On Friday, telecom giant Rostelecom stated that it thwarted DDoS-attacks on the five largest banks and financial institutions in Russia. All the attacks were on 5 December 2016, the longest of them lasting for over two hours. Muslim Medzhlumov, director of the Rostelecom Cybersecurity Centre, said in a statement posted published on the company’s website:
The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users usually referred to IoT devices. A distinctive feature of the attacks was that they were organised with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organise DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom had an attack on users’ home devices, as well as the Irish provider Eircom.
On 2 December, the Federal Security Service (FSB) reported that it’d received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from 5 December 2016, aimed at destabilising Russia’s financial system and the activities of a number of major Russian banks. A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on 5 December on the site of VTB Bank Group.
On Tuesday, President V V Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favouring organized crime, extremists, and terrorists. The doctrine notes that foreign intelligence services target Russian government agencies, scientific centres, and military industries using electronic and cyber surveillance. To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT”. The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks.
9 December 2016
The Anglos blubber about nonexistent Russian cyberattacks… as they mount their own bumbling attacks on Russia. Russian geeks are the tops… this shows it… it’s why I have Kaspersky on my machine… it’s been the best, it’s protected me from all kinds of cyberworld mugging, so, I’ve never regretted “going Russian”… so should you.