General

Attacks on the infrastructure of Russian companies. Life under pressure

Hello.

Since March, Russian infrastructure has been under constant pressure from outside, a search is underway

vulnerable places.The need for protection against DDoS attacks has grown by orders of magnitude, and different companies come up with their own methods of protection, the thought is seething. By and large, life under pressure has become commonplace for most companies, now protection from external influences is being strengthened by everyone, it is included in IT budgets. The capacity of this market has grown dramatically, ready-made specialists with a gulkin nose, hence the emergence of tens of thousands of jobs. The presidential decree, signed on May 1, 2022, also regulates the creation of information security units in state-owned companies plus corporations with state participation. The information security market is growing by leaps and bounds, and the very real pressure exerted on Russian resources makes the task all the more interesting.

The most common tool forinterference in the work of a company or service has become a classic DDoS. The chosen victim is bombarded with empty requests in order to clog the channel and load the equipment - often both botnets and people who are gathered to carry out such sabotage participate in such attacks. For example, in the Ukrainian Telegram channels they do not hide at all what goals they are targeting, and they call, using simple tools, to attack Russian resources.

The easiest way to protect isdisabling access to resources from IP addresses outside of Russia or a specified list of exceptions. The sharpness of a DDoS attack by such a simple technique is reduced by orders of magnitude, it is impossible to fill someone else's channel with information noise. Vivid examples of resources that are under such pressure can be the Russian Railways website or the MegaFon operator.

Try turning on the VPN client for the sake of experimentand try to open the websites of the listed companies, you will not be able to do this, you will simply not be given access. Turn off the VPN, exit Russia, and everything works fine. It's cheap, reliable, and practical to kick out malicious computers and users. Most companies have mastered this method of protection, some use it, some include more advanced analysis - when the behavior is analyzed for each connection, they are added to the white or black lists. A slightly more complex system, but it also reliably protects services and sites.

Curiously, using a VPN or accessing fromother countries disables applications or makes them limited in their capabilities. For example, the Russian Railways application almost always works from other countries, but the application of the same MegaFon works partially, not all menu items open. Although the operator sees that your smartphone has its SIM card.

Restrictions are forced, as inmany barbarians have appeared on the network who are trying to break running services, but they can’t do it on the forehead. Hence the full-fledged information war, when they try to turn ordinary people into weapons, to force them to “break” services. After the announcement of partial mobilization, a stuffing appeared that it was possible to check whether you were called up or not on the State Services service. Considering the importance of information, millions of people rushed there at the same time, which eventually limited access to it, it did not work for several hours. Moreover, it did not work not only for those who wanted to see the status of the agenda (it was not there at all), but also for those who performed the usual operations - they looked at their fines, ordered certificates, and so on. The manipulation of people worked with a bang, a kind of DDoS arose inside Russia when ordinary people downloaded the service. Such peak loads cannot be put into the system, it is designed for normal use, when people approach the system more or less evenly. And do not try to get into it at the same time in a short period of time. And the reason is not in the mistakes of those who designed the service, but in the anomaly of the situation itself. The injection was fully successful, the service stopped working for several hours. And this creates not just inconvenience, losses can be measured in very real money.

Miscellaneous

Affiliate material

Reality and prospects of the IT professions market

What professions are the most popular and highly paid?

Saturday coffee #220

Pour a cup of fragrant Saturday coffee andcheck out the news of the week. Xiaomi introduced a new smartphone, ZTE brings under-screen cameras to the masses, the Evolute electric car is on the conveyor, and Pelevin’s new book is on sale…

Suzuki SX4 test. Not like everyone else.

The Suzuki SX4 crossover, which will be discussed in this article, was released in 2016. Up to this point, the SX4 in the company's lineup was represented by a hatchback and a sedan ...

Why flexible screens are doomed

Is this really the same revolution and the next step in the development of our pocket companions?

For online stores, losses are even greatertangible, because every minute of inaccessibility means lost customers, those who did not order the goods. In recent weeks, there have been constant attacks on a number of computer stores, they are coordinated in Ukraine. The recent attack on DNS and Citylink was carried out under the auspices of the fact that these stores sell quadcopters and therefore it is necessary to make sure that the sites do not work for the maximum possible time. The attack vector is selected by skilled people, this is not a crowd. Protection against DDoS and other possibilities is being studied, and tools are being varied, which are then given out to everyone. A sort of state terrorism on foreign territory, when the sponsor of attacks on civilian infrastructure is directly the state. It studies the weaknesses of the defense and then conducts an attack, attracting third-party people to it.

Interruptions in the work of the same Citilink websiteassociated with external attacks, and the pattern of such attacks is always changing. From simple requests that fill up a channel or provider, attackers can move on to emulating real people in order to repel the attack as hard as possible.

Until recently it was thought that attackersspend less resources than those who defend themselves. The cost of DDoS against the background of potential losses of the attacked was minimal. Oddly enough, the massive spread of attacks on resources has led to an increase in their cost, which has made the economy not so straightforward. On the other hand, competition among those who protect resources, the emergence of a mass market have led to a specific reduction in both the cost and prices offered to companies. It is paradoxical, but true - the cost of attacks has increased, the cost of protection due to its massive use has decreased.

Consider me an optimist, but it seems to me thatthe level of both specialists and companies grows only under pressure. When everything is good, there is no reason to develop quickly. So it is here - we get new experience, sometimes unique, we learn to live under pressure that does not disappear. Life forces you to work ahead of the curve.

Long ago in the banks that take care ofthe security of their customers, not just identification by phone number appeared, the SIM card number was also checked, when it was changed, it was necessary to re-link your number to the account, at the same time it was checked on which device you are doing all this. The simple, not-so-complicated check that made sure your account was secure made it a painstaking task to hack it. It could be assumed that most banks would implement such checks, make them available by default. In several banks whose services I use, everything was exactly like that.

From October 1, 2022, the Central Bank of the Russian Federation at the level of the lawmade such protection necessary, I was surprised by the cry of Yaroslavna from some banks, who considered these measures unnecessary, draconian. That is, there really were banks where such simple steps were not taken in the past. Can you imagine? And after all, this is by default companies that should be at the forefront of progress, protect their users and their money in every possible way. If such a method of protection (read - additional checks) is complicated and expensive, I would understand this. But in the general outline of security measures in banks, this is not so difficult and expensive. This means that those who did not use these simple and effective methods were simply lazy, and now the regulator is forcing them. And this is also good news, since by default the security of all systems will increase, it will become noticeably better.

We cannot forget about the human factor, aboutthat information security in companies is handled by people with different backgrounds and life experiences. It is impossible to talk about the homogeneity of the experience of people in different companies. But the threats that arise and are implemented in practice lead to the fact that information systems are hacked, and as a result, willy-nilly, they have to be protected. The same experience is gained. Remember the proverb that for one beaten they give two unbeaten? So here too. Experience due to constant attacks from the outside appears very interesting. And it cannot be obtained in theoretical classes. Thanks to the ongoing external pressure, an understanding of the importance of information security has arisen, now they are trying not to save on it and have ceased to approach this issue as a hypothetical one. For the first time in many organizations, leaders began to monitor this, because this is their point of vulnerability, Achilles' heel.

But the main thing that each of us needs to memorize is -it is we ourselves who are the point of vulnerability, our actions open the gate for intruders. It is necessary to observe digital hygiene, not to commit rash acts, from which then it will be insanely sad, but nothing can be corrected. Think about what you are doing and how, and most importantly, why. Hurry is only needed when catching fleas, in the real world you should never rush, especially when it comes to protecting your information.

I am often asked when the attacks onRussian infrastructure. It is best to proceed from the simple assumption that such attacks will always be there, they will not stop, but their scale will increase and decrease. And life in such conditions is not as hard as it seems at first glance. Yes, the costs are slightly higher, but the gain from this is incommensurable. The systems of Russian companies are being tested in combat. Losses along the way are inevitable, the question is that it is necessary to correct all the shortcomings and close the gaps from the attackers. And, by and large, it works.

Stolen personal data. How to minimize your risks

What personal data is important and what is not; leaks and why they are not equally dangerous; how to save your data and when it is better to lie without specifying them.

Phone number - hidden problems when buying a SIM card. Protecting the SIM card

What problems can you face when buying a SIM card from an operator; why the phone number does not belong to you and who is responsible for its use; how to protect the sim card.