With CII, watch out: most cyberattacks are on critical infrastructure
In 2024, the number of cyberattacks on Russian companies increased 2.5 times, and most of them are on organizations from critical information infrastructure (CII) industries. These companies must switch to domestic software, among other things, in order to effectively repel such attacks. However, attackers are also adapting to import substitution: attempts by hacker groups to lure Russian developers to find vulnerabilities in domestic IS systems have already been recorded. Izvestia investigated how the transition to proprietary software affects the security of CII.
There will be more cyberattacks
Data on the increase in the number of cyberattacks by 2.5 times compared to 2023 was presented by RED Security. It is stated that last year the total number of information security incidents in companies reached almost 130 thousand. And the targets of hacker attacks in 2024 were most often organizations of critical information infrastructure industries in Russia - 64% of the total number of incidents. The pressure on CII is only growing: in 2023, this share amounted to 47%. There has been an increase in "well-prepared targeted attacks" - by 60%, according to RED Security.
Industry was most often attacked (31% of all attacks), and in most cases for espionage purposes. In second place - the IT sector, in third place - the financial sector.
Data from other companies generally confirm the findings of the RED Security study. For example, the Solar 4RAYS cyber threat research center, talking about the situation with cyberattacks in the first 10 months of 2024, reported that the number of investigated incidents increased by almost 45% compared to the same period in 2023. The top organizations attacked include government agencies, industry and telecom operators.
The Ministry did not give an estimate of the volume of cyberattacks on Russian companies when asked by Izvestia. But the interviewed industry representatives agree with their colleagues' forecasts: there are more cyberattacks. Dmitry Khomutov, director of Ideco, also points out that their number has more than doubled since 2023. It is difficult to assess the exact quantitative indicators, because many incidents fall under non-disclosure agreements, notes Mikhail Nazarov, service director of ESA PRO (part of Cross Technologies Group).
Yuri Drachenin, Deputy General Director of Staffcop (Atom Security, part of SCB Kontur Group), notes that the trend of increasing cyberattacks is typical for other countries as well. In turn, Alexander Cherny, IT architect of Reksoft Consulting's Technology Transformation practice, emphasizes that the growth of cyberattacks in the future is inevitable.
"Little understood hacktivists."
RED Security calls February, May and June the most active months for cyberattacks - the company believes this is evidence that the main threat still comes from so-called hacktivists - cybercriminals who are politically motivated.
Data from the Solar 4RAYS cyber threat research center also points to political motivation in cyberattacks: about 70% of incidents investigated by the company were related to the activities of pro-Ukrainian groups, and the main goal of attackers was called espionage (54% of investigated incidents). The second place is taken by cyberattacks for financial gain, and the third place is taken by data destruction.
Maxim Bolshakov, director of cybersecurity development at EdgeCenter and an expert at the Association of Software Developers "Fatherland Soft", notes that many instructions on how to carry out an attack have recently appeared on the Web. Moreover, the younger generation has become increasingly involved in hacktivism.
- In most cases, those who manage an attack involve young people who have little understanding of it," he explained to Izvestia. - The organization is quite simple, and this allows to increase the frequency of attacks.
At the same time, Ruslan Rakhmetov, CEO of Sesuritu Vision, notes that attacks are becoming more elaborate and organized: three years ago, the surge in cyberattacks began with mass DDoS attacks and defacements (when the main page of a website is replaced by another, usually with provocative content), then attackers moved on to a more careful selection of targets and advanced tools.
The hacktivists' targets are critical infrastructure facilities: a successful cyberattack on them can lead to serious consequences, including disruptions in the operation of vital services such as power supply, water supply, and health care, says Artur Kondakov, head of the development and implementation of information security systems at MoyOffice.
However, the volume of attacks on CII subjects is also explained by the fact that they include all major organizations of the country: banks, industry, government organizations, corporations, - says Maxim Akimov, head of the center of counteraction to cyber threats Innostage SOC CyberART.
Development in combat mode
Recall that organizations of the CII industry from 2022 should switch to domestic software. As the head of the Ministry of Digitalization Maksut Shadaev said in November, the work is not 100% complete yet: in early 2025, there will be "companies and even government agencies that have not been able to fully transfer their systems to Russian solutions". Evgeny Shishkov, Managing Director of Orion soft, in a conversation with Izvestia, estimated the share of import-substituted software in oil and gas companies at an average of 30-40%, although this industry is the leader in terms of implementation of domestic software at CII facilities. Dmitry Khomutov from Ideco gives more positive figures: 60% of companies were able to import foreign technologies, including IS systems.
In the same interview, the minister cited "insufficient maturity of Russian solutions in certain categories" as one of the objective reasons for the incomplete transition to domestic software."What Russian developers make should work, be safe and secure by default," said Maksut Shadaev.
However, Alexander Cherny from Reksoft believes that now the process of import substitution leads "to an increase in the number of vulnerabilities."
-For example, according to Positive Technologies, in 2024, almost three times more vulnerabilities were found in Russian software than in 2023," he reminded. - The reasons for this are non-application of secure software development practices by domestic development companies, lack of qualified specialists observed in the Russian market in recent years, as well as insufficient development and functionality of domestic information security tools compared to foreign solutions that have gone away.
Alexei Grishin, technical director of BPMSoft (part of the LANSOFT IT holding), also considers the efficiency of transferring critical information infrastructure to domestic solutions to be extremely low. According to him, the companies were simply not prepared enough for this, although in general the transfer to domestic software can help in repelling cyberattacks.
Ruslan Rakhmetov from Security Vision, however, notes that foreign vendors compromised themselves by leaving the domestic market three years ago and leaving customers without updates, technical support and licenses. Russian solutions at least allow for timely security updates. The expert is sure that domestic defenses are often "more effective than their imported counterparts, which may contain outdated technologies," especially since they are "operated under real combat conditions" and improved based on real feedback.
-The Russian Federation has been under powerful attacks for three years now, so domestic developers will have every opportunity to create much more effective solutions in combat mode," agrees Maxim Bolshakov from EdgeCenter.
He added that Russian software rather lacks ergonomic characteristics, usability, and there are problems with scaling, but these are solvable difficulties.
At the same time, attackers are not sitting idly by. Maxim Akimov from Innostage notes that there are already vacancies from hacker groups that have tried to lure Russian IT solution developers to study the software more deeply and find vulnerabilities for new attacks.
However, Maxim Akimov emphasizes that the effectiveness of cyberattacks decreases only if the company itself revises its approach to cyber security and cyber resilience of its business. Artur Kondakov adds that the success rate of attacks is still high. Efforts to improve security are hampered, among other things, by staff hunger - one of the industry's biggest problems. According to him, the shortage of cybersecurity specialists has reached critical levels, limiting the ability of companies to effectively deal with new threats. Dmitry Khomutov estimates the shortage of qualified specialists in this area at 50,000 people. At the same time, the Russian cybersecurity market is growing - last year by at least 15%.
