The governments of five subjects of the Russian Federation (Astrakhan, Kaluga

[tanjimajuha20]

The public movement "Information for All" has published the results of an annual study of 170 official websites of the highest authorities of 85 constituent entities of the Russian Federation. The study is being conducted as part of the "Monitoring of State Websites" project. Based on the results of the study, a report was released entitled "Information Security of Websites of State Authorities of the Subjects of the Federation - 2022".

, Orenburg regions, Moscow new zealand cell phone number list and Stavropol Krai) do not have official websites at all. Their administration has been transferred to subordinate organizations or non-existent government agencies, which removes the sites from the official category. The governments of the Voronezh region and Crimea were completely unavailable at the time of the study.

As the study showed, the security of regional government websites is low. For example, 15% of the websites studied do not support secure connections via the HTTPS protocol, and another two-thirds support it only formally, without providing reliable protection for connections with their visitors. All this creates conditions for interception or substitution of traffic by a third party. Only in 29 regions did the websites meet all modern requirements.

The authors of the study also point out that regional government websites still use third-party code, including foreign code. Such problems were found on 99% of resources. Federal websites, as the authors of the study remind, have practically abandoned Google Analytics and reduced the download of other third-party code by 40%. However, more than half of the administrators have blocked access to websites from foreign IPs, including from the EAEU countries, to protect against DDoS attacks, although this measure has proven ineffective.

Anton Kuzmin, Head of the CyberART Cyber ​​Threat Prevention Center at Innostage Group, noted that since February 2022, there has been a sharp increase in the intensity of computer attacks on information resources of government agencies, including critical information infrastructure facilities. The targets include websites of government agencies and government information systems. At the same time, according to Anton Kuzmin, the predominant type of attack is hacking with data compromise: "New attack vectors and zero-day vulnerabilities are emerging, but the list of the most popular types of attacks remains unchanged. This includes data encryption, DDoS, phishing, brute-force attacks on user accounts, and SQL injections. According to our observations, the most common type of attack is hacking with data compromise - such attacks accounted for 37% of the total number of attacks. Email hacks, as well as hacks with the purpose of substituting and damaging information, accounted for 19% of all attacks, phishing - 17%. DDoS attacks accounted for 7% of incidents."