90% of structures vulnerable to cybergeneration Alexandrov | 30.09.2020
About 90% of government agencies are not only vulnerable to advanced cybergraphic, but also for attackers with low skill levels (cyberhooliganism). The main security problems associated with the lack
timely updates and basic remedies, as well as the insufficient protection of the closed network segments.
To such conclusion experts of the center for monitoring and responding to cyber-attacks Solar JSOC of the company “Rostelecom-solar” after analyzing data on more than 40 state organizations and authorities
the Federal and regional level.
The vulnerabilities described in the report “Rostelecom-solar” found at the stage of pilot connections of customers to the services of the center for monitoring and responding to cyber-attacks Solar JSOC, in the process
investigate complex incidents, command JSOC CERT, as well as in the framework of the analysis of the vulnerability, penetration testing or Red Teaming.
“The last time we see a clear segmentation of the profile of cybercriminals depending on the type of victim. In particular, attacks on the public sector are initiated by either the so-called cyberhooliganism with a simple
Toolbox or advanced cybergraphics and cybervictim that use more advanced techniques and specially designed utility. The first is for simple and monetization
do a encryption of servers and computers, hidden mining cryptocurrency, the creation of the resources botnets for the organization of DDoS-attacks or phishing emails. The second try
to obtain long-term control over the infrastructure or access to confidential data to cyber espionage,” – says the Director of the center for monitoring and responding to cyber-attacks Solar JSOC
the company “Rostelecom-solar” Vladimir Dryukov.
Vulnerabilities that cyberbullies use, often arise from the lack of updates in isolated from the Internet network segments. This is due to the fact that the update service itself can not
“pull” the required packages from the network, and in manual mode, this process is missing in 96% of organizations. In the end, more than 90% of the workstations and servers have bugs in the implementation of the remote Protocol
desktop Protocol (RDP), and over 70% mistakes in the implementation of the Protocol for remote access to network resources (SMB).
The part of government agencies use legacy (legacy) system with legacy code and encryption protocols. For example, unprotected Internet connection (most likely http) is used more than 50%
organizations, and more than 70% of web applications vulnerable to the classic vulnerabilities such as SQL injection and cross-site scripting (XSS). Basic email security is not in 70% of cases that
the background of the General low level of tiberghien users ensures a virtually 100% success for even the most simple phishing spam.
All this leads to the fact that most government agencies infected a well-known and relatively old malware. In particular, the signs of the infamous virus WannaCry is 60%
organizations, 85% of virus-miner Monero Mine, and in 90% of the signs of the VPO type of worm is transferred via external media.
Advanced cybergraphic and kibervoyska use is not primarily technical and process vulnerabilities. For example, looking at the infrastructure of the victims unaccounted for access points to the system to
to get to the less protected segment of the public, and then through him to penetrate into the part that holds sensitive data. According to the report, 90% of organizations found from 3 to 10 points
the coherence of public and private segments.
In addition, one of the most critical vulnerabilities of the public sector is the incorrect process of working with it contractors. Typically, organizations for them there is no single entry point into the infrastructure, and their
legacy account created at the time of the contract, are not deleted even after completion of the work. In this advanced cybergraphic kibervoyska and often used method of attack is through
contractor: hack vulnerable a contractor and using its infrastructure into the victim’s system.
information security, government agencies, cyber security
Rostelecom | Rostelecom