Cybersecurity experts recorded a unique mass attack on Russian business. It is unique because hackers disguised themselves as well-known brands and used smart devices. This is the first mass attack of this kind.
Hackers presented themselves as representatives of famous brands, including retail chains, construction and oil companies. They sent e-mails with malicious software, in particular, on behalf of the Auchan hypermarket chain, or on behalf of the transnational energy Corporation Gazprom, qualitatively copying their style.
The e-mails contained the encryption virus Shade/Troldesh, it encoded files on users devices and demanded from them a fee for access to them.
Vladimir Dryukov, Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the intensity of this phishing mailing is several times higher than usual. According to him, the attack affected about 50 largest companies in Russia, whose employees received 10-50 letters a day. Group-IB experts recorded up to 2000 mailings per day.
The main feature of these attacks is the use of smart devices, for example, hacked routers around the world, as they are much more difficult to track. In addition, virus emails can be sent from any device that is capable of it, for example, modems, ecosystems of smart homes, network storage. Experts believe that in the future the number of hacker attacks using them will only grow.
"Usually IOT devices are used for DDoS attacks. Sending phishing emails from routers is still exotic, " said Vladimir Dryukov.
It is worth noting that the attacks on Russian companies began in November, but their peak came in February. Which companies were attacked and how much damage was caused to them is not disclosed.
Hackers presented themselves as representatives of famous brands, including retail chains, construction and oil companies. They sent e-mails with malicious software, in particular, on behalf of the Auchan hypermarket chain, or on behalf of the transnational energy Corporation Gazprom, qualitatively copying their style.
The e-mails contained the encryption virus Shade/Troldesh, it encoded files on users devices and demanded from them a fee for access to them.
Vladimir Dryukov, Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the intensity of this phishing mailing is several times higher than usual. According to him, the attack affected about 50 largest companies in Russia, whose employees received 10-50 letters a day. Group-IB experts recorded up to 2000 mailings per day.
The main feature of these attacks is the use of smart devices, for example, hacked routers around the world, as they are much more difficult to track. In addition, virus emails can be sent from any device that is capable of it, for example, modems, ecosystems of smart homes, network storage. Experts believe that in the future the number of hacker attacks using them will only grow.
"Usually IOT devices are used for DDoS attacks. Sending phishing emails from routers is still exotic, " said Vladimir Dryukov.
It is worth noting that the attacks on Russian companies began in November, but their peak came in February. Which companies were attacked and how much damage was caused to them is not disclosed.