On December 7, Russian Internet Week (RIW 20/21) hosted the section Countering Threats on the Web 2021, where the speakers discussed the results of joint work between competent organizations and registrars, and reviewed key trends and cyberthreats in 2021. They also analyzed how the landscape of cyberthreats had changed during the pandemic and explained the difference between phishing and simple blackmail. The meeting was attended by representatives of organizations competent in detecting online violations that cooperate with the Coordination Center for TLD .RU/.РФ, registries of top-level Russian domains and experts from the center.
Coordination Center Director Andrey Vorobyev said the 2020-2021 pandemic has seriously affected the landscape of internet technology and scam artists have become markedly more active. To counter cyberthreats, the center created the project Domain Patrol with the participation of competent agencies. “The Domain Patrol site has instructions on how to complain about illegal content or an unlawful resource. Any user may file a complaint using доменныйпатруль.рф,” Vorobyev said.
Yevgeny Pankov, head of the center’s special projects, presented statistics on the messages sent by competent organizations to registrars. In 2021, they sent 10,654 messages, 93 percent of which referred to phishing resources. As a result, delegation was terminated for 9,789 resources or the hosting provider blocked the resource in question. The speaker said that it takes on average from 16 to 20 hours from the time the competent organization sends its message to a registrar to the latter’s decision to terminate delegation. Dmitry Kiryushkin (BIZon) also drew the attention to this fact and demonstrated in his presentation how various registrars react to messages (for example, the response time for the domain .INFO is over 280 hours on average).
Olga Baskakova, head of the center’s projects, spoke about the results of the Netoscope project this year. As many as 239,377 new malwares were added to the project’s database, including 158,849 that were linked with spam mailings, 65,117 associated with the spread of malicious software and 25,123 related to phishing. In addition, Olga told the audience about the monitoring of registration rates of domain names in .RU and .РФ that are related to COVID-19 and measures to curb the pandemic. In all, 1,669 coronavirus-related domains have been registered since the start of the year, with 1,466 in .RU and 203 in .РФ.
Yevgeny Kuskevich (RosNIIROS) spoke about the work of the Automated Information System (AIS) designed to improve cooperation between competent organizations and registrars. RosNIIROS, the registry of the domain .SU, joined the policy of cooperation and coordination of efforts to prevent the unlawful use of domain names in April 2021. Now competent organizations and registrars are collaborating on second-level domain names in the top-level domain .SU by using AIS, and Kuskevich praised the first results of this work.
Representatives of competent organizations also described what they are doing on the forefront of the fight against cyberthreats. Thus, in 2021 they blocked 2,905 malicious domains in .RU based on complaints from Group-IB alone. Indicatively, the number of unique blocked domains went down by 27 percent, but the amount of phishing in them had increased. This was reported by Alexander Kalinin (Group-IB). He also noted that this year fake websites of popular courier services and market places and fake dating were the most widespread forms of fraud.
Alexander Liskin (Kaspersky Lab) reported that in Russia 6 percent of users end up on fraud websites. The world’s average for this figure is a bit higher and reaches 8 percent. According to Kaspersky Lab, the breakdown of fraud resources is as follows: internet stores – 36.8 percent; messaging services – 6.6 percent; banks – 6.4 percent; payment systems – 4.5 percent; and financial services 3.8 percent. Liskin said the sale of cookie files, medical documents and vaccination certificates were the most popular types of fraud.
In conclusion, awards for cooperation on countering and preventing internet violations were presented to the National Coordination Center for Computer Incidents, the Safe Internet League, Group-IB, BIZon, the Bank of Russia, Doctor Web and Roskomnadzor. Kaspersky Lab received a certificate for its active participation in monitoring and countering the use of malicious resources related to COVID-19.