How data leak channels have changed
Posted: Wed Jan 22, 2025 6:33 am
The main trend of 2023, in addition to the reorientation to e-commerce, DLBI named a decrease in the share of large leaks (more than a million unique records) from 30 to 10%. The vector of attacks has changed. Previously, almost all leaks occurred due to insiders, but since 2022, the main reason is hacker attacks, Ashot Oganesyan recalled. Mainly from the so-called Ukrainian hacktivists.
At the same time, in finland whatsapp number database 2022, the attacks were more targeted and aimed at large Russian companies, the hacking of which could become a high-profile PR occasion, noted Ashot Oganesyan. According to him, then large businesses strengthened information security, so the targeted strategy became ineffective. Now hackers are massively scanning the RuNet and hacking all resources with vulnerabilities.
— The increasingly frequent hacking of databases and their leaking into the public space is part of the hybrid war that is being waged against Russia. It is obvious that these are planned hacker attacks initiated from abroad. The nature and scale of the hacks suggest that they are the work of specialists close to foreign intelligence agencies, — Roskomnadzor told Izvestia.
Why data leaks are dangerous
Often, attackers use the obtained data for password reuse attacks, when passwords from different leaks are combined and used, for example, to hack personal accounts, said Ashot Oganesyan.
— The most dangerous leaks are those data that can cause financial damage. These are bank card details, passport data, and in rare cases, phone numbers (if the operator’s personal account is then hacked and money is debited from the personal account), — added SafeTech Lab CEO Alexander Sanin.
The most "simple" information, such as telephone and email numbers, information about orders from stores, addresses, are included in extensive databases that can be found on the Internet and downloaded in batches, for example, for advertising purposes, said Fedor Muzalevsky, director of the technical department of RTM Group.
He added: fraudsters can use any data for more successful attacks using social engineering methods. For example, when attackers call on behalf of the bank's security service or law enforcement agencies.
How the authorities plan to protect Russians from data leaks
In order to improve the security of personal data in the Russian Federation, it has been proposed to introduce turnover fines for leaks. The bill suggests that the fine for a repeated violation, if more than 1,000 people's information has leaked, should be from 0.1 to 3% of revenue for the calendar year preceding the violation. Another proposal is to use the "Gosuslugi" portal for appeals from victims of personal data leaks to receive compensation from companies, said the head of the Ministry of Digital Development, Maksut Shadayev.
The department told Izvestia that it supports the initiative to introduce turnover fines for leaks of personal data, including the use of a compensation mechanism for those affected by such leaks.
The Bank of Russia conceptually supports the draft law of the Ministry of Digital Development on the introduction of turnover fines for data leaks, they told Izvestia. The Central Bank added that it constantly interacts with banks on the topic of counteracting computer attacks, including information leaks.
However, business is already actively investing in the development of cybersecurity, noted AKIT President Artem Sokolov. He summarized: the amounts of fines, in addition to the established maximum values, should be primarily stimulating in nature, rather than punitive.
At the same time, in finland whatsapp number database 2022, the attacks were more targeted and aimed at large Russian companies, the hacking of which could become a high-profile PR occasion, noted Ashot Oganesyan. According to him, then large businesses strengthened information security, so the targeted strategy became ineffective. Now hackers are massively scanning the RuNet and hacking all resources with vulnerabilities.
— The increasingly frequent hacking of databases and their leaking into the public space is part of the hybrid war that is being waged against Russia. It is obvious that these are planned hacker attacks initiated from abroad. The nature and scale of the hacks suggest that they are the work of specialists close to foreign intelligence agencies, — Roskomnadzor told Izvestia.
Why data leaks are dangerous
Often, attackers use the obtained data for password reuse attacks, when passwords from different leaks are combined and used, for example, to hack personal accounts, said Ashot Oganesyan.
— The most dangerous leaks are those data that can cause financial damage. These are bank card details, passport data, and in rare cases, phone numbers (if the operator’s personal account is then hacked and money is debited from the personal account), — added SafeTech Lab CEO Alexander Sanin.
The most "simple" information, such as telephone and email numbers, information about orders from stores, addresses, are included in extensive databases that can be found on the Internet and downloaded in batches, for example, for advertising purposes, said Fedor Muzalevsky, director of the technical department of RTM Group.
He added: fraudsters can use any data for more successful attacks using social engineering methods. For example, when attackers call on behalf of the bank's security service or law enforcement agencies.
How the authorities plan to protect Russians from data leaks
In order to improve the security of personal data in the Russian Federation, it has been proposed to introduce turnover fines for leaks. The bill suggests that the fine for a repeated violation, if more than 1,000 people's information has leaked, should be from 0.1 to 3% of revenue for the calendar year preceding the violation. Another proposal is to use the "Gosuslugi" portal for appeals from victims of personal data leaks to receive compensation from companies, said the head of the Ministry of Digital Development, Maksut Shadayev.
The department told Izvestia that it supports the initiative to introduce turnover fines for leaks of personal data, including the use of a compensation mechanism for those affected by such leaks.
The Bank of Russia conceptually supports the draft law of the Ministry of Digital Development on the introduction of turnover fines for data leaks, they told Izvestia. The Central Bank added that it constantly interacts with banks on the topic of counteracting computer attacks, including information leaks.
However, business is already actively investing in the development of cybersecurity, noted AKIT President Artem Sokolov. He summarized: the amounts of fines, in addition to the established maximum values, should be primarily stimulating in nature, rather than punitive.