While U.S. federal agencies constantly complain they’re under hack attack from other countries, the Russian government has just as much reason to be concerned about cyberspies, especially homegrown ones.
Russian hackers are difficult to control, and it’s a gross exaggeration to say they act in the interests of their government, as American special services claim. In fact, they’re a huge headache for the Russian government, and as part of efforts to fight them Rostec Corporation in 2016 established the Center for Counteracting Cyber Threats.
Rostec is a major state-owned industrial holding that develops, produces and exports high-tech industrial equipment, including for the military. The company’s cybersecurity center does not seek publicity, and it has only a modest sign in a quaint little lane in old Moscow, and an open-space office where seemingly ordinary IT specialists sit behind computer monitors. You will not even see an electronic map of Russia on the wall, as you might see in a Hollywood film about cyber defenders.
Around-the-clock the center protects more than 700 Rostec corporate subsidiaries from cyber attacks. Among these are the maker of high-precision weapons, the United Instrument Manufacturing Corporation, which produces microelectronics, and Tekhmash Concern, a producer of artillery ammunition.
"We have about 1,000 employees," said Alexander Evteev, the center's director. "They’re graduates of the best technical universities and are the most experienced Russian programmers from every corner of the country. We constantly exchange information with the Federal Security Service (FSB), as well as collaborate with cybercrimes investigators and antiviruses producers."
Aggressive cyber environment
Rostec specialists say hackers were once more interested in bank accounts, but today they try to gain access to industrial and scientific secrets in order to blackmail government agencies. Cyberattacks originate from neighboring countries, as well as from Russia itself.
Russian hackers often use the Russian market to test their "novelties" before carrying out attacks on foreign countries. The most popular form of attack is the encryption and blocking of company databases. After stealing them, criminals promise to send a code for decrypting the databases in return for money, but in reality the data is almost never returned after payment. One way to minimize risks is to make reserve copies.
New forms of cyber attacks are constantly appearing, such as complex targeted attacks on industrial systems and company infrastructure, the installation of encrypting programs and DDoS attacks, which are false queries that result in a site's breakdown.
The center's security experts see an advantage in simultaneously protecting a large number of companies. They can observe and track events related to information risks, and quickly act to provide protection.
Defending a high-tech military company from hacking is different from your average company. Rostec's subsidiaries, for example, use firewalls and intrusion detection systems, which are based on behavioral analysis and search for anomalous activity with special algorithms.
"Most frequently the infection occurs through unwitting employees," said Evteev. "For example, an employee receives a phishing letter with interesting content that is practically impossible to distinguish from the real one. It can be a letter containing a statement that the employee was expecting." A virus that isn’t in an anti-virus database is often placed directly in a PDF or Word file, said Evteev.
While the letter itself doesn’t pose a threat, it establishes contact between the employee's personal machine and the attacker's command center. Then, the hacker decides what to do next: download a remote control module, turn on the surveillance function to follow the user, use the computer resources for a DDoS attack, or sell access to the computer on the black market.
Discovering this type of hack is very difficult, and such espionage can last years. The Rostec center has systems that detect anomalies in the behavior of information systems, and after the discovery is made, the unknown harmful files are sent to a security laboratory, such as Kaspersky, which adds them to its antivirus programs.
The Rostec center must quickly warn state corporations about planned threats and neutralize them. The objective of the cyber security specialist is to make the hacking process for the criminal so complex and expensive that he’ll think twice next time before doing it.