All news

Bank of Russia reports rising number of attacks on financial IT solution providers

The Bank of Russia explained that the danger of such attacks lies in the difficulty of detecting them

MOSCOW, May 23. /TASS/. The Bank of Russia reported an increase in the number of attacks on suppliers of various IT solutions used in the financial market, the regulator said in its report.

"It is particularly noteworthy that attacks on third parties - suppliers of various IT solutions utilized in the financial market - have increased in frequency in 2023. Having accessed the infrastructure of companies, attackers stole data and found possible ways to secure service providers in the infrastructure for further remote connection to the infrastructure of their clients, including financial institutions," the regulator said.

The Bank of Russia explained that the danger of such attacks lies in the difficulty of detecting them.

The regulator also experts called DDoS attacks, including those using botnets (networks of computers infected with malware) and the Internet of Things, as one of the trends for 2024 in the field of cyber attacks. "FinCERT (Financial Sector Computer Emergency Response Team, a special division of the Bank of Russia - TASS) forecasts the following trends in the field of computer attacks aimed at financial organizations and individuals for 2024: DDoS attacks, including using those using botnets and the Internet of Things devices," the regulator said.

The Bank of Russia also reported a decline in DDoS attacks in 2023, but this type of attack still remains the most popular. "In 2023, we noted a decline in cyber attacks of the DDoS type. However, this type of attack remains the most popular and accounts for 41.2% of the total number of analyzed computer incidents against participants in the credit and financial sector," the regulator said.

According to the Bank of Russia, this is due to the fact that this type of attack is easy to do and an attacker does not need to have in-depth technical training or special knowledge to carry it out.

The distribution of computer attacks in 2023 was as follows - phishing emails (15.2%), attacks using malicious software (34.3%), scanning (5.7%), DDoS attacks (41.2%), and password guessing attacks (3.5%).