Malefactors change cyberattack and deception tactics
Hackers are increasingly trying to identify and use vulnerabilities in companies’ software and are attacking suppliers of IT solutions to financial institutions. This is specified in the Bank of Russia review which analyses malefactors’ activities in 2023, among other things.
The malefactors continued to use DDoS attacks, sent maleware and phishing emails.
To steal money from individuals, fraudsters frequently use personalised deception scenarios that make their actions as realistic as possible. To this end, malefactors use information about a person from open sources, including social networks, and compile the data from different bases to which they obtain access during successful computer attacks on various companies. This strategy is very dangerous, since it considerably raises confidence in the malefactors during a telephone conversation or correspondence.
The Bank of Russia points out attackers’ another trend that involves the hacking of users’ personal accounts in online stores and delivery services as well as social networks and marketplaces and other sources. Hackers managed to do this by using brute-force attacks, among other things. The regulator advises against placing personal and financial information in social networks and other open sources and using the similar passwords from personal accounts in various services. The Bank of Russia recommends that individuals frequently update their passwords and, if possible, use two-factor authentication to confirm access with a code from an SMS.