Whose cyberattacks are the most devastating for governments and businesses in the CIS?

These days, cyberattacks are not just a way to make a profit but have become a full-fledged tool for hybrid warfare. These conclusions are based on a survey of the cyber threat landscape in the CIS in 2023 and the first half of 2024, conducted by Positive Technologies (PT).

The growing number of cyberattacks in specific regions, as well as globally, is no longer breaking news. However, the dynamics of these attacks can indicate which regions are the hottest targets for hackers. The CIS is one of them. According to PT’s survey, the number of attacks increased by 2.6 times in the second quarter of 2024, year-on-year.

«Russia accounted for nearly three-quarters (73%) of cyberattacks targeting various organizations in the CIS, followed by Kazakhstan (8%) and Belarus (7%). The sectors that reported the highest rate of attacks were public institutions (18%), the industrial sector (11%) and the telecommunications industry (10%). A wide range of perpetrators are responsible for these attacks, from shadow market operators to cyber spies working on behalf of governments,» the survey revealed.

In the CIS, hackers typically employ malware, social engineering and DDoS attacks to achieve their goals, which include the leakage of confidential information (41%) and disruption of core activities (37%). Interestingly, DDoS attacks are used more frequently in the region than the global average (18% vs. 8%).

The survey also pointed to cyber espionage groups as another serious threat to CIS member states. These types of attacks accounted for 18% of successful breaches in the region. Cyber spies primarily target public agencies, industrial enterprises and scientific and educational institutions. Politically motivated hackers, also known as hacktivists, were responsible for 26% of cyberattacks. Their focus is on stealing confidential data and launching DDoS attacks.

The situation in Kazakhstan shows some differences. PT analysts noted a high proportion of attacks on media outlets (19%), including Kursiv.media, as well as on public agencies (12%), financial organizations (12%) and telecommunications operators (7%).

«Two-thirds of the attacks on Kazakhstan (65%) involved the use of malware, while one in two attacks (53%) employed social engineering techniques. More than a third of these attacks (35%) resulted in the leakage of confidential information, particularly personal data and login credentials. The National Computer Emergency Response Team (KZ-CERT) identified the primary info stealers used in these attacks, such as RedLine, Vidar, Raccoon and Azorult,» experts noted in the survey.

Successful attacks on public agencies were primarily linked to the use of malware (62%) and social engineering methods (57%). «One in five attacks (19%) on public agencies involved DDoS. Such attacks typically intensify before or during significant political or social events,» PT experts highlighted, citing attacks on the servers of United Russia (a political party) on the day of the Victory Dictation, as well as attacks against various public resources in Russia on the day of the presidential elections. Approximately 22% of these attacks achieved their goals, effectively disrupting the operations of state agencies.

«In February 2024, a cyberattack on Post of Moldova led to the complete disruption of the company’s postal and financial services within 24 hours, resulting in long lines at post offices across the country. In April 2024, a cyberattack on Russia’s Federal Customs Service caused operational failures, leading to the suspension of customs paperwork,» the survey reported.

The industrial sector accounted for 11% of all reported cyber incidents. In four out of five cases, industrial enterprises were attacked using malware. Half of these cases involved info stealers, a third used remote desktop applications and a quarter involved cryptographic codes. The sole aim of all these attacks was the same — industrial espionage.