from a variety of databases and form a comprehensive dossier for a specific person on their basis.

Leaks are not the only threat. Thus, the number of phishing attacks cyber fraud in April 2023 increased by 26% compared to the same period in 2022. Phishing itself has become more massive and sophisticated. Its main characteristics in 2023: a high level of automation, protection against detection, targeting a variety of different. industries Hackers are less likely to use the Internet acquiring on phishing sites, shifting the focus from a one-time charge-off to gaining access to a personal account in the online banking system.

A distinctive feature of 2023 was the growing popularity of the Chinese domain zone.TOP. More than 90% of domains registered in it in recent months are arbitrarily generated alphanumeric combinations or template domains involved in popular phishing campaigns. However, for now,.COM,.RU,.SITE,.XYZ remain in the top of domain zones used for phishing to the Russian audience.

Over the past year, the level of cyber threats has increased dramatically, as the Russian IT infrastructure has become a key target for hackers of various qualifications from various countries. To effectively counter cyber attacks, it is no longer enough to install protective equipment on the perimeter of the organization and configure incident monitoring. It is important to understand how an external attacker sees a company, what he can find about his victim on the dark web, on forums, in leaks, how he uses her name for illegal actions. At the same time, independent monitoring of the global network for the most diverse threats is extremely difficult for organizations: it is necessary to have access to a wide range of information sources and have expertise in this direction. The optimal solution for companies is to entrust this site to a qualified contractor. If earlier monitoring of external digital risks was rather an exclusive service for our individual customers, today, when absolutely any industries and companies are under attack, and hackers boast of successful attacks in open Telegram channels at once, the demand for this service has grown significantly, - said Vladimir Dryukov, director of the Solar JSOC Cyber ​ ​ Attack Countermeasures Center for RTK-Solar .

The number of data leaks from companies and government agencies in Russia has grown significantly

In the first four months of 2023, 75 leaks from Russian commercial companies and state organizations occurred, which is 1.5 times more than in the same period of 2022 (49 leaks). This was announced in mid-May 2023 by the general director of F.A.C.C.T. (formerly Group-IB in Russia and the CIS) Valery Baulin.

According to him, the data that appeared on the network belonged mainly to the largest financial and insurance companies, government agencies, as well as companies in the field of information security. At the same time, Baulin did not disclose the names of organizations that became victims of leaks.

The founder of the service for intelligence of data leaks and monitoring of the darknet DLBI Ashot Hovhannisyan and analyst Kaspersky Digital Footprint Intelligence Igor Fitz, in a conversation with Vedomosti, reported an increase in the number of data leaks of companies state agencies in the Russian Federation by 2 and 2.5 times, respectively, in the first quarter of 2023 relative to the same period of 2022. According to Hovhannisyan, among the largest information abductions in 2023 were a double data leak of the Sberbank bonus program (a total of 52.5 million records), a chain of stores "" (Sportmaster 46 million records) and an Internet pharmacy (zdravcity.ru 8.9 million records). In April 2023, according to DLBI, there were data leaks from the kassy.ru ticket service (4.5 million unique e-mail and the same number of phones), the zoloto585.ru online store (9.9 million records) and the insurance company. "Sogaz "(8.3 million records)

According to Baulin, despite the fact that data began to leak more often, the total number of lines in leaked databases for four months of 2023 decreased to about 65 million. At the same time, if in 2022 hacktivists intensified, who stole data from users and companies for political reasons and uploaded data to the network for free, then in 2023 the attackers began to return to their previous tactics, he added.^[5]

Scans of passports of graduates and HSE employees posted in the public domain after a cyber attack

Two archives were posted on one of the darknet forums, which, as reported on March 8, 2023 by the Telegram channel In2Security, are related to the Higher School of Economics (HSE). Read more here.

The data of tens of thousands of users of the legal aid platform "SberPravo" were made publicly available

The data of tens of thousands of users of the SberPravo legal aid platform have been made publicly available. This was announced on March 7, 2023 by the Telegram channel "Information Leaks." Read more here.

The data of hundreds of thousands of clients of the Agency for Strategic Initiatives (ASI) was leaked

At the end of February 2023, it became known about the leakage of data from the Agency for Strategic Initiatives (ASI). According to the Telegram channel "Information Leaks," a full MySQL dump of the website database of a non-profit organization (asi.ru) has been posted for free access. Read more here.

There was a data leak of hundreds of thousands of users and employees of the SberLogistics service

At the end of February 2023, it became known about the leakage of data of hundreds of thousands of users and employees of the SberLogistics service. The company has begun a review. Read more here.

There was a data leak of tens of thousands of Dixie employees

On February 20, 2022, it became known about the leakage of data from Dixy employees. It was reported by the profile Telegram channel Data1eaks. Read more here.

Data of millions of users of the Russian payment service Mandarinbank was leaked

In mid-February 2023, it became known about the leakage of data from millions of users of the Russian payment service Mandarinbank. The incident was reported by the Telegram channel Data1leaks. According to him, two bases have been released. Read more here.

1.1 TB of data from customers of one of the largest electrical stores in Russia was leaked

On February 7, 2023, it became known that cybercriminals had stolen an extensive database with information about customers of Elevel, one of Russia's largest electrical stores. Read more here.

The source codes of Yandex services were in the public domain

At the end of January 2023, the source codes of Yandex services were publicly available. The company confirmed the leak, but assured that it does not pose a threat to users. Read more here.

The data of tens of thousands of customers of the Sogaz-Life insurance company were in the public domain

The data of tens of thousands of customers of the Sogaz-Life insurance company were in the public domain. This was announced on January 24, 2023 Telegram by the channel "Information Leaks" (it is maintained by the search leaks and monitoring service). Darknet DLBI More here.

Roskomnadzor drew up a protocol at Uralchem for leaking employee data

Roskomnadzor drew up an administrative protocol against Uralchem due to a leak of a database with data from company employees. This was reported in the press service of the Presnensky Court of Moscow on January 17, 2023. Read more here.

1C has confirmed the leakage of data from users of its service

On January 17, 2023, it became known about the leakage of data from users of the educational service "1C: Lesson." The 1C company confirmed this information, which originally appeared on Telegram channels. Read more here.

Mail.ru confirmed reports of leakage of data from customers of the service

Mail.ru confirmed reports of a leak of data from customers of the service. This became known on January 14, 2023. Read more here.

Data leakage of millions of users of the mail service Mail.ru

On January 13, 2023, it became known about a major leak of data from users of the Mail.ru mail service (owned by VK). The company itself confirmed the relevant information that appeared in Telegram channels. Read more here.

Data leakage of 260 thousand Sportmaster customers in Kazakhstan

On January 11, 2023, it became known about a major leak of personal data of Sportmaster customers in Kazakhstan. According to the local computer incident response service KZ-CERT, the company is conducting an internal investigation into the incident. Read more here.

Data leakage of thousands of partners and employees of the development group "Airplane"

Unknown attackers have made publicly available the database of one of the largest Russian developers - the Samolet group. The published database contains more than 20,500 unique lines, the in2security Telegram channel, which specializes in covering major information leaks, reported on January 15, 2023. Read more here.

Data leak to Sportmaster customers

On January 1, 2023, Sportmaster recognized the leakage of customer data. The merged database included 1.6 million records. Read more here. Read more here.

2022

Increase in payment data leaks by 2.7 times

The volume of personal data leaks in Russia in 2022 amounted to 667 million records, which is almost 2.7 times more than a year earlier. This is evidenced by InfoWatch data, which was released on April 17, 2023.

According to the experts of this information security company, approximately 80% of leaks in 2022 had a "hybrid vector of impact," that is, both external and internal violators could participate in the theft of information. The share of trade secrets leaks has doubled. The highest increase in leaks is observed in the Retail & HoReCa category - almost five times. Three-fold growth was observed in industrial, transport and energy companies. Small businesses accounted for more than 20% of leaks, which is twice as much as a year earlier.

The general director Group-IB in Russia and the CIS Valery Baulin estimated the volume of user data leakage in Russia at the end of 2022 at 1.4 billion lines against 33 million a year earlier. Most of the ads about leaks were found on forums and in, and Telegram the mass publication of ads in instant messengers became a trend in 2022, previously such cases were isolated, Baulin said. He added that no area of ​ ​ Russian business is protected from leaks. The expert clarified that most of the database leaks of Russian companies in 2022 and early 2023 were laid out in public access for free.

This means that cybercriminals had a motive not to earn money, but to inflict reputational or economic damage on Russian business and its clients, Baulin said.

Director of the Positive Technologies Security Center (PT Expert Security Center) Alexei Novikov, in an interview with RBC, stressed that if negotiable fines are introduced for leaks of personal data of the population, then for many companies this will become a significant risk, and they will begin to allocate budgets for information security in order to protect the databases they collect^[6]

Delivery services and retailers allowed the most leaks in Russia

The largest volume of data leaks in Russia in 2022 fell on retail and delivery services - 14% and 34%, respectively. This is evidenced by the data of Kaspersky Lab, released at the end of February 2023.

According to the study, in 2022, over 2 billion records containing confidential information were made publicly available. This is almost 300 million user data, of which 16% - about 48 million lines - contained passwords. 168 cases of publications of significant databases of Russian companies were recorded. Most of the data (64%) was compromised due to attacks on large businesses.

If you distribute leaks evenly over the course of a year, it turns out that cybercriminals published ads almost every second day about confidential user information posted for free access, the report says.

According to the study, two leaks of companies from these areas were included in the top 10 in terms of the number of published user data. The organization added that the data of both users and employees get into the network. Kaspersky Lab expects that in 2023 the number of leaks will grow by 20%, they did not rule out that the retail sector will continue to attract the attention of cybercriminals.

At the same time, it is highly likely that attackers will continue to pay attention to the retail sector, which historically stores colossal amounts of information, "explained Igor Fitz, an expert on cybersecurity at Kaspersky Lab, quoted by RIA Novosti.

In connection with the possible growth of leaks in Kaspersky Lab, companies recommend building a comprehensive system for protecting the IT infrastructure, as well as developing a plan that will include steps in three main areas - incident investigation and response, as well as competent and timely communication with customers, partners and regulators.^[7]

Roskomnadzor recorded 150 major personal data leaks

In Russia, during 2022, about 150 large personal data leaks were recorded. In 16% of cases, the leak occurred due to the actions of fraudsters, and 9% of citizens complained that their personal data was used for advertising purposes without consent. This was announced on January 28, 2023 by Roskomnadzor.

According to the ministry, in 2022, 78 unscheduled inspections were carried out, as a result of which the facts of illegal dissemination of personal information were confirmed in 87% of cases. 66 protocols on administrative offenses were sent to the court, fines were imposed in the amount of 1 million rubles and nine warnings were issued.

In 2022, almost 1.7 thousand applicants applied to Roskomnadzor. Most of the appeals (52%) concerned the processing of personal information without the knowledge and consent of the person. Many suffered from fraudulent actions with personal information, and 10% of those who declared defended their honor, dignity and business reputation.

In a number of cases, lawyers of the Center for Legal Assistance to Citizens created under Roskomnadzor in the digital environment prepared pre-trial claims against personal data operators, demands for the termination of illegal processing of personal information, appeals to state bodies and other documents, and also represented their interests in court. In total, the courts satisfied 95% of the claims prepared by the center's lawyers in the interests of the applicants.

By January 28, Roskomnadzor had already begun 25 inspections on the signs of personal data leaks from the beginning of 2023.

According to Data Leakage & Breach Intelligence (DLBI), in 2022, 75% of Russians were publicly available on the Internet due to leaks. The total volume of analyzed leaks amounted to 99.8 million unique e-mail addresses and 109.7 million unique telephone numbers.^[8]

The volume of data leaks of Russians has grown 40 times

The volume of leaks of personal data of Russians in 2022 exceeded the 2021 figure by 40 times. This is evidenced by the data of the Group-IB company, released on January 24, 2023.

According to the study, which Izvestia refers to, in 2022 the personal information of about 100 million Russians was in the public domain. Experts associate such an increase with the cyber war unleashed against Russia. It is clarified that large enterprises throughout the country, including large retailers and state-owned enterprises, were under the crosshairs of hackers.

A number of attackers pursue monetary interest in such publications, but the vast majority want to cause reputational or economic damage to both business and the country as a whole, Group-IB said.

According to the researchers, in 2022, approximately 823 million lines belong to the February leak of the delivery service database, SDEK other cases account for 147.5 million lines. The company added that the multiple growth in data leaks is due to "the current global crisis and the increasing interest of hackers in publishing databases of Russian companies and sites."

In 2022, Anonymous, IT Army of Ukraine, GhostSec, NB65 became the most active hacker groups operating against Russian government agencies and companies, Denis Kuvshinov, head of the cyber threats study at the Positive Technologies security expert center, told the newspaper. He noted that according to the results of the investigations, the sectoral interests of the groups that attacked Russian organizations during 2022 were distributed between state-owned enterprises (30% of cases of cyber attacks), IT companies (16%), financial, energy and industrial sectors (10% of cases for each).^[9]

The longest DDoS attack of 2022 lasted 3 months

The longest DDoS attack of 2022 lasted 3 months (2,000 hours). Prior to this, attacks lasting only a few days were considered record-breaking. The most powerful DDoS attack of the year reached 760 Gbps, which is almost 2 times higher than in 2021. This data follows from the report on attacks on online resources identified and reflected by RTK-Solar experts in 2022, the company announced on January 23, 2023. Analytics includes massive DDoS attacks on the backbone communication channel and application-level DDoS, as well as web attacks on more than 600 companies from various industries, including government, telecom, industry, finance, retail.

Traditionally, the most attacked region was Moscow - it accounted for more than 500 thousand. DDoS attacks. This is followed by the Ural Federal District (almost 100 thousand attacks) and the Central Federal District (just over 50 thousand incidents). If we talk about the dynamics in the country as a whole, then a sharp jump in DDoS occurred immediately after the start of the SVO - already in March, the number of such attacks was 8 times higher than in the first two months of the year. And the peak came in May, which is most likely due to the celebration of Victory Day. Hacktivists tried to "clog" the communication channels of resources related to festive and patriotic events with garbage traffic.

When attacking online resources, attackers also actively used web attacks. According to RTK-Solar quarterly reports, in the 1st quarter of the year, almost 80% of critical cyber incidents were associated precisely with attacks on the web, and by the 2nd quarter this share exceeded 92%. In total, 21.5 million web attacks with a high degree of criticality were recorded in 2022. Most of them (30%) were directed to the websites of authorities and state-owned companies. Another quarter is for the financial sector. Hackers also tried to hack the websites of educational institutions, IT companies, cultural and sports organizations.

Most often, application-level DDoS was used - a more complex attack aimed not at the communication channel, but at the server where the application is served. Also, attackers exploited SQL injection, cross-site scripting, path traversal vulnerabilities and local file inclusion. Such attacks allow you to make the site inaccessible to users, completely compromise the application and all its data, change the content of the site and implement deface.

Web resources have become the most attacked element of the infrastructures of Russian companies. Immediately after the start of SVO, attackers used massive DDoS and web attacks mainly for hacktivism purposes. They made socially significant resources inaccessible and hacked sites to post provocative messages (deface). However, by the middle of the year, attacks had become more complex and targeted, and hackers hacked sites not so much for the sake of deface as to host malware, penetrate infrastructure and access valuable data. And, although the last months have played an abnormal surge in the first half of the year, web resources remain at the crosshairs of hackers, "said Nikolai Ryzhov, head of Anti-DDoS and WAF at Rostelecom-Solar.

Prices for services "breaking" data on Russians for the year increased by 22%

The main trend in 2022 was a further rise in the price of the median cost of the "breaking" service (illegal receipt of information about, transactions property and secrecy of citizens' negotiations), which is provided by insiders virtue of official powers access to such information. Compared to 2021, the figure increased by 22%. At the same time, the growth rate of value decreased compared to 2020-2021, when breaking the price more than doubled. Such data TAdviser from January 20, 2023 was shared by Russian the intelligence data breaches and monitoring service (Data Darknet DLBI Leakage & Break Intelligence) based on the results of its annual research of the penetration market. More. here

Russians account for 5-10% of data leaks from crypto services in the world

The volume of databases leaked from crypto services in the world in 2022 tripled. This was announced by Igor Agievich, a security specialist in distributed registers of Positive Technologies. Independent expert Andrei Barkhota says that in 2022 up to a thousand databases of crypto services were stolen, which corresponds to 10 million customer identifiers.

Both experts shared their assessments with Kommersant. Market participants interviewed by the newspaper claim that the share of Russians in leaked crypto services databases, as a rule, does not exceed 5-10%. So, in one of the three databases analyzed by Positive Technologies, Russians accounted for 9.4 thousand records out of a total of 200 thousand records. In the other two databases, almost 150 thousand accounted for less than a hundred records regarding Russian customers.

Personal data leakage occurs in the vast majority of cases from centralized crypto services in the form of theft of KYC data (confirming the identity of the client), as well as credentials, said Alexander Peresichan from Tehnobit and Satoshi Spirit. Such services include most crypto exchanges and some of the crypto wallets in which verification is required during registration, without it you can register, but the withdrawal of funds will be limited, explains Roman Nekrasov, co-founder of the ENCRY Foundation.

According to the Russian service for intelligence of data leaks and monitoring of the darknetDLBI (Data Leakage & Breach Intelligence), for 2022, data from three quarters of Russian citizens were publicly available on the Internet as a result of the leaks. After combining the data and clearing it from errors, repetitions, as well as information not related to Russian users, the total volume of analyzed leaks amounted to 99.8 million unique e-mail addresses and 109.7 million unique telephone numbers, experts said.^[10]

1.5 billion records, halving the cost of databases

The volume of personal data of Russians who got into the network as a result of the largest leaks in 2022 exceeded 1.5 billion records. This is evidenced by the data of Kaspersky Lab, which were released in December 2022.

Numerous leaks of user databases in 2022 reduced their cost on the darknet, To the businessman market participants said. cyber security Attacks by Ukrainian activist hackers have led to the emergence of many "cheap or generally free databases stolen from Internet companies and services, including the largest," said the founder of the data leak intelligence and monitoring service. Darknet DLBI Ashot Hovhannisyan He noted that such databases do not contain sensitive commercial information, but only personal data of users.

According to Positive Technologies, if in 2021 the cost of such a "simple" base was $200-250, then in 2022 - $100-150.

The most expensive in 2022 were banking databases. The cost of information along the chain on the black market can grow several times. And databases with accurate information about the client's cooperation with the bank and its accounts could grow 100%. Now their cost can reach millions of rubles, experts say.

According to Nikolai Chursin, an analyst at the threat analysis group Information Security Positive Technologies, by the end of 2022 there is a demand for access to CRM systems of companies in which attackers can themselves obtain information about employees and clients of organizations from the source.

This leads to the fact that a narrow circle of attackers will have access to up-to-date and reliable user data. And these data can be sold at an extremely high price, and used in targeted attacks using social engineering on wealthy citizens, key employees of organizations and government agencies, he added.[11]

Leak of scans of passports of the taxi order service "Citymobil

On December 23, 2022, it became known about a major leak of data from users of the Citymobil taxi ordering service. The company confirmed her and launched an investigation. Read more here.

Roskomnadzor recorded leaks of 600 million records about Russians

The press service of Roskomnadzor on December 16, 2022 stated that after the start of a special military operation of Russia in Ukraine, about 600 million records of Russians got on the Internet, during which time at least 140 personal data leaks occurred.

Шаблон:Quote'The confidentiality of medical personal data subject to special protection is violated. The main source of drains is foreign resources, the ministry said.

Business consultant information safety Positive Technologies for Alexei Lukatsky in mid-December 2022 said that since the beginning of the year, a record number of data leaks of Russian users have been recorded in Russia.

{{quote "Our observations show that in the third quarter alone, in more than every second attack (53%), organizations encountered a leak of confidential information. In the summer [2022], databases of 75 domestic companies were discovered on the Internet. At the same time, we must not forget that many data were already on the Internet without leaks. For example, the user indicates the patronymic and phone number on the social network, agrees to receive advertising mailings when buying goods, purchasing services, etc. Therefore, it is incredibly difficult to calculate the real damage, - said the expert. }} According to him, most often such leaks occur not due to non-compliance with cybersecurity rules, but due to external attacks. Many organizations noted attacks from abroad. They have happened before, but primarily for financial reasons, in the same year we are talking more about politics, increasing anxiety among the population and losing the business reputation of companies.

Lukatsky says that most often the companies themselves are guilty of leaks, but the so-called external factors. Nevertheless, these incidents led regulators to think about the need to amend the legislation, one of which is a negotiable fine for the leakage of personal data.^[12]

There was a data leak of 900 thousand users Level.travel

In mid-December 2022, it became known about the Level.Travel data breach. The press service of the service for searching and buying tours confirmed the information that initially spread in Telegram channels. Read more here.

Data of millions of users of the Moscow Electronic School got into open access

On December 13, 2022, it became known that the data of millions of users of the Moscow Electronic School (MES) were publicly available. According to the Telegram channel "Information Leaks," the attackers published a database containing 17,056,658 lines, and said that this is information about Moscow teachers, schoolchildren and their parents. Read more here.

The data of hundreds of thousands of VkusVill customers got into open access

In December 2022, VkusVill reported a major leak of personal data of customers after information about this appeared on Telegram channels. Read more here.

The data of hundreds of thousands of users of the Rabota.ru portal were in the public domain

The data of hundreds of thousands of users of the Rabota.ru portal were in the public domain. This was announced on December 6, 2022 by the Telegram channel in2security. Read more here.

Database with personal data of thousands of employees of the network of electronics stores DNS was in the public domain

In early December 2022, it became known about a new data leak in DNS. According to experts from the DLBI dark web search and monitoring service, a database with information about the retailer's employees has been posted in the public domain. Read more here.

Hackers hacked dozens of Russian companies due to Microsoft Exchange email vulnerability

Since August 2022, dozens of the Russian organizations have been hacked through vulnerability servers work mail, Microsoft Exchange the company's specialists reported on November 21, 2022. BI.ZONE

The victims of cyber fraudsters were mainly representatives of small medium-sized businesses. Hackers attacked company using a special utility that allowed you to upload all correspondence mails with, attached to files letters.

At the same time, the companies themselves could not detect. data breach Firms learned about such problems when cyber security messages from intruders began to come from mail security4real@proton.me company specialists.

Hackers demanded to pay for the security audit services provided, which in reality became a buyout of databases. In some letters, the amount demanded by the hackers reached $10 thousand.

According to Teymur Heirkhabarov, director of the department for monitoring, response and research on cyber threats BI.ZONE, the victims of hackers were companies that could not install the latest security updates on the Microsoft Exchange server in time.

The vulnerability was known back in the fall of 2021, at the same time this problem was fixed^[13].

Hackers infiltrated the network of the Main Radio Frequency Center and stole data

Hackers entered the network of the Main Radio Frequency Center (GRCC) subordinate to Roskomnadzor and stole the data. This became known in November 2022. Read more here.

Data Base of 4 million subscribers of the Internet provider "Дом.ру" appeared in the public domain

In mid-November 2022, a data leak of 4 million subscribers of the Internet provider "Дом.ру" in St. Petersburg was recorded. Read more here.

Data Base of electric scooter rental service Whoosh put up for sale

The Whoosh electric scooter rental service Data Base is for sale, which became known in mid-November 2022. Read more here.

Russian video service Yappy is attacked by hackers. User data was in the public domain

In November 2022, it became known that Russian the video service. Yappy attacked hackers User data was in the public domain. More. here

60% increase in fraud cases reaching court

From January to September 2022, the number of citizens' appeals to Roskomnadzor due to fraud related to personal data increased by 10.5% year-on-year. This became known on October 18, 2022.

The number of cases reaching the court has grown by 60% over the past two years.

But even with a positive court decision, fines for leaks remain insignificant, and law enforcement officers often refuse to investigate such cases due to their complexity^[14].

The Ministry of Digital Development has denied the leakage of data from users of Public services

On October 11, 2022, the Ministry of Digital Development of the Russian Federation denied information about the leakage of data from users of the Public services portal. The department assured that all information is under reliable protection. Read more here.

The data of users of discount cards of the "Red & White" network was leaked to the Internet

In early October 2022, it became known about a new leak of data from clients of the Krasnoye & Beloe network. According to Kommersant, citing materials from the Moshelovka platform created by the All-Russian Popular Front (ONF), one of the volunteers received a call from a fraudster who introduced himself as an investigator. He turned to a volunteer by pseudonym, which he used only to register in the loyalty program of the Red & White chain. Read more here.

DNS leaked personal data of customers and employees

The company, which operates a DNS network household appliances of digital stores, announced to leak personal data customers and employees on October 2, 2022. Exact information about the volume of compromised data in the company is not provided. More. here

Over the three summer months, 140 databases of Russian companies got into the network

On September 7, 2022, the company Group-IB announced that it had recorded a twofold increase in the number of publicly available databases the Russian companies in the summer of 2022 compared to the spring of 2022. According to to data Group-IB Threat Intelligence, 140 bases got into the network in three summer months, and the anti-record was set in August - 100 leaks. The total number of lines of all summer drains, according to Group-IB experts, amounted to 304 million.

Analysts at Group-IB Threat Intelligence calculated the number of databases of Russian companies that appeared on underground forums and thematic Telegram channels for the three summer months of 2022: in June there were 23, in July - 17 and in August - 100. The August anti-record was set due to a mega-leak that included databases of 75 Russian companies. For comparison, 73 bases were published in the entire spring of 2022. The calculations took into account only the bases that were first published online.

As in spring, "summer plums" mainly concern the databases of large Russian companies and popular services for free download, so as not to earn money, but to inflict maximum damage on business and its customers. Among the victims were Internet delivery services, transport, construction and medical companies, online cinemas, telecom operators, etc. The largest leaks were recorded in companies operating in the delivery areas - 192 million lines, online video - 43 million lines, medical services - 30 million lines.

The relevance of most published databases falls on the spring and summer of 2022, they include the names of customers, their phones, addresses, dates of birth, and in some you can find hashes passwords, passport, data order details and other sensitive ones. information

The intensity with which cybercriminals publish stolen databases of Russian companies remains high even compared to the "record" in the spring of 2022. At the same time, trends in underground communities show that attackers are actively switching from old-fashioned forums to Telegram, "said Oleg Derov, head of the Group-IB cybercrime research department at Threat Intelligence. - In addition to small sites, shops and restaurants, data from large Russian companies of various sectors of the economy continue to leak . Most often, attackers immediately put the databases in public, which increased the risk of successful use of the information received for further cyber attacks and in fraudulent schemes.

According to experts from the Group-IB Threat Intelligence department, one of the reasons for such a huge number of incidents was the insufficient security of the business's digital assets, as well as the increase in the number of cyber attacks since the spring of 2022.

Thanks to monitoring Telegram chats and shadow forums, the Group-IB Threat Intelligence solution allows you to quickly receive collected data on current cyber threats aimed at both specific companies and entire industries. All data is collected in real time, allowing you to access even deleted or modified messages and making proactive response to threats more effective.

Half of Russian companies are not able to protect personal data of customers

On September 5, 2022, HFLabs announced that despite high-profile personal data leaks, only 50% of Russian companies plan to increase the budget for their protection. At the same time, more than half of the respondents are not sure that the personal information of their clients is safe. Read more here.

The database of users of the Start online cinema got into open access

At the end of August 2022, it became known about the leakage of Start user data. The online cinema confirmed the information and assured that the vulnerability in the service has already been fixed. Read more here.

Another database of thousands of SDEK users leaked to the Internet

At the end of August 2022, it became known about another leak of these clients of SDEK. The company confirmed the information and announced the start of an audit on the fact of what happened. Read more here.

For six months, the network got the number of PD records exceeding the population of Russia

On August 17, 2022, the company InfoWatch Ledger announced that it had prepared a report on the results of leaks information a limited access study for the first half of 2022. According to the results of the first half of 2022, 2101 limited access information leaks were registered in the world by the InfoWatch expert and analytical center, which is almost twice (by 93.2%) more than in the same period last year. The number of leaks Russia in the first half of 2022 amounted to 305 (+ 45.9% compared to the first half of 2021).

According to the company, reverse trends were noted in terms of the number of compromised records personal data and payment information. In the first half of 2022, 27.8% fewer units of information flowed in the world than in the first half of 2021. Experts believe this is due to the electoral activity of attackers who tried to kidnap only really liquid ones on the black market. But Russia, the data volume of "leaked" information increased 16.75 times and amounted to 187.6 million records. Almost weekly in the first half of the year, information was published about large leaks from domestic companies and. state agencies Among them:,, RUSSIAN RAILWAY Pobeda Airlines telecommunication companies "" and Rostelecom"," VimpelCom information portal Ykt.ru, services "Mir Tesen," Fotostrana.ru and Text.ru, entertainment resource Pikabu, delivery services "," and, Yandex.Food Delivery Club 2 Berega management school, "" Skolkovo portal. educational Thus, in GeekBrains just six months, the number of PD records, which exceeds the population of Russia, got into the Network.

In addition, the share of leaks provoked by the actions of external violators has sharply increased. Compared to the same period in 2021, it has grown in the world from about 60% to almost 90%, and in Russia from 21.5% to 81%. Such abnormal dynamics are associated with several reasons:

• After February 24, 2022, there was a sharp surge in hacker activity, including the involvement of a large number of Ukrainian residents in it, as well as increasing the availability of tools to participate in cyber attacks.
• The weakening of control over information assets during the pandemic provoked employees to steal data, and insiders are also being introduced.
• The proportion of hidden (latent) internal violations has become even higher.
• It is still beneficial for American and European companies to accuse other types of external violators of violations of "Russian hackers" rather than conduct objective investigations within the framework of their strict legislation in this area.

The increase in the value of confidential information in the digital era against the background of a decrease in the level of security of digital assets during a pandemic, as well as on a round of cyber wars, leads to an increase in the share of intentional leaks. Both in the world and in Russia, it exceeded 96% in the first half of 2022. At the same time, the share of intentional violations of an internal nature increased from 57.4% to 67% in the world. told Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies

The most popular type of data in the criminal community is still personal data, but their share in the first half of 2022 decreased both in Russia and in the world. This happened due to the more active struggle of organized groups of hackers for access to economic information. At the same time, judging by the open data, the share of leaks of state secrets has significantly decreased. InfoWatch analysts in this study devoted a separate chapter to the study of limited information leaks discovered during the monitoring of shadow and "penumbral" resources, such as forums on DarkWeb, as well as closed, anonymous Telegram channels.

For the study, we selected the period of publication of ads for the sale of data (as well as messages where data was offered for free download) from January 1 to June 30, 2022. As a result, information about 2036 leaks was found. It is important to note that in this chapter of the report we classify all leaks found as intentional, regardless of their "mechanism": theft of employee data or the result of a hacker attack. explained Ksenia Shablinskaya, chief analyst at InfoWatch

As you might expect, the first place in the number of detected leaks in DarkWeb and closed Telegram channels is occupied by the United States, which, as of August 2022, has the most powerful and interesting economy in the world for hackers. In second place was the Russian Federation: the number of cyber attacks on its information resources has increased significantly since March 2022, which led to a larger number of confidential information leaks than in the same period in 2021.

As for the sectoral section, in Russia the share of leaks that fell on the organizations of the sphere "Trade and HoReCa" is slightly higher than in the world - 27% versus 22%. Obviously, hackers have recently experienced increased interest in large-scale customer bases of large Russian retailers and service providers. In addition, the share of leaks from industrial and transport organizations in Russia (10%) was lower than in the world (19%).

Of all the ads in which it was possible to establish the type of information sold, in 81% of cases, sellers on shadow forums offered to purchase databases of personal data of customers of companies and government agencies. In 13% of cases, we are talking about the sale of commercial secrets of companies, and 3% and 2% of ads, respectively, offer payment information and information of the "state secret" category.

Ozon customer orders leaked online

At the end of July 2022, it became known about the leakage of Ozon user data. The company itself confirmed this information and explained that the problem was due to the unfair actions of one of the employees. Read more [[Ozon.ru
Internet Solutions|here]].

Another data leak of SDEK users, it affected 25 million people

Almost five months after the data leak of Russian and Ukrainian users of the SDEK, another such incident occurred. This time he touched about 25 million customers of the delivery service. This became known in mid-July 2022. Read more here.

Operators of personal information in Russia were obliged to notify the authorities about the data leak within 24 hours

On July 6, 2022, the State Duma of the Russian Federation adopted in the third reading a law on additional measures to protect the personal data of Russians. In accordance with the document, in case of personal data leakage, their operators must immediately notify the authorized authorities.

As the head of the Committee on Information Policy, Information Technologies and Communications Alexander Khinshtein explained, the information will take place in two stages: during the day - a description of the compromised data, within three days - the results of an internal audit. The personal data operator will have to inform within 24 hours from the moment of detection of the leak (when the leak became known to the operator or Roskomnadzor), and not from the moment of the leak itself, he added.

Also, operators will have to inform the relevant authorities about the intention to transfer personal data abroad, in some cases such a transfer may be limited. In addition, three times - from 30 to 10 days - the deadlines for operators to fulfill requests from authorities and citizens on problems related to the illegal processing of personal data are reduced.

According to Roskomnadzor, by July 2022, more than 2.5 thousand personal data operators carry out cross-border transfer of personal information about Russian citizens to unfriendly countries where their proper protection is not provided. Personal information is often made publicly available. A number of Internet services offer to buy this information.

In the first half of 2022, several large data leaks of users of Russian services were registered. Against this background, the Ministry of Digital Development agreed on a bill that tightens the responsibility of companies for the leakage of personal data of customers. It involves not only the introduction of a revolving fine of 1%, but also an increase to 3% if the company tries to hide the incident.^[15]

Data of millions of users of the service "Туту.ру" got into the public domain

In early July 2022, it became known that the data of millions of users of the Туту.ру service were made publicly available. The company confirmed the leak and assured that it did not affect customers' payment data. Read more [[Tutu.ru
Tutu.ru
New Travel Technologies NTT|here]].

Sberbank: Data of 65 million Russians, including 13 million bank cards, stolen since the beginning of the special operation

In almost four months since the start of the Russian special operation To Ukraine , the data of about 65 million Russians were stolen. Sberbank Stanislav Kuznetsov This was announced by the deputy chairman of the board on June 16, 2022.

According to him, at least 13 million bank cards were compromised. The damage due to their re-release amounted to at least 4.5 billion rubles, added the deputy chairman of the board of Sberbank.

According to Kuznetsov, a large number of attacks from the territory of Ukraine were recorded, and Ukrainian hackers attack not only Russia, but also other European countries. Ukraine, he said, is becoming a "terrorist center in cyberspace."

Sberbank's top manager said that a "full-scale cyber war" is being waged against Russia. The bank recorded a total of about 300 000-330 000 people participating in hacker attacks against Russia, and at the same time there were about 100,000 people participating, the top manager said. The number of cyber attacks on business increased after the start of the "military operation" by at least 15 times, the damage to the economy increased significantly, Kuznetsov said. According to Sberbank, the main blow fell on the financial sector, airlines, energy and oil and gas companies, logistics enterprises and Internet sellers, as well as the media. As a result of DDoS attacks, the services of 87 large organizations turned out to be blocked for an hour or more, Kuznetsov added.

In the first half of 2022, several large data leaks of users of Russian services were registered. Against this background, the Ministry of Digital Development agreed on a bill that tightens the responsibility of companies for the leakage of personal data of customers. It involves not only the introduction of a revolving fine of 1%, but also an increase to 3% if the company tries to hide the incident.^[16]

There was a data leak of thousands of Yandex.Practicum customers

There was a leak of data from thousands of Yandex.Practitioner customers, which became known on June 14, 2022. The educational service began to conduct an appropriate check. Read more here.

The data of thousands of EY employees were posted on the network. Among them - Russian

At the end of May 2022, it became known about the leakage of personal information of about 6 thousand employees of audit and consulting companies that were part of the group. The fact E&Y that such a database is being sold in is Darknet reported in the Telegram channel of the founder of the DLBI darknet intelligence and monitoring service. Ashota Hovhannisana More. here

Data leak of more than 8 million Russian users of various food delivery services

On May 22, 2022 data breaches Darknet , the DLBI intelligence and monitoring service announced that since February 2022 data , more than 8 million the Russian users of various food delivery services have leaked to the network. The first place is taken by the incident with the leak from the service "," Yandex.Food which occurred in March 2022 - more than 6.8 million users. The second place belongs to the Two Shores service - 780 thousand users, the third belongs to the hgclub.ru website - 106 thousand users. The leak from the hgclub.ru allegedly occurred on May 2, 2022.

Since ^{February 2022, data from 8 million customers of food delivery services have leaked to the network}

As reported, the rest of the incidents (about a dozen) fell on regional services with a small number of customers. DLBI did not take into account data customers - Delivery Club this information one got into open access on May 20, 2022. The company did not disclose details, DLBI experts believe that this is the largest leak in the market.

What is the real volume of client data in the entire database is difficult to say, since extrapolating the share of unique users in the probe gives 50 million customers, which is hardly possible.

However, we can say that if the real volume of the duck corresponds to the declared 250 million lines, then most or all of the Delivery Club order base fell into the hands of the attackers, and this is the largest leak from Russian delivery services at the moment.

On May 18, 2022, the director of the collateral department cyber security Ministry of Digital Development Vladimir Bengin said that negotiable fines for companies for personal data leaks will most likely be introduced during 2022. The revolving fine may be 1%, which, according to Bengin, is a "very large" fine[17] narrated by Ashot Hovhannisyan, founder of DLBI

Delivery Club confirms data breach of millions of users

On May 20, 2022, the Delivery Club food and food delivery service reported a leak of user data. As stated in the company, we are talking only about information about orders and do not affect bank details. Read more here.

7,500 unsecured databases found in Russia

At the end of April 2022, Group-IB, a company specializing in information security, reported the existence of about 7.5 thousand unprotected databases in the public domain throughout Russia. According to experts, such "ownerless" databases are easy prey for cybercriminals and can lead not only to personal data leaks, but also to targeted attacks on organizations.

Unsecured corporate digital assets can include forgotten cloud services with vulnerable software, misconfigured databases that accidentally become available from the network, or self-deployed web servers - anything that can lead to unauthorized access to the company's infrastructure.

In total, experts found 399.2 thousand unprotected databases on the Web, since 2021 their number has grown by 12% - at the end of 2021 this number reached 308 thousand, the study says. Most public databases were stored on servers ,,,, and USA China. Germany France India

Speaking about unprotected databases in Russia, experts note that an average of 250 days pass from the moment of discovery to the removal of the database from public access. This figure is much worse than the global average - 170 days.

According to Group-IB analysts, further digitalization of services, data migration to cloud infrastructures, lead to the growth of digital assets in the world. Some of them find themselves in the "shadow" - despite the fact that they have access from the outside, the organization does not update them, does not control and does not protect them.

The emergence of uncontrolled IT resources puts organizations at serious risk and negates investments in network security, "comments Tim Boback, Head of Group-IB Attack Surface Management.[18]

There was a leak of data from the food delivery service "2 Shores"

Security researcher Bob Dyachenko discovered in the public domain the database of the food delivery service "2 Shores" with personal data of users of the service in 15 cities. This became known on March 30, 2022. Read more here.

SDEK announced the leakage of data from Russian and Ukrainian users

On February 28, 2022, SDEK confirmed the leak of data from Russian and Ukrainian users after two days earlier, information appeared on Telegram channels that two files with personal information of the company's customers were posted on the shadow forum. Read more here.

The darknet sells data of 87 thousand visitors to the Moscow shopping center "Metropolis"

In February 2022 Darknet , the data of almost 87 thousand visitors to the Moscow shopping center "" were put up for sale in. Metropolis According to the "Information Telegram Leaks" channel, a database has entered the network, including such personal information of citizens as name, phone number, email address, links to social networks Vkontakte("," Facebook and). Instagram More. here

2021

Employee - Key Threat of Sensitive Data Leakage

According to the latest research by InfoWatch, in Russia, the insider is the main source of the threat of disclosure and transfer of confidential information. The share of leaks due to internal violators in 2021 amounted to 79.1%. At the same time, over the past three years, this share has decreased by more than 10%. This was announced on June 9, 2022 by EveryTag.

Most internal leaks data are caused by ordinary employees of companies. The motive can be both dissatisfaction with the working conditions or bribery by competitors, and elementary negligence. In addition, employees may not have enough knowledge in the field INFORMATION SECURITY due to the company's lax policy regarding issue training. cyber security Thus, data leakage can occur due to incorrect disposal of paper media.

Threats of disclosure and transfer of confidential information are relevant for companies from various industries, but in this article we will consider only some of them:

• State structures;
• Finance;

•Industry;

• Construction.

According to the SearchInform survey, only 63% of incidents in the public sector are by insiders (this is 25% less than in private companies). One of the reasons for the low number of internal leaks is the lack of systems for fixing them in companies. State-owned companies are traditionally more conservative in assessing the degree of threat from an internal violator and are more focused on protecting against external leaks.

The main source of internal data leaks in the public sector is an ordinary employee of the company (he accounts for more than 74% of all leaks), while the share of incidents committed by managers of various levels has increased.

The main category of disclosed data in state institutions is personal data. This may be due to the fact that the protection of state and commercial secrets in this sector has historically been given increased attention.

The main channels of internal leaks in state-owned companies are paper carriers (Figure 3). The reason for this is the banal non-compliance with the rules for handling paper documentation. So, it is not uncommon for employees to leave confidential documents on the table unattended, betray them for familiarization to third parties, and instead of destruction, they hand over the papers to waste paper.

Leakage through Internet means the compromise of data from corporate systems connected to the Internet and. cloudy storages The problem with such leaks is that state-owned companies often have only a basic set of protective tools.

The main reason for internal information leaks in government agencies is the low level of literacy of employees in the field of cybersecurity. So, according to a survey conducted by Rostelecom-Solar, 55% of representatives of state-owned companies note a lack of knowledge in the field of information security.

These financial companies always attract attackers, since they have the greatest liquidity, i.e. they are easier to convert into money.

The number of external attacks on the financial sector is decreasing every year. But, despite the fact that 91% of all leaks bank in the field occur due to the fault of an internal violator, in these incidents, employees most often act as intermediaries. To hackers it is easier and cheaper to use insiders than to organize external hacks. Attackers simply redeem stolen information in order to use phishing attacks it on bank customers.

Also, as in the case of state-owned companies, personal data is most often compromised in the financial sector.

The main source of internal leaks in the financial sector is still the same ordinary employee (he accounts for 84.8% of all leaks), management accounts for only 4.3% of incidents. Moreover, we are not talking about a targeted hacking of corporate resources by a "prepared" insider, most often this is an unprivileged employee who does not comply with the established rules for working with confidential information and uses it for personal purposes.

The channels of internal leaks in the financial sector differ significantly from similar statistics for state-owned companies (Figure 5).

Such a high share of leaks on the Internet can be explained by the fact that companies use a large number of network services - cloud storage, industry interaction services, platforms for mass mailings, and more. And here it is very important to ensure proper protection, correct configuration and control over all network services, otherwise all data may be publicly available to anyone.

Over the past couple of years, the share of leaks attributable to the industrial sector has decreased to 4.7% (in 2019, this figure was at 6.3%).

More than half of all information leaks are trade secrets. It can be assumed that it is documents containing trade secrets (such as production secrets, know-how, sales data) at industrial enterprises that are critical and attract special attention of attackers.

The bulk of data breaches in the industrial sector are caused by an internal intruder (more than 70% of all incidents). At the same time, although half of such leaks occur due to the fault of an ordinary employee, their fairly significant share falls on system administrators and contractors (Figure 7).

As in the case of finance, in industrial enterprises, the main channel of internal leaks is the Internet (Figure 8).

With a high level of digitalization in the industrial sector, paper media that continue to be leaked are still actively used to store information.

Construction companies are distinguished by a large number of paper documents (drawings, estimates, correspondence with suppliers, contractors, etc.) with a large preparation cycle, the early compromise of which can lead to the collapse of the entire project.

More than 70% of construction companies face internal data breaches, according to research by SearchInform. More than half of the incidents occur in the leakage of commercial information and personal data.

The main sources of internal leaks in construction, unlike other areas, are managers of various levels - they account for 33% of incidents. Supply managers are also common among insiders.

The analysis showed that the main sources of internal information leaks, regardless of the industry, are ordinary employees. More often than others, personal data is disclosed.

To prevent and minimize such leaks, an integrated approach is needed, which should include, first of all, training employees in the basics of cybersecurity, as well as subsequent knowledge control.

DLP systems have also proven themselves well to counter leaks of confidential information, with the help of which it is possible to organize comprehensive internal protection of the company's information system.

At the same time, in Russian companies, with all their active digitalization, leaks through paper media still occupy a significant place. The main way to combat such leaks is to control the printed information, for example, the delineation of printing rights, and the use of invisible marking of documents when sending them to print.

40% Data Breach Reduction

The number of data leaks from companies and state institutions in Russia in 2021 decreased by 40% compared to 2020. At the same time, the Russian Federation ranks second in the number of leaks found in open sources, according to an InfoWatch study published in early April 2022.

According to experts for 2021, the United States accounts for 42% of data leaks, Russia and Britain - 16.8% and 4.9%, respectively. The researchers in their report noted the features of the formation of the "incident map." Russian cybersecurity experts can see a maximum of Russian-language sources from search results using various search engines.

At the same time, the second key language of search in the media is English, and in darkweb it is the main one, therefore, leaks in the United States dominate among the cases found, and the proportion of published leaks in other English-speaking countries is also high, the authors of the analytical report explain.

According to InfoWatch, the downward trend in data breaches has been observed for two years in a row. One of the factors in the increase in the number of leaks at the beginning of the COVID-19 coronavirus pandemic was the transition of many companies to dedicated work, and therefore there were a large number of vulnerabilities in the internal IT infrastructure of enterprises. Experts do not exclude that this could also cause more leaks to go unnoticed or information about them is deliberately hidden. As for reducing the number of leaks, one of the reasons for this trend may be the increased popularity among cybercriminals of ransomware that does not steal data, but encrypts and paralyzes work, after which it requires a ransom for information recovery.

According to experts, before the pandemic, hackers managed to steal so much payment data that in 2020-2021. they had enough sources to sell and resell the stolen databases.^[19]

The Ministry of Digital Development began a hunt for identity thieves

As it became known on December 12, 2021, the Ministry of Digital Development of the Russian Federation signed a contract with TS Integration for the provision of services for the provision of information about personal data leaks. We are talking about the amount of 24.3 million rubles, although the maximum value of the contract of 68 million rubles appeared in the documentation for the tender. Read more here.

A court in Moscow fined Oriflame for leaking personal data of customers

On November 18, 2021, the World Judicial District of the Khamovnichesky District fined Oriflame 30 thousand rubles for leaking personal data of customers. The company was found guilty of committing an administrative offense under Article 13.11 of the Administrative Code ("Violation of the legislation of the Russian Federation in the field of personal data storage"). Read more here.

A database of 0.5 million Russians with fake vaccination certificates is put up for sale

On November 12, 2021, it became known about the appearance on sale of databases of 0.5 million Russians with fake certificates of vaccination against the coronavirus COVID-19. It is assumed that these databases are collected on services for the sale of fake certificates, which, according to experts interviewed by Kommersant, were launched just for these purposes and further blackmail of users. Read more here.

Mosgortrans user data stolen and made publicly available

In October 2021, it became known that user data was Mosgortrans stolen and made publicly available. It is believed that the leak occurred on the company's website. More. here

A database of tens of millions of motorists in Moscow and the Moscow region was put up for sale

In October 2021, a database of tens of millions of motorists in Moscow and the Moscow region was put up for sale. The corresponding announcement appeared on one of the forums specializing in the sale of databases and the organization of information leaks. Read more here.

Oriflame leaked 1.5 million passports of Russian citizens

On August 24, 2021, information appeared that Oriflame made a large-scale leak of 1.5 million passports of Russian citizens. All of them appeared in the public domain. Read more here.

There was a data leak of 163 thousand users of the Russian service of anonymous SMS verification

On July 20, 2021, it became known about a massive leak of data from users of the anonymous verification service sms-activate.ru. This was announced by the Telegram channel "Information Leaks." Read more here.

Passports of officials and businessmen were on the website of the Innoprom exhibition

In July leak 2021, personal data of the international industrial exhibition "" was recorded. Innoprom Passports of politicians and entrepreneurs appeared on the event website. More. here

59% of Russians at least once found personal information in the public domain

On June 25, 2021, the developer of antivirus solutions Eset presented the results of a study on how often Russians detect personal data leaks and whether they are concerned about their own information security.

At the first stage of the study, experts analyzed how often users found their own data on the network. It turned out that more than half of Russians (59%) at least once found personal information in the public domain. Moreover, the mobile phone number and email address are found in such databases most often (in 70% of cases). Less often, citizens find a home address, various passwords and personal photos (from 11% to 13% of cases).

The company noted that after leaks, users are more often victims of scammers and enter into unwanted communication. Thus, 44% of Russians complained about the increase in calls from unknown numbers, another 47% - about the increased volume of spam in e-mail. In another 37% of cases, the social networks of the survey participants tried to hack.

At the second stage of the study, ESET specialists determined the level of awareness of Russians in the issue of data security. It turned out that databases only 12% of users regularly check for leaks, more than a third of respondents do this only after news of high-profile hacks. Half of the respondents (51%) admitted that they had never checked the databases data for personal information in them and were not even worried about this.

It is curious that Russian Internet users know where the leak of personal information came from. For example, 47% of respondents are sure that personal data was stolen from social networks. More than a third clarified that the information leaked from Internet services to post ads. They are followed by postal services and online stores. When asked if you continue to use the service that leaked, more than half of the respondents (59%) answered in the affirmative, since they believe that this can happen to everyone.

Speaking of attempts to prevent the spread of personal data, 65% of Russians surveyed prefer to change their password. Another popular way of fighting - installing two-factor authentication and an antivirus program - 40% of citizens told about it. Another 6% did not take any action, because they are sure that even in the public domain, no one needs their data.

To prevent uncontrolled collection of personal data on the network, you need to follow a few simple rules, reminded ESET Chief information officer Ruslan Suleimanov.

Get a separate SIM card and email to register in online stores and services, and also come up with a pseudonym. This will complicate your identification in the event of massive data breaches. In the case of portals of public services and banks where real names and document data are needed, set a strong password and enable two-factor authentication. Otherwise, theft of access to such services can lead to financial losses and legal problems. "Basic" assistants in the issue of privacy protection are antivirus software and the use of VPN connections to the network, "Ruslan Suleimanov emphasized.

The top services and applications that Russians trust least of all in matters of personal data protection:

• Social media
• Popular sites
• Messengers
• Email

Data breach of hundreds of Russian companies due to careless use of Trello

In April 2021, it became known about the leakage of confidential data of hundreds of Russian companies due to the careless use of project management software Trello. The problem was reported by analysts at Infosecurity a Softline company. Read more here.

Hacking of the largest hacker forum in the Russian Federation Maza

In early March 2021, it became known about the hacking of the Maza forum, which is considered the largest closed platform on the Russian darknet. The site's data leak was discovered by the American company Flashpoint, which specializes in information security. Read more here.

Data leakage of thousands of user mailboxes "Yandex," access to them was leaked by an employee of "Yandex"

On February 12, 2021, Yandex reported a data leak of almost 5 thousand users. Access to electronic mailboxes was leaked by a company employee. Read more here.

SQLi vulnerability on Pickpoint.ru for $1000 put up for sale

On January 18, 2021, it became known that a database with 4 million personal data records of allegedly PickPoint customers containing full names, dates of birth, phones, addresses, emails, hashed (MD5) passwords, etc. was put up for sale. More details here.

Data from 1.3 million Russian owners of Hyundai cars put up for sale

On January 11, 2021, it became known about the data leak of 1.3 million Russian owners of Hyundai cars. The database, which is sold on shadow forums, contains full names, phones, email addresses and home addresses of the automaker's customers, as well as information about the vehicles they bought, parts orders and participation in the brand's marketing activity. We are talking about the data of users of the site hyundai.ru. Read more here.

2020

Russia became the leader in the number of intentional information leaks in the world - 79.7%

In early July 2021, it became known about Russia's entry into the world leaders in terms of the number of intentional information leaks at the end of 2020. The data are provided in the information security company InfoWatch.

According to Kommersant, citing InfoWatch statistics, the share of intentional leaks in Russia in 2020 amounted to 79.7%, surpassing the global figure of 76.8%. In 2019, the shares of intentional leaks were measured at 47.7% and 65.7%, respectively.

In general, the number of deliberate leaks from commercial and state organizations in Russia in 2020 increased by 60%. However, similar trends are observed around the world. According to InfoWatch experts, three to four years ago, the indicator of such violations in most countries did not exceed 50%, but in 2020 it amounted to more than 70%.

Against the background of the transition to remoteness in Russia, the number of corporate data leaks increased using photos or screenshots of screens, analysts told Krok and EveryTag. According to them, such plums account for 35% of the total. Analysts added that the rise of such incidents is due to the proliferation of security systems that make other ways of stealing data from companies impossible.

"To reduce the number of incidents of data compromise could teach employees the basics," information security said the representative of the direction to improve digital literacy. "Kaspersky Lab Elena Molchanova

According to her, employees with high digital literacy are careful about the data, so the insider is much less likely to receive information: it does not reach him thanks to vigilant colleagues.

The number of publications on disclosed cases related to data theft in 2020 doubled compared to 2019, said DeviceLock technical director Ashot Hovhannisyan. The absolute leader in data theft in 2020 is employees of cellular operators and mobile salons, as in 2019, wrote Hovhannisyan.^[20]

Over the year, about 100 million records of personal data of Russians leaked to the network

InfoWatch specialists conducted a study: about 100 million records of personal data and payment information of Russians leaked to the network in 2020. About 80% of violations occur in employees of companies, and three quarters of cases are intentional actions, Kommersant reported on January 11, 2021.

In total, at the end of 2020, 11 billion records of personal data and payment information were "leaked" to the Internet. Most of the information belongs to high-tech companies, the public sector and the healthcare sector. In Russia, finance, the public sector, high-tech suffer more than others.

The authors note that during the COVID-19 pandemic, more leaks went into the gray zone, i.e. was not recorded by protection and control systems. This is due to the fact that a number of companies were not ready to switch to remote operation when the COVID-19 pandemic began: some employees used personal gadgets that were not protected.^[21]

InfoWatch: in Russia, almost 80% of cases of data compromise occurred due to the fault of employees

On November 16, 2020, the expert and analytical center of the Civil Code InfoWatch published a study of cases leaks of confidential information in the I-III quarters of 2020. For 9 months of 2020, 1,773 cases of information leakage of limited access from commercial companies, government organizations and authorities around the world were registered. A total of 9.93 billion personal (PD) and payment records have been compromised. Globally compared to the data same period in 2019, the number of leaks decreased by 7.4%, and the number of compromised records decreased by 1.4%

During the study period, 302 leaks of limited access information were recorded in Russia, which is 5.6% more than in January-September 2019. The number of "leaked" PD records and payment information decreased by 29.2%.

The first conclusions can already be drawn about the impact of the COVID-19 pandemic on the dynamics of leaks. The pandemic has provoked a number of changes in a variety of areas, including information security. As a result of the hasty restructuring of business processes and the transfer of a significant share of employees to remote work, control over information assets in many companies could be weakened, and the share of recorded incidents decreased. On a global scale, the decrease in the share of leaks, in our opinion, is partly due to the expansion of the time lag - a significant part of cases of data compromise becomes public several months, or even several years after the incidents themselves, - comments Andrei Arsentiev, head of analytics and special projects at InfoWatch Group of Companies.

The authors of the study note that compared to the picture around the world, where leaks through the fault of external intruders prevail - 52.6% of cases, in Russia the overwhelming majority of incidents are associated with internal violators - more than 79%. However, it should be noted that in Russia for the second year in a row the share of external violations has been growing, in 2020 it still exceeds 20%. A large percentage of recorded leaks due to the fault of personnel, presumably, is associated with a high level of detection of such incidents, primarily in banks and government agencies. This is a direct consequence of the increase in the penetration of information assets in Russia. At the same time, Russian companies have become more attractive for organized cybercrime, as a result of which the share of leaks due to the fault of external attackers is growing.

The Network remains the main leakage channel. As the study showed, in Russia during the pandemic messengers , other instant messaging services turned out to be a popular channel for "leaking" information. Also, the proportion of leaks through paper documentation remains quite high - despite the rapid development, electronic document management a significant part of the data is still it is stored transmitted on paper. At the same time, many Russian companies neglect the rules for the disposal of paper media. At the same time, there were vanishingly few leaks in Russia. e-mail Apparently, this channel is quite well controlled by the commercial sector state and authorities, and malicious violators, knowing about the installed e-mail protection systems, are looking for other ways to steal information.

In the global distribution by industry, in the first place is the high-tech sector (high-tech) with a share of 19.4%, in the second - health care (16.4%), where the pandemic has exposed many information protection problems, primarily related to the reflection of cyber attacks. In Russia, the share of leaks from the high-tech industry also remains consistently high - almost 22%, the second largest share in the national distribution of leaks was occupied by the financial sector - 18.9%. This is a very alarming situation, which may indicate that banks, financial and insurance companies are under increased pressure from violators during the pandemic.

The authors of the study concluded that the pandemic only exacerbated the already difficult data protection situation. The scale of remote work gives both cybercriminals and insiders much more opportunities to steal information. Huge risks can be associated with the use in companies of the so-called "Shadow IT" (Shadow IT), that is, information services deployed bypassing IT services, on external resources, the owners of which do not bear any responsibility for the data processed on them. The level of both external and internal threats at the "remote" is also increased due to the use of unprotected Wi-Fi networks, problems with the control of personal devices, when working with corporate information, the lack of an adequate access control infrastructure in many companies, ignoring solutions for analyzing the behavioral characteristics of users of information systems.

Data leakage of 1.36 million participants in the Russian Railways Bonus program

In November 2020, it became known about the data leak of 1.36 million participants in the Russian Railways Bonus loyalty program. It turned out that the employees of the company left the file with the database right in the root directory, said Ashot Hovhannisyan, founder of the DLBI dark web search and monitoring service. Read more here.

Hackers created a facial recognition system after hacking 15 thousand cameras in Moscow

At the end of October 2020, it became known that hackers created a facial recognition system after hacking 15 thousand cameras in Moscow. Compromised cameras in apartments, shops, banks, shopping centers, etc.

• How the facial recognition system is arranged in Moscow
• How the city video surveillance system is arranged in Moscow

According to Izvestia, vulnerable private cameras allow you to find the Shodan search engine. A hacker, using a search engine tip, can gain access to cameras, explained independent darknet researcher Oleg Bakhtadze-Karnaukhov.

Search engine Shodan allows cybercriminals to choose a camera in a given place and with the preferred level of protection. This data is constantly updated and covers not only video cameras, but also smart electronics, printers, electronic locks and much more. The cameras in this case allow you to monitor the movement of specific faces, since there are open and closed solutions for identity recognition from a photo.

Robots scan the Web around the clock and constantly update databases with new data on CCTV cameras, routers and other equipment connected to the Internet. Attackers gain access to devices using standard logins and passwords, as well as exploiting vulnerabilities. Then the data flow from the cameras is passed through the person identification system, which can be bought on the Web. Thus, attackers recognize people, gain access to their location, as a result, an analogue of the state unified data storage and processing center is obtained.

Compliance with security rules will help prevent scammers from gaining remote access to cameras. It is important to regularly update firmware on the devices themselves and programs for managing them, says Denis Legezo, senior cybersecurity expert at Kaspersky Lab.

In addition, according to him, you need to immediately change the default passwords, use complex combinations, do not repeat them on various devices and do not connect cameras directly to the public network.^[22]

Development of a state platform for monitoring phishing sites and data breaches

At the end of September 2020, it became known about the creation of Russia state platforms for monitoring personal data leaks. It is planned to spend 1.4 billion on the implementation of the project. rubles More. here

Hackers sell data of 1 million Moscow motorists

On August 3, 2020, it became known that hackers put up for sale a database (database) containing personal data of about 1 million Moscow drivers. The announcement of the sale was found on the specialized forum XSS Kommersant.

The database contains information about the full name of motorists from Moscow and the Moscow region. It also indicates the number of the car (registration mark) of its brand, model and year of production, and all this is supplemented by a VIN number and registration region. In the list of personal data, a series and CAT number and registration certificates (STS) and the phone number of the car owner were found.

The information contained in this database is relevant at the end of 2019. At the beginning of August 2020, the author of the announcement with the nickname kalzedoniya changed its text, saying that the database was sold. Its next owner was not indicated, as well as the amount of the transaction - initially kalzedoniya, who registered at the forum at the end of April 2020, asked for $1,500 for it (111 thousand rubles at the Central Bank rate as of August 3, 2020).

The identity of the person responsible for the leakage of these personal data has not been established. According to the founder of the DLBI search leaks and monitoring service Darknet , the Ashot Hovhannisyan base was stolen, not from, but TRAFFIC POLICE from one of the insurance companies.

Ashot Hovhannisyan made this conclusion on the basis of the nature of the information contained in the database. At the same time, the scratchnot of the base attached to its post of selling it, kalzedoniya, indicates a document called "gai demo."

It's not any one leak. This is a systematic (monthly) drain, - he said.

In his Telegram channel "Information Leaks" (Dataleaks), Ashot Hovhannisyan wrote that one of these leaks occurred at the end of April 2019, and at that time there were over 1.13 million records in the database, and the list of data included, in addition to those listed, passport data of the owner of the vehicle, including his date of birth and registration address.

At that time, the database was freely available and contained in registration actions in Moscow and the Ministry of Defense for the period from January to November 2018. In early November 2019, Ashot Hovhannisyan discovered the same database in almost free access, but with data for the period from January to March 2019, consisting of 358.4 thousand records. He noted that the database was distributed on a paid basis through several shadow sites at an average price of 3500 to 10 thousand rubles. in one month.

In mid-November, the situation repeated itself - a database with information about drivers of Moscow and the Moscow Region for May 2019 received free distribution on the Web. It contained 128.6 thousand lines^[23].

More than 60% of Russian companies call the culprits of leaks of outgoing specialists

On June 30, 2020, Rostelecom-Solar presented June 30. The study showed: more than 60% of Russian companies call outgoing specialists the culprits of information leaks, in 13% of cases we are talking about transferring confidential information about the terms of transactions and tenders, secret developments and know-how from the previous place of work to the new employer.

The crisis in the economy caused by the coronavirus pandemic provoked massive cuts in the commercial sector, a decrease in wages and an increase in personnel rotation. With the transition of companies to remote work, Rostelecom experts recorded a 25% increase in the number of incidents related to both accidental leakage of confidential information and attempts to deliberately "drain" data. Not least, this is due to the fault of quitting workers. In connection with the aggravation of the problem, experts conducted a survey of representatives of Russian business on the topic of which employees carry the greatest risks in terms of information leaks, what confidential data are carried away by quitting employees and how they use it in the future.

After analyzing the results of the survey, experts found that more than 60% of companies assess confidential data leaks due to the fault of quitting employees as the most critical. A little more than 22% of respondents are confident that the participants in the tender procedure or key transaction cause the greatest damage to the company's information assets. And in only 10% of cases, the threat comes from employees on probation.

As for the types of information leaking from companies through the fault of quitting employees, in 61% of cases these are client databases, in 19% - confidential information on the terms of transactions and tenders, and in 15% - secrets of development and know-how. However, it is the last two categories of data, when used by departed employees at a new place of work, that cause the old employer the greatest financial damage.

{{quote "If a quitting employee goes to a direct competitor and takes with him valuable developments that can give a serious advantage, for example, technological, this is fraught with critical consequences for the company, up to the loss of business. Innovative developments of the company and know-how, analytical calculations and research results, information about unique processes - all this, having fallen to competitors, will allow them to reduce the gap or even break ahead. This risk is most critical in highly competitive and intellectually capacious areas, - said Galina Ryabova, head of DLP at PJSC Rostelecom. }}

Indeed, 13% of representatives of Russian business are confident: former employees transmit to the next employer classified information on the terms of transactions and tenders, as well as valuable intellectual property of the previous company. Moreover, in almost half of cases, high-tech companies (IT/Telecom) suffer from such leaks, in 24% of cases - industrial production, in 18% - organizations of the financial sector.

For the purpose of the study, Rostelecom experts conducted an online survey of the audience of sites and social networks of several Russian IT media, as well as users of the company's own Internet resources. The survey was attended by representatives of enterprises belonging to the SMB, SME and Large Enterprise segments. The industry landscape of the surveyed companies includes IT/Telecom, Industry, Finance, Power, Retail, Construction, Services and a number of other areas - over 10 industries in total.

Leaked data on 5m students and staff at Skyeng Language Online School

On June 27, 2020, it became known that the Telegram In4security channel discovered a leak of data 5 million students and employees of an online language school. Skyeng The information to base in turned out to be genuine, but the company did not confirm the fact of leakage or hacking. More. here

Sergey Voinov, CEO of EveryTag: "Each information leak has a surname, first name, patronymic"

The active promotion of our world along the path of informatization opens up new amazing opportunities for humanity, on the one hand, and on the other hand, it creates new, previously unknown risks. And some human vices associated, in particular, with violation of personal or commercial secrets, acquire new forms with the help of IT, which means they require new methods of protection. TAdviser discussed these issues with Sergey Voinov, CEO of EveryTag. Read more here.

Data Base of clients "Red and White" became available for download to everyone

On January 28, 2020, it became known about the leakage of data from customers of the Krasnoye and Beloye alcohol market chain. The loyalty program base got on the Internet. Read more here.

2019

In Russia, there are three times more leaks in the industry group "Industry, Fuel and Energy Complex and Transport"

On October 29, 2020, the expert and analytical center of the Civil InfoWatch Code published a report on information leaks limited access from the spheres, the fuel and industries energy complex and for transport 2019 in the world and in. During Russia information the study, 158 cases of confidential leaks were identified, which is 42% more than a year earlier on a global scale, and in - Russia by 177%. In just a year, industrial enterprises, the fuel and energy complex and in the world transport lost 72 million records personal data and payment information, in Russia - 2.2 million records.

Analysts note that interest in these three areas from the real sector of the economy is due to the importance of their role in the economies of countries, the large social role they play, as well as the presence of a large number of critical infrastructure facilities - they can be vulnerable both in the face of physical impact and in the framework of various cyber attacks. The protection of the industrial control systems (ICS) of the industries in question requires close attention, as it is of great importance for the smooth operation of enterprises and can affect the life and health of people.

Both in the world and in Russia, the main culprits of leaks in the studied group "Industry, Fuel and Energy Complex and Transport" were ordinary employees. In the world, through their fault, 45% of cases are registered, in Russia -52%. At the same time, the total share of leaks due to the fault of internal violators in Russia is almost 80%, while in the world about 70% of violations have an external vector of influence.

{{quote 'As the study showed, almost 82% of the compromised data in the industry group in question came from the transportation industry. As a result of one leak from this area, an average of 1.15 million PD records "leak." Commercial and production secrets, including development strategies data , about, marketing sales, accounting, etc., are vital information at industrial and fuel and energy enterprises. The distribution by type of leaked data showed that the share of leaks of trade secrets and know-how from industrial, mining, energy and transport enterprises in the world is almost twice as high as the share of PD leaks, and is 56.1%. Both in Russia and in the world, the Network remains the main channel of leaks in the investigated industry group, says InfoWatch, head of analytics and special projects. Andrey Arsentiev }}

Summing up, analysts came to the conclusion that the industry specificity of threats in three areas has many differences. Enterprises from the transport sector are more susceptible to hacker attacks, while in industrial, mining and energy companies the main risks are associated with the actions of internal violators. Speaking about the objects of protection, it is worth noting that in the transport industry it is necessary to pay special attention to ensuring the security of personal data storage and transport (traffic) management systems. In industry and the fuel and energy complex, the first place is to protect information systems, where trade secrets and production know-how are stored. The main danger in relation to these assets is the actions of leakage of internal violators - managers, line managers, system administrators, ordinary employees. This requires the creation of layered systems for protecting information from insiders, ensuring control of all potential leakage channels with a focus on investigating the behavioral characteristics of users of information systems in order to identify anomalies.

Leak growth almost 1.5 times

On July 7, 2020, the expert and analytical center of the Civil Code InfoWatch issued an annual report dedicated to data breaches 2019 in. Russia In 2019, 395 cases of leakage from information Russian companies and government agencies were recorded, as a result, more than 172 million records personal data and payment information were compromised. Comparative results of the study showed that compared to 2018, there were 46% more cases of leaks, and the number of records of compromised user information increased by more than 6 times.

In Russia, the most common leak channels were the Network and paper documentation - 53.4% and 17.5% of cases, respectively. More than 10% of the data is merged through instant messaging services (voice, text, video). The study notes that in 72.1% of cases ordinary employees of companies were guilty of information leakage, in 4.6% of cases - the top management of organizations, in 18.4% - hackers and unknown persons.

Annually examining the facts of information leaks, we note that the greatest chances of becoming public are cases of data breaches as a result of thefts for sale to an indefinite circle of persons. In addition, the actions of activists to achieve public and political goals, as well as leaks from the largest and most famous companies, are usually publicized. Almost all Russian leaks with a volume of over 1 million records are associated with the public access of large databases, presumably due to errors of technical personnel when setting up remote access to information storage, "says Andrei Arsentiev, head of analytics and special projects.

In terms of the number of leaks Russia , the seventh year in a row ranks second in the world distribution (after), USA personal data and payment information are most often "leaked" in the country - these types of data account for 87.3% of leaks that occurred in 2019. At the same time, it is important to clarify that more than half of the amount of data compromised in Russia in 2019 falls on one incident, the result of which was the compromise of over 90 million records containing information about legal entities and individuals, due to an error in the settings servers of the fiscal data operator. "Drimkas

Almost half of the identified leaks occurred in state and municipal bodies, as well as in the high-tech industry (industry companies,, etc communications information technology electronic engineers.). Almost every fifth leak of confidential information in Russia is associated with fraudulent actions (first of all, this is registration credits by managers of organizations according to someone else's data).

In Russia, despite a number of features, such as minimal sanctions for data leakage, the limited use of a "digital" person to receive services, in the field of information security, there are trends similar to global ones. However, taking into account the amendments to the regulations adopted in the spring of 2020 related to the remote provision of services, as well as the jump in the number of remotely working employees, one should expect an increase in leaks through electronic channels due to a decrease in the share of paper document circulation.

Data leaks from companies and government agencies in Russia increased by 40%

In 2019, the number of registered leaks of classified information from commercial companies and government organizations in the world increased by about 10% compared to 2018. Russia In such incidents, there was a 40% increase, and the number of compromised personal data records increased almost 6 times, to 170 million. Such data at the end of December 2019 was published by an expert analytical center. InfoWatch

It is reported that in Russia the share of hacker crimes in 2019 was less than 20%, and ordinary employees became the dominant type of violators - their actions provoked more than 70% of information leaks.

According to Andrei Arsentiev, head of the analytics and special projects department at InfoWatch, the interests of specific people are behind each such case. Approximately 40% of leaks in Russia at the end of 2019 were intentional, while in the world as a whole there are more of them - about 66%.

Approximately 75% of all leaks in 2019 fell on the compromise of personal data. This is 5% higher than a year earlier.

The share of leaks of payment information, as well as state secrets, has decreased. At the same time, the share of compromised information related to commercial secrets and know-how increased.

Experts also noted a significant increase in email data leaks. In their opinion, this is due to the popularity among cybercriminals of attacks on companies using mail phishing - sending a letter with a link to a fake site to obtain a login and password or other valuable information.

According to Izvestia, in 2019, about 1 million personal and payment data were compromised in the Russian banking sector, which is less than 1% in the total volume of leaks. Such a low indicator was explained by the ability of Russian banks to ensure a high degree of information security.^[24]

Low salary of employees is the main reason for data leakage in the Russian Federation

On November 12, 2019, it became known that the main reason for data breaches the Russian users is the large number of organizations in which they provide information themselves, as well as the low salary of employees of such organizations. Such conclusions were reached by the company's specialists EY based on the results of the study.

As the study showed, the Russian user provides to the state or various companies to confirm their identity on average 15 (identifiers sets). data Moscow Residents have an even higher number of identifiers and reaches 24.

According to EY research, 88% of data leaks of Russian users occur due to the fault of employees of companies requesting this data. For comparison, in the world this figure is 56%.

According to the head of the center for technologies, media telecom EY and Yuri Gedgafov, employees with access to user data have an average salary of 27 thousand rubles. - this is how much you can help out on the black market for several records with. personal data Nevertheless, in 2018, no more than a hundred lawsuits were filed in Russia related to leaks of personal data.

As a solution to the problem, Gedgafov suggested that organizations switch to a model when they contact a special ID provider to confirm the identity of a citizen. This provider will not provide data, but will confirm that the requested citizen fits certain criteria (for example, he can be given a loan). ID provider can transmit its response using blockchain to ensure security^[25]

Data 700 thousand employees of Russian Railways were in the public domain

On August 27, 2019, it became known that the personal data of 703 thousand Russian Railways employees were publicly available on the Internet. The leak was reported in the technoblog by Habr.com specialist in corporate data protection, technical director of DeviceLock Ashot Hovhannisyan. Read more here.

There was a leak of 14 million records of companies and buyers

On September 16, 2019, it became known that about 14 million records about companies and individuals from Russia were made publicly available. An accidental leak was made by the fiscal data operator Drimkas. Read more here.

75 thousand codes from Moscow entrances were in the public domain

On October 11, 2019, it became known that unknown attackers placed Internet base entrances in the codes of locks To Moscow and intercoms in some cities of the Moscow region. This leak can make it easier for criminals and fraudsters to enter homes.

The database is in the public domain and has more than 75 thousand records. In total, the leak affected about 40 thousand residential buildings. According to the results of a selective check, only a part of the codes turned out to be relevant.

According to experts, this database can be an official reference book of one of the delivery companies or large online stores. The criminals hardly had commercial interest, presumably, they wanted to exchange one base data for another on special resources.

According to lawyers, it will not work to bring the attackers to criminal or administrative responsibility. According to the law, leaked codes are not personal data and do not contain bank or state secrets. This information may be known to an unlimited number of persons and therefore is not protected by law. In the worst case, the culprits of the leak will face disciplinary liability^[26].

External drives and screen photos remain the main leakage channels

According to DeviceLock, obtained from a study of insider information channels in Russian companies, more than 70% of leaks occurred in B2C companies. At the same time, more than half of them are in companies with a large customer base (retail banks, MFIs, telecom operators). The remaining 20% occurred in B2B companies and another 10% in government agencies, DeviceLock reported on June 21, 2019.

Among the leakage channels, unloading from corporate information systems (more than 80%) became the absolute leader, allowing you to save data in a text or table (.xls,.csv) view to external drives. They are followed by screen photos taken by mobile phones, most often used as part of services to "break through" specific faces (about 10%). And this is a relatively new (as of June 2019) leak format, which was practically not used in 2018 and did not attract the attention of researchers, DeviceLock researchers noted.

Commenting on the results of the study, the founder and CTO of DeviceLock Ashot Hovhannisyan noted that despite the development of means to combat data leaks, it is still far from a complete victory over this problem.

Business digitalization increases the volume of victimized data and, at the same time, facilitates access to them. The economic situation contributes to the formation of a black market for commercial information both in the form of stolen databases and "breaking" services. Many banks and telecom operators with the maximum amount of "new oil" are extremely vulnerable and powerless to data leaks, since in many cases the systems they use only allow them to observe and investigate incidents that have already occurred, and not block illegal access to information and prevent sensitive data leaks, - he explained.

The study, which covered the period from January to May 2019, analyzed more than 800 documents posted on various darknet resources (DarkNet), as well as the "punch" services provided by sellers as samples of the data they offer.

About a thousand open databases discovered in Runet

On April 11, 2019, it became known that DeviceLock, a Russian manufacturer of systems for combating data leaks, conducted a study of the security level of cloud data bases located in the Russian segment of the Internet.

In the process of research, analysts of the company discovered and examined more than 1,900 using servers platforms, and MongoDB Elasticsearch Yandex ClickHouse more than half of which (52%) provided the possibility of unauthorized access, and 10% at the same time contained personal data Russians or commercial information of companies. Another 4% had already been hacked and already hackers had ransom requirements.

Among the identified databases found, in particular, were: the customer database of the financial broker FinService (finservice.pro) with a volume of 157 GB, containing names, addresses, contact and passport data, credit histories and information on loans issued; a 21 GB Call Call Service (zvonok.com) database containing telephone numbers and call records; data from Moscow emergency medical stations with a volume of more than 17 GB, containing all information on calls from ambulance teams, including names, addresses and patient phones, a database of the Russian telemedicine service Doc + with a volume of more than 3 GB, containing data from employees and some users (including diagnoses), databases of the information system "Network City. Education, "containing personal data of students and teachers of schools in Yekaterinburg, Ingushetia, Sverdlovsk region and Yakutia, as well as a large number of client databases of various e-commerce projects.

According to Ashot Hovhannisyan, founder and CTO of DeviceLock, the key reason for such an egregious situation with unauthorized access to cloud databases is configuration errors caused by the extremely low qualifications of their users and the lack of information security audit procedures in companies.

An even greater problem, he said, is the identification of the owner of an "open" database, which is not always possible by its contents.

We find an open database containing personal data and do not understand who to tell that access to it needs to be closed. Hosters do not give out owner data, and in principle they often believe that user configuration errors are not their problem.

In addition, the owners of such bases are extremely slow to respond to alerts.

Unfortunately, when we contact the owners and inform them of the need to close access to data, the vast majority of them react too slowly or do not respond at all. And I am not aware of isolated cases when the open databases we discovered were and were downloaded by hackers after our notification.

The company plans to apply to Roskomnadzor whose area of ​ ​ responsibility includes compliance control (152-FZ "On personal data"), with a proposal to develop a procedure for blocking open databases containing personal data.

It is not necessary to immediately block access, but you can create a procedure within which Roskomnadzor receives information about the presence of such a base and sends an order hostingto provider-. The hoster notifies the owner of the database and he either eliminates the violation or blocks access to the database within a specified period.

2018

The maximum amount of damage in the case of information leakage amounted to 14 million rubles

On January 28, 2020, it became known that the InfoWatch Group of Companies expert and analytical center published the first report on judicial practice in cases related to leaks of limited access information. The study was conducted in order to identify the main and most obvious problems of law enforcement in the field of information protection. According to the results of the study, every fourth case ends with the issuance of a real or suspended sentence, and the maximum amount of damage in the case of information leakage, confirmed by the decision of the Russian court in 2018, is 14 million rubles. Read more here .

The share of leaks due to the fault of privileged users - 9.6%

On August 27, 2019, the analytical center InfoWatch announced a study of incidents in the field that entailed information security leaks information due to the fault of privileged users from government organizations and commercial companies. According to the results of 2018, the share of limited information leaks in the world caused by privileged users of information systems and various corporate archives amounted to 5.1%. Russia This figure turned out to be almost twice as high - 9.6%.

Analysts attribute the reasons for this gap to several factors. First of all, we are talking about the distribution of public incidents - in Russia, traditionally, the share of leaks due to internal violators is much higher than in the world.

This is due to the fact that large companies have learned to cope with external threats, but countering internal violations at different levels is often more difficult. And success depends not only on the effectiveness of technical means, but also on the maturity of processes, as well as on the consistency of measures aimed at increasing the level of "digital hygiene" of users and fostering a culture of data handling ,

Secondly, the world indicators of published leaks are largely shaped by the United States, Western European and other developed countries with many years of experience in introducing IT and information security tools. And the third factor is a more developed information culture of Western users, enshrined in strict data protection legislation .

In Russia, more than ¾ of all leaks are related to privacy violations. In personal data global distribution, it is also the dominant type of compromised information. As for industry distribution, organizations account for the largest percentage of leaks in the world state.

The main tools for deliberate violations, both globally and on the Russian scale, were flash drives and other removable drives, as well as instant messaging services. The network channel and e-mail are not so actively used.

The authors of the study concluded that the deliberate or accidental actions of the owners of privileged accounts pose a serious threat to corporate information assets. The business must constantly adhere to a strategy of continuous control of privileged access. The lack of these measures increases the risk not only of internal threats, but of information attacks.

24% of confidential information leaks from government and commercial companies are associated with fraudulent actions

On June 25, 2019, InfoWatch reported that in Russia, about 24% of confidential information leaks from state and commercial companies are associated with fraudulent actions. The level of fraud based on data stolen from Russian companies is almost three times higher than in the world. Approximately 80% of such incidents in Russia are related to the actions of managers and employees. In half of the incidents, fraud is committed on the basis of data from paper sources. The most common cases of fraud are in the banking sector and communications companies.

In addition to "classic" leaks, in the totality of incidents traditionally studied by InfoWatch analysts, a vast layer is made up of leaks "weighed down" by fraudulent actions. This is primarily bank fraud, direct sale of data to interested parties on order, receipt of various services based on user data of another person.

According to the InfoWatch analytical center, in 2018, the share of leaks of confidential information associated with fraudulent actions in relation to data in the total total of registered leaks amounted to 8.5%. In the Russian distribution, the share of fraudulent incidents turned out to be almost three times higher - 23.7%.

Such a high share of fraudulent actions in the Russian "pie" of incidents can be explained by a combination of several factors. First, Russia is becoming deeper into global digital processes, the value of each recording of user information is becoming quite tangible in the modern era. Secondly, the introduction of information protection tools as a whole is still lagging behind the pace of digitalization. Thirdly, the society has not yet formed clear moral imperatives in relation to other people's data. Managers of mobile operators, bank clerks, police officers and other categories of employees through whom personal data regularly pass, quite often perceive the complex of this information as their patrimony, reserve the moral right to treat citizens' data at their discretion.

When control of information systems is weakened, a wide field for fraud opens up to employee attackers. And where respectful, careful attitude towards other people's personal data is not developed, consumer attitude towards information assets flourishes within companies. We must not forget that personal data is the key to many modern services. Therefore, the fraudulent use of confidential information jeopardizes the public well-being of citizens and provokes a crisis of confidence in many companies and government organizations,

Globally, a significant share is occupied by fraudulent incidents provoked by the actions of external attackers. Accordingly, in the world there is less than in Russia, the percentage of such incidents that occurred due to the fault of ordinary employees.

In our opinion, a small proportion of fraudulent leaks under the influence of hackers in Russia as a whole is associated with a relatively low level of development of digital storage, from where you can get valuable information in a structured form. At the same time, the digital assets of a number of large companies and authorities are probably generally reliably protected from external attacks.

{{quote 'author = says Andrey Arsentiev, analyst at InfoWatch Group of Companies|The main attention when protecting against leaks associated with fraudulent actions, corporate information security services should pay control to employees and top managers, that is, those whose regular activities are related to contacting electronic databases and paper archives. An internal attacker is more dangerous in this regard than a hacker, since he has deep knowledge of what information is stored where. Thus, it is easier for employees and management to find the focus of attacks, extracting not large layers of data at random, but stealing specific information, including on order, in order to gain quick benefits, }}

In 2018, in the world, the largest share of leaks involving fraud occurred through a network channel. In Russia, however, incidents that occurred as a result of compromising data from paper archives dominate, and the Network is in second place with a large lag.

The low percentage of fraudulent incidents involving Russian cybercriminals using email is due to the fact that this channel is historically quite reliably controlled in domestic organizations. Knowing about protection systems, unscrupulous employees do not dare to use E-mail to send stolen information and choose other channels. In the world, email within organizations is also rarely used for fraudulent purposes, but it has become one of the favorite channels for external attackers when committing phishing attacks.

In the global picture of leaks with a fraudulent connotation, an equal percentage of incidents - 18.2% each - are occupied by state organizations and the financial sector. In Russia, the sphere of finance dominates, it accounts for every fourth incident. In second and third place is the public sector and high-tech companies.

As for the percentage of fraudulent incidents with data in various verticals, the largest share of fraud in the global distribution was in the banking sector. State and municipal organizations follow. In Russia, in many industries, the share of fraud based on confidential information is several times higher than in the global distribution. And in the high-tech segment, it is an order of magnitude higher. Attackers most often use data for fraudulent purposes in those organizations from where this data is fastest to "convert" into money, and where it is easier to bypass security systems (or take advantage of their absence).

[[:Шаблон:Quote 'author '= notes Andrey Arsentiev, analyst at InfoWatch Group of Companies']]

270 cases of confidential information leakage from commercial and non-commercial companies

On May 28, 2019, InfoWatch reported the results of an analytical study on which 270 cases of leakage of confidential information from commercial and non-profit companies, as well as government organizations, were registered in Russia in 2018. This is 6% more than in 2017. The share of leaks as a result of the actions of external attackers has more than halved - to 9.5%. Approximately 39% of incidents occurred in state and municipal organizations.

In the global distribution, the share of "Russian" leaks amounted to 12%. The amount of compromised personal data that fell on Russian companies and government organizations did not exceed 1% of the total amount of data compromised around the world.

If in 2017 as a result of hacker attacks in Russia there were 21.3% of registered leaks, then at the end of 2018 this share decreased to 9.5%. A relatively small proportion of leaks caused by an external attacker should not be misleading. It follows from the statistics that the internal violator remains the main problem for Russian information security. But the increase in the amount of data processed by companies, the increase in the cost of such data will inevitably lead to an increase in the number of external attacks. We are talking not only and not so much about "advanced" hackers working by order, but about mass hacks in order to pull out at least something valuable from organizations - databases, aggregated information about employees.

According to 2018 data, almost 78% of incidents that resulted in the compromise of restricted information were provoked by deliberate or careless actions of personnel. Russia is also characterized by a higher share of leaks due to the fault of the management of companies - 8.8% compared to 3.2% in the world.

In addition to the obvious interest in the peculiarities of the processes of forming a picture of leaks in our country, the preparation of a separate study of data leaks for Russia is associated with the authors' desire to once again draw public attention to the problem of leaks of the main (in terms of the number of recorded incidents) type of information for our country - personal data.

Natalia Kasperskaya comments:

In many countries, we are seeing a tilt towards technically simpler administrative regulation of data security through increased fines, tougher requirements. In fact, if personal data of citizens are an asset of the state, then the state should ensure their protection through strict regulation of the processes of processing (in a broad sense) personal data both within the framework of the system of its own bodies and in the commercial sector. Against the background of the outlined global trend towards tightening administrative responsibility for compromising personal information, regulatory policy in Russia still looks rather soft. Victims of personal data leaks can count on compensation for harm caused by the results of the trial. But the amount of compensation rarely exceeds 10 thousand rubles, and the number of such cases is calculated in units.

The distribution of leaks by data types indicates a small (compared to the world picture) number of cases of compromise of payment data with information leaks comparable to the world shares, constituting state and commercial secrets. The reasons for this deviation lie in the heterogeneity of penetration of protection systems in various industries characteristic of the Russian information security sector. Organizations whose activities involve the processing of payment information are traditionally considered leaders in terms of using information security solutions. These are primarily banks. It is not yet possible to say the same about companies where payment data processing is not one of the key transactions (that is, most organizations that actively conduct business store customer and partner data).

We regret to state that employees of companies with legitimate access to personal data of users, customers often do not have basic knowledge of the rules for the safe handling of restricted information, or deliberately ignore prohibitions and security policies.

Sergey Khairuk explained:

The increase in the number of incidents related to intentional compromise of personal data is due to the fact that Russia is gradually being integrated into the global paradigm of universal "digitalization," one of the necessary signs of which is the presence of an environment for the provision of services in electronic form. "Digitalization" allows you to "tear" a real person from an electronic profile. Obviously, this opportunity generates a demand for other people's personal data "tied" to various electronic services - be it accounts in car sharing applications, personal accounts of cadastral accounting systems, even registered SIM cards. In the simplest case, the mechanism for using other people's data is built so that the service is received by the attacker who stole the data, and the "owner" of the data, the person "on behalf" of whom the offender acts, pays for it.

Personal data, therefore, is gaining more and more value for various kinds of fraudsters. Individuals who have access to such data are tempted to copy them from the system and sell them to the first person who offers the material good - real money - for an intangible asset.

In the course of the study, the thesis that Russia is characterized by a higher proportion of the so-called "qualified" data leaks was once again confirmed. That is, such cases when an attacker deliberately uses information stolen by him to achieve personal gain (data fraud, bank fraud), or gains access to information that he does not knowingly need to fulfill his labor function (exceeding access rights).

InfoWatch analysts associate a large number of "qualified" leaks in Russia with a relatively low level of information security culture. Employees of organizations dealing with sensitive information every day periodically "forget" that the result of their work is a work of service and, as a general rule, belongs to the employer. Hence the numerous cases of selling databases containing information about clients and counterparties of the employer organization, attempts to "find your interest in someone else's pocket," having received not only wages from the employer, but also a "bonus."

The dominant channels of confidential information leakage from organizations in Russia are paper media and the Web. They accounted for, respectively, about 45% and about 43% of incidents.

Still the most typical for our country are the scenarios of leaks through the "paper documentation." Organizations post lists of debtors with a full list of personal data at the entrance houses. There is no need to even talk about banks and insurance companies, authorities throwing copies of customer passports to landfills closest to offices - these stories have become too commonplace.

The number of intentional leaks through channels such as "removable media," "loss and theft of equipment" in 2018 was calculated in units. Attackers, knowing that their actions are controlled, simply do not use these channels.

Leaks from the public sector and local authorities, in principle, occupy a more noticeable place in Russia than in the whole world - state and municipal bodies account for a total of 39% of all cases of information compromise recorded in 2018.

Further in importance are leaks from organizations in the field of trade and entertainment (14%), the financial segment (12%). A small share of "medical" leaks - 8.5% against the background of a 19% share in the world distribution - is explained by the relatively low level of "digitalization" of Russian medicine, the peculiarities of the development of Russian medical insurance. Paradoxically, the backwardness of Russian medicine in terms of digitalization is the key to the relative safety of personal data in medical institutions.

The largest percentage of intentional leaks in Russia falls on such industries as banks and finance (70%), high technologies (65.2%), industry and transport (60%). Thus, it is these three verticals that look the most attractive to attackers.

Sergey Khairuk summarizes:

Taking into account the identified and indicated features of the Russian leak pattern, known factors that form this pattern, the most acceptable approach should be to create and use such protection systems that allow controlling specific types of information of limited access (databases, financial documents, information constituting a trade secret), to conduct "deep" monitoring of "problematic" channels of information transmission (outgoing Internet traffic, paper documents, data transfer to removable devices). In addition, it is necessary to focus on the comprehensive application of analysis of employee behavior in a tight reference to their role in the company, the amount of access to information. Ideally, such protection is complemented by a solution to counter external attacks.

66% of Russian companies faced leaks due to insiders

On February 19, 2019, SearchInform published the results of a 2018 business information security study. It concerns threats that come not from external intruders, but from the inside of the company - from employees. The study involved 1024 representatives of Russian business. Another 718 people joined the survey in other countries of the presence of SearchInform (Middle East, Latin America, South Africa, CIS).

Data breaches

66% of companies faced leaks due to insiders in 2018. Most often, commercial information disappeared: about clients and transactions, partners, accounting (in the amount of 51%), less often technical information leaked (24% of cases).

Personal data is also easily leaked (20% of cases), but companies still rarely report what happened to the media. Only 3.5% of organizations do this. Nevertheless, this figure is higher than a year earlier. Then only 2% of organizations reported leaks in the media.

But the companies began to report the incident to the victims much more actively. Over the year, the figure grew by almost 16% - to 28%.

"The share of companies in the Russian Federation that recognize responsibility for the incident is steadily growing and will soon be equal to the global indicator. This is a rather interesting trend, because sanctions in Russia and in the world differ dramatically. For example, in Russia, a fine for disclosing personal data is measured in tens of thousands (rubles), and in the European Union - in millions (euros). Thus, it is personal responsibility, consciousness of domestic companies that is the main reason, and not at all the threat of a fine. " ' Alexey Parfentiev, Head of Analytics at SearchInform

The number of documents in the form of images - scans, photos, screenshots, PDF - has increased significantly lately. 3 years ago, there were no more than a third of such documents in organizations. As the study "SearchInform" showed, in 2018 in 54% of companies half of the information or more is stored in graphic formats. A third of such documents are leaked by e-mail, another 30% of documents are made by employees on mobile devices.

"To register with services, draw up invoices or contracts, make payments and receive discounts, customers are increasingly presenting data and documents in the form of photos and scans to large banks, stores, operators. For these organizations, protecting personal data and other confidential user information from leaks becomes critical to avoid financial and reputational risks. " Dmitry Shushkin, CEO of ABBYY Russia

Other incidents

Analysts asked not only about leaks, but also about other incidents. In 2018, 15% of companies noted an increase in the number of internal incidents, 9% more than a year earlier. This coincides with the dynamics observed in other countries where the survey was conducted.

As the survey data showed, 74% of incidents are admitted by ordinary employees. Most often, managers of supply departments (corruption capacity of the profession), accountants and financiers (access to critical data, money) become violators. Both professional industries account for almost half of all incidents.

High rates of violations among assistant managers and IT specialists (16 and 15%, respectively). For both reasons, one reason is access to critical information and privilege of position.

Software Budget

In this situation, it is noteworthy that 30% of companies announced an increase in the security budget. At the same time, another 12%, on the contrary, reduced costs. Mainly Russian companies are still limited to installing antivirus programs and using the Windows and NGFW administration tools. The expected low utilization of more complex products: DLP and SIEM systems.

According to SearchInform, this dynamics is explained by the requirement of regulators. Both in Russia and in the world, iconic information security laws have begun to work. In Russia, we are talking about FZ-187, in the case of abroad - GDPR directives that have extraterritorial effect.

What they control

As in 2017, the main channels of information transmission that employers control are e-mail (29%) and external media (20%). Telephony (15%) and Internet messengers ( 11%) are less alarming for managers. These figures maintain the momentum of the past year.

Employers are most concerned about employees' disloyal attitude towards the company, sabotage, the dissemination of negative information (21, 21 and 23%, respectively). Another 16% of employers care about dangerous dependencies of employees.

As noted in SearchInform, the interests of companies go beyond monitoring loyalty. It is important for information security specialists to understand the personal problems of employees who can be dangerous for business and the team.

Damage and punishment

Most often, incidents led to image and minor financial damage (28% of responses each). Approximately the same number of violations led to major financial damage, as well as compliance risks - the threat or fact of punishment from the regulator.

Only 4% of Russian companies ignore incidents without applying sanctions to violators. 34% of employers fire violators, half reprimand and fine (23 and 27%). Only 8% of companies bring the case to court.

"Companies prefer not to go into the public field with conflicts. Units decide on this and only in the most egregious situations. Then the evidence is often provided by data obtained from software complexes, in particular DLP systems. Unfortunately, this fact often does not appear in the case file. In some cases, it turns out to be extremely difficult to prove the employee's guilt: both due to the lack of complexes for fixing violations, and due to the lack of regulations in the company in this regard. " ' Alexey Parfentiev, Head of Analytics at SearchInform

Every sixth data leak is registered at the enterprises of the Ural Federal District

On February 13, 2019, InfoWatch Ural announced that it had summed up the results of a study by the InfoWatch Analytical Center in the field of ensuring the security of corporate information in commercial companies and state organizations of the UFO. In 2018, the organizations of the investigated federal district allowed 30% more data leaks than in 2017 - this growth dynamics is five times higher than the all-Russian indicators. In the regional distribution of incidents, the share of UFOs increased from 13% in 2017 to 16% in 2018, that is, every sixth data leak in Russia in 2018 happened in organizations of the Ural Federal District.

According to the company, almost half of respondents from among information security specialists and heads of enterprises in the macro-region surveyed by InfoWatch admit the likelihood that confidential information has been leaked in their companies over the past three years. At the same time, 39% of the survey participants admitted that information security systems at their enterprises do not fully provide protection against modern cyber threats, including data leaks .

In organizations of the Ural Federal District, as well as in Russia as a whole, the share of personal data in the overall picture of leaks is more than 80%. At the same time, the UFO is one and a half times more likely than in other regions to leak information related to the most liquid data: commercial secrets and production secrets. Twice as often as the national average, payment information leaks in the region.

According to the authors of the study, a large proportion of leaks of information containing trade secrets and know-how are associated with a rather high concentration of large industrial enterprises in the Urals. With great production potential, local enterprises are probably not fully ready to prevent leaks of commercial information, and above all leaks due to internal intruders, InfoWatch experts noted.

In every fourth case of leakage, information that was lost from UFO organizations was used for fraudulent purposes or obtained as part of illegitimate access to the information systems of the enterprise.

Limited access information, which includes trade secrets and know-how, payment and personal data of customers, at many enterprises in the region, as a rule, is not sufficiently protected. As a result, attackers who gain access to internal information systems are able to benefit personally from the data operated by the employer. For example, Magnitogorsk the head of the pension fund department handed bank over the personal data of the townspeople to the commercial employee. This information was then illegally used in the activities of the credit institution. So-called "internal" leaks occur as a result of errors by a legitimate user or failures of automated information processing systems. In such cases, as a rule, a large amount of data leaks. Since the employees of the organization have access to the most sensitive business information, as a result of their malicious actions of the organization, more serious damage can be caused than from. hacker attacks Andrey Arsentiev, analyst at InfoWatch Group of Companies

As in Russia as a whole, in 90% of cases of data leaks in the UFO, the cause of the incident was the actions of an internal attacker in the organization, or an insider.

Most respondents believe that the use of DLP systems (Data Leakage Prevention) with a predictive analytics module (User and Entity Behavior Analytics, UEBA) can reduce the threats of intentional data leaks from personnel. Such solutions use the capabilities of artificial intelligence, deep analysis of big data, and allow you to identify employees who, for example, intend to quit the company, and thus prevent the likely abuse associated with access to confidential information on their part.

In almost 70% of cases, unprivileged employees became the culprits of data leaks from organizations of the Ural Federal District. At the same time, in 2018, on the territory of the UFO, much more often than a year earlier, there were leaks based on the results of the actions of privileged users: top managers, middle managers and system administrators, if in 2017 they accounted for 7% of violations, then in 2018 more than 16% of incidents.

In most cases, data leaks in both Russia and the Ural Federal District, in particular, occur through two channels of information transmission: through the network and the loss of paper documents. At the same time, the share of incidents related to the loss of corporate data on paper is 20% higher than the share in the all-Russian distribution, and the share of leaks through the Internet and cloud media, on the contrary, is 20% lower than the national average.

Representatives of Ural business and local state organizations consider the most effective means of improving the culture of personal data management by holding regular educational events among employees to increase the level of cyber literacy in the field of data protection for employees. At the same time, only 35% of respondents replied that such events are held regularly in their companies, for example, at least once a year.

In 2018, the largest number of data leaks in the UFO was recorded in medical institutions (21%), banking and financial organizations (16%), state and municipal authorities (12% each). Least often, the data leaked from educational institutions (9%), trade organizations (9%) and industrial enterprises (7%).

As of February 2019, modern technologies penetrate into various spheres of our life - from the service sector to medicine, so special attention should be paid to the information security of these processes. To effectively protect their corporate data and information systems, organizations need to build hybrid protection, which will include, firstly, countering internal threats posed by employee actions by implementing data breach protection systems, and, secondly, repelling external attacks. The latter can cause exploitation of vulnerabilities due to poor-quality software code in a product implemented at the enterprise. Therefore, if a business needs to create any IT product, at the development stage it is necessary to involve information security specialists, to develop secure development. Nikolay Babichev, General Director of InfoWatch Urals

2016

Data breach growth in Russia by 89% to 213 cases

In June 2017, it became known that the volume of leaks of confidential information in Russia in 2016 increased 100 times. The data was provided by InfoWatch, a company specializing in corporate information security.

At the end of 2016, experts counted in Russia about 213 cases of information leaks, as a result of which 128 million records of confidential data, including those related to bank cards and accounts, were compromised. The number of leaks increased by 89% compared to 2015, and the amount of data lost due to these incidents increased by more than 100 times.

Most of the leaks of confidential information occurred in government agencies (21.6%), IT companies (14.65%), educational institutions (13.6%) and banks (11.75%). Every tenth data leak in the Russian Federation occurred in small businesses, which experts associated with underfunding, careless handling of limited access information and insufficient personnel control.

The main channels of leaks in 2016 were browsers and paper documentation - 64 and 26% of cases, respectively. The share of payment information leakage in Russia (2.8%) is lower than in the world as a whole (7.3%). At the same time, data on commercial secrets and know-how in Russia account for 12.2%, and in the world - 5.4%.

Russia also recorded a high share (25.5%) of "qualified" leaks, when data after theft is used for personal purposes (in the world this figure reaches 17.3%).

According to InfoWatch for 2016, about two-thirds of leaks in Russia are caused by company employees who have access to confidential data. In 2015, employees of organizations accounted for 84% of leaks, in 2016 - already 65%. Around the world, the same indicator is 52 and 34%, respectively.

SearchInform: Half of companies in the Russian Federation faced data leaks

SearchInform conducted a study and found that from 2014 to 2016, the number of attempts to leak information by employees of Russian companies increased by 17.3%. To do this, the experts of the analytical center analyzed the data of 500 SearchInform customers for the specified period.

The researchers determined that 31.4% is deliberate theft of information (including saving information on a personal medium "just in case" or due to a change of work), 17.9% is accidental data leaks or the result of the activities of social engineers. 50.7% are incidents whose motives could not be unambiguously established.

On February 1, 2017, SearchInform announced the results of an analysis of the situation in the field of protecting confidential information among Russian organizations in 2016.

During the study, representatives of companies from various industries were interviewed.

The situation in organizations of various scales was analyzed:

• up to 100 employees - 27%
• 100-500 employees - 36%
• 500-1000 employees - 12%
• 1000-1500 employees - 7%
• more than 1,500 employees - 17%

Leaks and attempts to steal information

In 2016, 49% of Russian companies faced leaks of confidential data. Most often, information leaks due to carelessness and inattention of employees.

The organizations of Izhevsk (85%) and Nizhny Novgorod (64%) suffered more than others from the "drains." Moscow became the third in the number of leaks with an indicator of 58%. The least incidents happened in the companies of Simferopol (23%).

17% of Russian organizations were able to stop an attempt to steal data.

Confidential information is of interest to many categories of employees, but in 2016 the top three were:

• ordinary employees,
• heads
• accountants.

These specialists more often than others became the culprits of leaks.

Most often, Russian companies leaked:

• 25% - Customer and Transaction Data
• 18% - Trade Secret
• 18% - Technical Information
• 15% - Personal data
• 12% - Partner Information
• 9% - Internal Accounting.

In different regions, different categories of employees show the most insider activity:

• in Izhevsk - ordinary specialists (64%),
• in Vladivostok - leaders (23%),
• in Irkutsk - accountants, economists and financiers (33%),
• in Orenburg - system administrators (20%).

47% of Russian companies faced attempts to steal data from former employees. Some, leaving the organization, steal information out of resentment and desire to take revenge, others - to "appease" the new employer.

Insiders are punished in different ways, in 2016 - most often by dismissal. This indicator practically does not differ from last year.

Most often, offenders are dismissed in Moscow and Krasnoyarsk (34%), fined and deprived of bonuses - in Irkutsk (33%), reprimanded - in Simferopol (26%).

In 2016, Russian companies began to report incidents more often: 13% of them notified customers about leaks and apologized. A year ago, 11% of organizations did this. Most companies chose to keep quiet about the leak.

The most secretive were companies from, Omsk, and Irkutsk Vladivostok (Ufa 100%). Most often apologized for incidents in (43 Nizhny Novgorod %).

• 40% of companies rate the importance of protecting sensitive data at 10 out of 10.
• 16% - 5 out of 10 points
• 14% - 8 out of 10 points
• 12% - 7 out of 10 points

2015:59 data breaches of the 1st half of the year

According to the results of the first half of 2015, Russia ranked second in the world in the number of leaks of confidential information to the Internet, Kommersant wrote with reference to an InfoWatch study.

For six months of 2015, according to the study, 59 cases of leakage of confidential information from Russian companies and government organizations were registered.

Among the companies affected by leaks over the past six months are MTS, VTB24, Russian Railways, SOGAZ, as well as Apple, Google, Lenovo, Microsoft and others. 90% of leaks are related to the disclosure of personal data. During the study period, more than 262 million personal data records, including payment information, were compromised.

In 65% of cases, an employee of the affected organization, usually a lower or middle manager, was guilty of data leakage, the authors of the study indicate. The share of hacker attacks was 32 percent of the total number of incidents, but these attacks are the most effective, they stressed.

In total, 723 cases of confidential information leakage were recorded in the world in the first half of 2015, which is 10 percent more than the number of leaks in the same period in 2014.

2014

InfoWatch: The number of leaks in Russia increased by 73%

The company's analytical center InfoWatch presented in February 2015 the results of a global study of confidential information leaks for 2014. Compared to 2013, the number of information leaks in the world increased by 22%, while in - Russia by 73%.

In a quarter of cases, information leakage occurred as a result of hacker activity (targeted attack, phishing, hacking of a web resource, etc.). In most cases (73%), the information leaked through the fault of an internal violator, usually an ordinary employee, former or current. However, if as a result of internal attacks 350 million personal data were compromised (0.34 million per leak), then the result of the external impact was the compromise of 410 million records (1.16 million per leak). Thus, hacker attacks, although less often internal, caused more damage to companies, the company said.

"Massive attacks in 2014 often affected banks, where information about individuals' accounts, plastic card details and other 'liquid' data is concentrated. Hackers hunted for the same types of data, stealing information from payment terminals of network retailers. Large Internet services, transport companies, government agencies were attacked, - said Sergey Khairuk, an analyst at InfoWatch. "Since the Russian picture of information leaks is increasingly approaching the American one, in the near future we can expect the same large-scale attacks on domestic Internet services."

In 2014, the share of accidental leaks increased by 10 percentage points and amounted to about 50%. The share of intentional leaks, respectively, decreased to 44% of the total number of incidents. The redistribution of the share of leaks by intent occurs due to the fact that with the spread of information protection tools (including DLP solutions), more and more accidental leaks are recorded, and fixing malicious leaks requires the use of more expensive countermeasures, InfoWatch explained.

Most information leaks are associated with personal data - in 92% of cases it was this information that leaked. More than 767 million personal data were compromised due to errors or intentional actions of internal violators, as a result of external attacks.

Among the trends of 2014, InfoWatch analysts highlight a large number of "mega-leaks" with a volume of over 10 million leaked PD records. Thus, as a result of 14 "mega-leaks," more than 683 million records were compromised - 89% of the total volume of leaked personal data. At the same time, more than 30 cases were recorded when the volume of personal data compromised as a result of the leak amounted to over 1 million records.

Source: InfoWatch, 2015

Scams known as identity theft have also become widespread. Almost three quarters of personal data leaks are related to "identity theft" - the stolen information was used in fraudulent schemes, criminals issued loans and tax deductions for other people's data.

Most of the leaks in 2014 fell on three main channels: the Internet (35%), paper documents (18%) and theft/loss of equipment (16%). At the same time, intentional leaks most often occur via the Internet, and accidental leaks occur as a result of loss or theft of equipment.

In 2014, the share of state-owned companies from which information leaked almost halved, but the share of commercial organizations affected by such incidents increased. Most often, leaks were recorded in medicine (25%), least often in municipal institutions (2%). At the same time, in terms of the volume of compromised records, the bank vertical holds the palm - 41%. If you highlight personal data, then they most often leak from high-tech companies (including Internet services), government agencies, medical and trade institutions.

Most (52%) leaks from large companies are classified as intentional, and most (57%) leaks from medium-sized companies are classified as accidental. Nevertheless, the share of personal data leaks in the SMB is significantly higher than in the segment of large companies - 71% versus 24%. This indicates that the issue of information protection in small companies has not yet been resolved, they believe. InfoWatch

In the global study of confidential information leaks of the InfoWatch analytical center, the positions of its own employees who committed theft of confidential information are also ranked. The culprit could not be identified only in 13% of cases.

Source: InfoWatch, 2015

Source: InfoWatch, 2015

In the annual study, InfoWatch lists the US as the leader in leaks in 2014 (906 or 65% of total incidents). Russia, according to InfoWatch, as in 2013, ranks second (167 leaks) The UK is in third place (85 leaks).

Source: InfoWatch, 2015

According to Valentin Krokhin, Marketing Director of Solar (formerly Rostelecom-Solar), hackers are most "interested" in those systems in which more data or financial resources are accessed. Therefore, American and European companies are most often attacked.

According to the annual EY report, in Russia, employee ignorance about information security is the main reason for vulnerabilities in corporate information systems. Social media poses the least threats to corporations.

As around the world, attacks on Russian enterprises are carried out exclusively to "make" money. Most cybercriminals, according to Sergei Khairuk, an analyst at InfoWatch, have long "sidelined" ideological motives: attackers worked and will work to extract material benefits. Of course, if the state pays more for a neighbor's attack, hackers are likely to agree.

Zecurion: 37 public leaks

According to Zecurion Analytics, 37 public cases of information leakage were registered in Russia in 2014. Among the most high-profile: the compromised database of millions of users of Yandex.Mail, Mail.ru, and Gmail mail services, the theft of more than 70 million rubles from the accounts of clients of several Russian banks, the use of customer data and the theft of 2 million rubles by employees of Pervomaisky Bank, the leak of passwords to the Prime Minister's accounts.

See also

• Data breaches
• See TAdviser for DLP Solutions and Projects Catalog
• DLP - Data Loss/Leak Prevention
• What are the scares of data leaks and how to protect yourself from them? TA Details
• Security Incident Management - Issues and Solutions
• Information Protection - DLP Myths and Reality
• Secure e-mail of confidential documents
• DLP Solutions (Russian Market)
• DLP Solutions (Global)
• What if the leak has already happened?
• Cutting and sewing lessons from DLP developers
• DLP: High-Profile Leaks
• Prices for user data in the cybercriminal market

Notes