F.A.C.C.T., a Russian developer of technologies for combating cybercrime, and the Coordination Center for TLD .RU/.РФ signed a cooperation agreement. The document confirms the competencies of the F.A.C.C.T information security incident monitoring and response team (CERT-F.A.C.C.T.) for the operational blocking of resources on the RuNet from which botnets are managed, malware or phishing is distributed. Similar agreements were concluded with the .SU domain regulator The Russian Research Institute for the Development of Public Networks (RIPN) and the Center for Interaction of Computer Networks MSK-IX.
CERT (Computer Emergency Response Team) is the generally accepted name for information security incident response teams. The first CERT appeared in the United States in 1988 to localize a network virus - the Morrison Worm, which paralyzed the work of 6,000 Internet nodes. Later, similar “computer special forces” teams began to be created around the world at universities, IT companies or government agencies.
Here in Russia, the first private CERT was the 24-hour Group-IB Information Security Incident Response Center (CERT-GIB 24/7/365), opened in 2011. Over the past 9 years, CERT-GIB has blocked more than 30,000 domain names in the .РФ and .RU zones that contained malicious resources. The average response time to the appearance of such a resource was 24 hours, the minimum was 5 minutes.
After Group-IB left Russia in the spring of 2023, there is a new team - CERT-F.A.C.C.T., and Stanislav Goncharov, Director of business development F.A.C.C.T., was appointed its Head at F.A.C.C.T Digital Risk Protection.
“Domestic regulators promptly confirmed the powers of CERT-F.A.C.C.T., in addition, to effectively block dangerous resources and prevent cybercrimes in Russia and the CIS, our CERT-F.A.C.C.T will continue information interaction with international CERT teams,” said Stanislav Goncharov. — “Structurally CERT-F.A.C.C.T. teamed up with the Digital Risk Protection department - this solution will allow us to more effectively combat phishing and scam. In turn, the tasks of responding to complex cyberattacks and proactively detecting threats from our clients have been transferred to the newly created F.A.C.C.T. Cyber Security Center.”
“We are glad to welcome F.A.C.C.T. to the ranks of organizations competent in identifying violations on the Internet and its Computer Emergency Response Team CERT-F.A.C.C.T. — the legal successor of CERT-GIB, one of the oldest members of our institute of competent organizations,” said Andrey Vorobyev, Director of the Coordination Center for TLD .RU/.РФ. — “Today, the “horizontal” cooperation between registrars and competent organizations is especially important: only a prompt, and in some cases lightning-fast response to incidents can protect Russian users from many cyber dangers, and we know for sure that the many years of experience and professionalism of CERT-F.A.C.C.T. employees will make the Russian domain space even more secure.”
Thus, phishing in 2023 remains one of the main cyber threats in the Russian segment of the Internet. For 8 months of this year, F.A.C.C.T. analysts recorded 9,814 phishing domains in the .ru and .рф zones. Most often, scammers disguised their websites as pages of marketplaces, banks and financial organizations, delivery services to steal bank card data, messenger accounts or other credentials.
To effectively search and block resources that pose a threat to users, CERT F.A.C.C.T. specialists use domestic solutions: F.A.C.C.T. Threat Intelligence is a comprehensive solution for researching and attributing cyberattacks, containing structured data on attacker tactics, tools and activity, as well as the F.A.C.C.T. system Digital Risk Protection, capable of performing full automated scanning of resources, closed forums and chats, including Telegram, analyzing data and identifying the illegitimate use of trademarks and other copyright objects.