The digitalization of society and forced retirement forced the business to face new difficulties. Hackers began to attack twice as often and faster, but companies themselves are changing their defense strategy. For ordinary users, the year will probably be remembered for the transition to the “metaverse” and the boom in crypto-art.
Top dangers of 2021
The outgoing year has shown an increase in the number of attacks on Russian companies. According to the Jet Infosystems integrator, since the beginning of 2021, the number of hacking attempts has almost doubled. This was facilitated by the record number of vulnerabilities found in popular corporate services and applications.
In addition, as Andrey Yankin, an integrator’s specialist, noted, cybercriminals began to react more quickly to information about vulnerabilities published on the Internet.
“On average, hackers now begin to attack within 1–2 days after the first news of a breach in a system or application appears,” said the expert. – For example, massive exploitation of the Log4Shell vulnerability was noticed within a few hours after the first publications. New attacks were observed every time new details became known.
By the way, a vulnerability in the Java library – Log4Shell became the main news this year, Yankin said. Many thousands of organizations, from small to the largest, remain under threat in Russia.
Group-IB experts prioritize ransomware. The principle of their work is simple. A virus enters the company’s computer, which gains access to files and encrypts information, making it inaccessible to the user. Then the attackers demand a ransom for decoding the data.
“In Russia alone, the number of such attacks increased by 200% in 2021,” says Group-IB. – The ransom amounts demanded by the ransomware operators from their victims (international companies) are huge – some reached $ 50-70 million. About 30% of the attacked companies pay the ransom to cybercriminals.
According to Kaspersky Lab, which described the same problem, from January to November 2021, the share of requests related to ransomware attacks was 47%.
Phishing and fraudulent affiliate programs (Scam-as-a-service, Phishing-as-a-service) are also widespread.
– Initially, they were focused on Russia and the CIS countries, – explained in Group-IB. – Now we are increasingly looking at affiliate programs aimed at European, Asian, Middle Eastern, and American companies. It is known about 71 brands from 36 countries, under which members of such “partnerships” create and distribute phishing. Among the most attacked: marketplaces (69.5%), delivery services (17.2%), ride sharing (car-sharing services for travel) —12.8%.
Another growing trend in the information security market is the protection of automated control systems with which enterprises are equipped. In the event of an attack, the cost of a cyber incident increases significantly.
– Now all factories are automated to one degree or another. This year, the share of computers in ICS where malware was detected was 40%. According to this indicator, Russia is in fifth place in the world, – said Mikhail Pribochiy, Managing Director of Kaspersky Lab in Russia and the CIS countries.
How does a business protect its data
New threats forced customers (users of information security products) to reconsider their data protection strategies. Companies no longer have to confront individual hackers, but the entire cybercrime industry. Increasingly, cybercriminals are using automation instead of hacking into something manually, emphasizes Andrey Yankin from the Jet Inform system.
– An inexperienced team protecting corporate IT infrastructure in such conditions is simply doomed. Therefore, now cyber training is gaining popularity on specially prepared cyber polygons. At the same time, due to staff shortages, companies are increasingly using the services of information security specialists for outsourcing instead of expanding their internal teams. This is a trend of recent years, which is only gaining momentum, – said the source.
The main achievement, according to Yankin, was the adaptation of the industry to new working conditions. The protection of remote workplaces, which was done on the run in 2020, is now qualitatively refined.
In turn, Kaspersky Lab noted that organizations have begun to take a comprehensive approach to cybersecurity and prefer to build their information security systems, trusting one vendor (supplier). At the same time, top managers are ready for additional expenses.
“The global shift to remote and hybrid modes of operation has required companies to increase investment in information security. According to our survey, more than half of information security specialists expect an increase in information security costs in their organization in the coming years”
Key technology trends
The source of the infection: the six most sinister viruses in the history of the Internet
Laptop infected with malware sold for $ 1.3 million
For the second year now, the Covid-19 pandemic continues to affect not only the interests of business but also the lives of ordinary users. People spend more and more time on the Internet, which suggests a trend towards the digitalization of society as a whole.
One of the main trends of the year was the creation and development of “metauniverses” by companies, says Ksenia Sycheva, global communications manager at Opera. According to her, IT companies aim to create their own virtual space and attract users to them – to relax, work, communicate. So, Facebook rebranded and turned into Meta, and Sberbank dropped the last syllable back in 2020, expanding its thematic coverage.
– Opera has also joined this trend, opening the first online “graveyard” for gamers within the metaverse. On this platform, you can ironically “bury” the avatars of friends who have disappeared from the gaming life due to family or life obligations, ”the company said.
The same trend – the creation of super applications – is noticed by Viber analysts. In addition, they pay attention to the development of projects using artificial intelligence. First of all, for the services of virtual assistants, which have recently been launched by several IT giants in Russia.
– On hearing such services as “Alice” from Yandex, “Oleg” from “Tinkoff”, voice assistants “Salyut” from Sberbank. Recently, virtual assistants have been actively developing in messengers, – said Anna Migal, senior director of business development at Rakuten Viber in Russia and the CIS.
A full-fledged trend in 2021 can rightfully be considered the vector of state development in the digitalization of business. A systematic departure to digital, which used to seem like a forced measure, is now becoming one of the priority areas, says Alex Kontsov, founder of the IT company Involta. Among the many projects, he singles out the Sirius Center and University 20.35 as the most promising in terms of education of the future.
Finally, the boom caused by NFT tokens cannot be ignored. The sale of crypto art was discussed at the level of both state museums and satirical cartoons.
IT and law
In the outgoing year, the IT business has also faced new legal solutions that may receive additional regulation shortly.
Landing and punishment: the authorities have determined which IT giants will need offices in the Russian Federation
What awaits business for refusing to cooperate with government agencies
– The most significant trends in 2021 were the parallel processes, and in an accelerated manner, tightening the screws about foreign IT companies (mainly the largest operators of social networks) and the turnover of cryptocurrencies, – summed up Mikhail Tretyak, partner and head of practice at the DRC law firm.
The year began with the entry into force of several laws aimed at regulating content on social media. In the summer, the so-called landing law was passed, which obliged large foreign IT companies to open offices in Russia.
According to the lawyer, the apogee of the confrontation between the state and the largest international IT companies was the verdict of the magistrates of the Tagansky region to Google and Meta corporations in the form of gigantic turnover fines (1.99 billion rubles for Meta, 7.22 billion rubles for Google). Sanctions were taken for companies not removing prohibited content. Mikhail Tretyak predicts that this precedent will give rise to the regular imposition of turnover fines on other similar companies and their services, included earlier this year by Roskomnadzor in the list of social networks, including Twitter and Discord.
– As for the crypto industry, this year was remembered for the introduction of the Central Bank of the Russian Federation of amendments to Regulation 375-P, according to which transactions with digital currency are now classified as general signs of suspicious transactions, presumably aimed at legalizing (laundering) funds obtained by criminal means and financing terrorism. Apparently, the Central Bank is simply tired of waiting for the bill aimed at regulating the turnover of cryptocurrencies in Russia, and thus decided to unilaterally actually criminalize operations with them, – the source of Izvestia believes.
Given the fact that legislative initiatives in these two areas were adopted with enviable regularity, these trends may continue not only in 2022 but further, until 2024, the lawyer concluded.