The Business Information Security Summit will be held at the end of September, online (September 24-25). Topic of the event: Demo version of the new reality. Information security strategy for change management. The participants of the meeting will answer questions and tell about approaches: what strategy is chosen by information security for managing change, from the VUCA world to BISSEXTUS 2020, turbulence as a springboard or a struggle for survival.

Day 1. Discussion 1. Welcome, or No unauthorized entry is allowed. Experts: Natalya Kasperskaya (President of InfoWatch Group), Alexander Malkevich (Deputy Chairman of the Commission for the Development of the Information Community, Mass Media and Mass Communications of the Public Chamber of the Russian Federation), Alexander Maslyuk (expert on HR transformation in SAP CIS), Vladimir Dubrovin (Technical Advisor on Information Security Mail.ru Group).

Discussion 2. Information security in an era of change - here and now: risks, consequences, expectations. Speakers: Dmitry Manannikov (director of corporate security at Ozon), Mona Arkhipova (co-founder and COO at sudo.su (MIRTs), Roman Bondarenko (deputy head at SB FC Pulse), Stepan Deshevykh (head of InfoWatch product development department).

Discussion 3. Security of the digital future: what are digital assets and how to protect them. Speakers: Mikhail Smirnov (director of the InfoWatch expert and analytical center), Alexander Podobnykh (independent information security expert SICP), Vladislav Pak (IT director of Stoloto).

Day 2. Round table. Regulatory requirements 2020-2021. Speakers: Artyom Sychev (First Deputy Director of the IB Department of the Bank of Russia), Vitaly Lyutikov (Deputy Director of FSTEC of Russia), Dmitry Sytin (General Director of TEK-Torg CJSC), Evgeny Tsarev (Managing Director of RTM Group), Konstantin Samatov (Director of the Center Information Security Institute of Management and Information Technologies USUE).

Also, the opinions of vendors will be presented, taking into account new approaches, and a master class on the preparation of a Disaster Recovery Plan (DRP) will be organized. Closing discussion: Who should be “shot” for the incident? Lev Paley (head of the information security department of SO UES), Vasily Okulessky (deputy head of the information security service of Vozrozhdenie bank), Sergey Sherstobitov (general director of Angara), Kirill Ermakov (CTO QIWI).

Source: BIS Summit

The European Union Agency for Law Enforcement Cooperation, or Europol, 09/10/2019 released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms of prevalence and financial damage.

While the IOCTA report talks about online threats that both consumers and businesses face on a daily basis, it also puts data at the center of it all. We rely on it—often, all too much—and criminals know this. And yet, most threat actors behind attack campaigns rely on our data to make their attacks more successful, compelling us to take action. After all, nowadays an attack that doesn’t use data against its owners wouldn’t be much of a money-earning scheme.

Threat actors can deprive organizations and individuals’ access to their own files by encrypting and holding them for ransom, such is the case for ransomware. And they can also deny the average user access to an organization’s data (and services) through Distributed Denial of Service (DDoS) attacks. According to Europol, such attacks with an extortion element in them are the most prevalent.

Data also enables other forms of online crime like fraud. Criminals are primarily after financial data, such as credit card information, online banking credentials, and cryptocurrency wallet data. They are also after personally identifiable information (PII) and other login credentials. Such data fuels other profitable, targeted attacks like business email compromise (BEC) scams, spear phishing, and account takeovers.

There is also the challenge of data overload, particularly in the realm of child sexual exploitation (CSE) crimes. The staggering amount of material online detected by law enforcement and private companies continues to increase to the point that it’s putting a strain on law enforcement resources to investigate these crimes. One contributing factor to the increase of availability of CSE material online is that more underage users are accessing and using social media, thus, criminals reach and communicate with them via these platforms.

Other IOCTA findings:

• The IOCTA report also noted that key infection vectors are phishing and remote desktop protocol (RDP) vulnerabilities. Simple patching can address vulnerabilities. As for phishing, did you know that you can be targeted on your desktop and smart phone?
• Organizations are growing more concerned about sabotage performed by malicious insiders.
• Ransomware tactics have shifted, from a scattergun approach of infecting systems to a more focused and refined targeting of profitable victims. This means that ransomware proponents target those with a greater ability to pay a ransom than the average, normal user.
• BEC is evolving. There have been campaigns wherein threat actors used malware and network intrusion.
• Self-generated explicit material (SGEM) is on the uptick. Young children now have access to high-quality smart phones, which enables them to produce and share SGEM, either voluntarily or under coercion. The rising number of SGEM victims will likely to continue. Parents and guardians: Please talk to your kids about this, and other online risks.
• Jackpotting, also known as black-box attacks, against ATMs are becoming more widespread and accessible due to tools like Cutlet Maker being more available on the dark web.
• Card-not-present (CNP) fraud and skimming continue to plague financial institutions. Don’t be a victim of skimming.
• Due to law enforcement activity and extensive DDoS attacks against hidden services, many have grown distrustful of the onion router (Tor) environment. While underground market administrators are currently exploring alternatives, a migration to a new platform will not likely happen yet.

Source: Europol

Source: Malwarebytes Labs

On July 30, the SICP (Security Intelligence Cryptocurrencies Platform) platform announced the launch of the first Russian commercial Center for monitoring cryptocurrency transactions, identifying the risks of cryptocurrency wallets and responding to incidents in the field of cryptocurrency circulation (CryptoCERT).

This service is the first in Russia and the UIS. Today, any citizen or organization can send information about fraud (another threat or risk) related to cryptocurrencies. Additionally, the publicly available interactive map displays profiled crypto wallets by country. The custom menu allows you to display one or more profiles. The legend displays the share and number of wallets associated with the profile. For registered and verified users, a wider visualization functionality is available.

It should be noted that on July 22, the State Duma of the Russian Federation adopted in the 3rd reading the law "On digital financial assets". The new rules will enter into force on January 1, 2021. The law "On digital currency" is expected to be considered in the coming autumn.

Remarkably, today is World Day Against Trafficking in Persons. It is a serious crime and gross violation of human rights. The United Nations Office on Drugs and Crime (UNODC), as the guarantor of the United Nations Convention against Transnational Organized Crime and the Protocols thereto, assists States in their efforts to implement the Trafficking in Persons Protocol.

By the way, this factor is taken into account when assessing the risks of crypto wallets, in the SmartEcho service, and identifying suspicious transactions ...

Source: sicp.ueba.su

Source: k4y0t.ru

The quarantine situation causes the rapid development of distance services, as well as the widespread use of contactless payments and electronic currencies. At the same time, a significant event took place on the Russian cryptocurrency market. A few days ago, the SICP platform team received a notification from the Federal Intellectual Property Service of the Russian Federation about the state registration of a computer program (03/18/2020 No. 2020613600) - Security Intelligence Cryptocurrency Platform (SICP) or Cognitive (corporate) analytics system Transaction Cryptocurrency Asset.

The platform’s web services are designed to provide cybersecurity for the infrastructure of blockchains (distributed registries) and implement anti-fraud measures in the field of cryptocurrency circulation. Functionality: risk assessment of Digital Assets; cryptocurrency investigations; conducting complex events in the field of cryptocurrency circulation; cryptocurrency wallet and ICO reliability assessment; tracking transactions correlating with a real object (organization); ordering advice on the possibility of an investigation (and the collection of necessary evidence); Advanced analytics of public blockchains and reports on suspicious transactions and related objects.

Today, a large number of SICP users leave user ratings about crypto-wallets and transactions, researchers actively use the SmartEcho and CryptoSonar services to evaluate crypto-wallets and visualize research (investigation) scenes, experts use CryptoSonar and MetaSphere services to save scenes and analyze the wallet and transaction pool (by internal tags).

In your personal account, verification tools are available for owners of crypto-wallets and even crypto-firms, with obtaining the appropriate status (and the ability to share certificates on social networks and on sites). There is the possibility of monitoring wallets for incoming / outgoing transactions (other events), saved scenes and functionality for conducting joint investigations (by registered users).

It is noteworthy that it is on Cosmonautics Day that we will announce this event! .. A significant step, if not for the entire global financial and technological sector, then surely for the entire industry of end-to-end technologies...

Source: K4Y0T Project.

Paris, 17 December 2019 - The Russian Federation (Russia) has an in-depth understanding of its money laundering and terrorist financing risks and has established policies and laws to address these risks, but it should enhance its approach to supervision and prioritise the investigation and prosecution of complex money laundering cases, especially concerning money being laundered abroad.

The Financial Action Task Force (FATF), the Eurasian Group and MONEYVAL, assessed Russia’s anti-money laundering and counter terrorist financing (AML/CFT) system. The assessment is a comprehensive review of the effectiveness of Russia’s measures and their compliance with the FATF Recommendations. This includes an assessment of its actions to address the risks emanating from UN and domestically designated terrorists and terrorist organisations. The report does not address the justification that led to the domestic designation of an entity as a terrorist or terrorist group or organisation.

Russia recognises that it faces significant money laundering risks as a result of the proceeds of crimes committed within the country, in particular those related to corruption and its role as both a transit and destination country for narcotics trafficking. A national risk assessment, complemented by in-depth knowledge of relevant law enforcement agencies, has allowed the country to identify and understand its risks, including terrorist financing risks. Russia’s legal framework appropriately addresses these risks and the country has formal policies in place, supported by strong domestic co-ordination and co-operation, to combat money laundering and terrorist financing. However, the country needs to address gaps in its ability to freeze, without delay, assets linked to terrorism, financing of terrorism and proliferation of weapons of mass destruction, and ensure that this freezing obligation extends to all natural and legal persons.

In general, Russia cooperates with foreign counterparts, including through more than 100 international co-operation agreements with its financial intelligence unit, Rosfmonitoring. Authorities make excellent use of financial intelligence, based on a wealth of collected data and analysed with sophisticated technologies to contribute to money laundering and terrorist financing investigations. While the country has prioritised getting money back for the victims of crimes – around EUR 816 million per year – it needs to focus more on the investigation and prosecution of complex money laundering cases, especially concerning money being laundered abroad.

Russia has strengthened its oversight of the banking sector and has now mitigated the risks of criminals being the owners or controllers of financial institutions. However, deficiencies in licensing remain and the sanctions for banks that do not comply with AML/CFT requirements are not effective or dissuasive.

In general, financial and certain non-financial entities such as accountants and auditors, have a good understanding of how their services could be used to launder the proceeds of criminal activity or terrorist financing, but given that Russia is a significant centre for mining precious metals and stones, this sector’s understanding of risk is not in line with the country’s risk assessment.

Since its last assessment in 2008, Russia has strengthened its understanding of the money laundering and terrorist financing risks it faces and has developed a robust legal framework to address them. The country has taken a number of actions that have delivered concrete results. But, the country needs to address the areas of weakness this report has identified.

The FATF adopted this report at its October 2019 Plenary meeting.

Source: FATF-GAFI.ORG - Financial Action Task Force (FATF).

The seventh conference of ITS Moscow 2019 will be held on November 29 of the current year (at 13:00, Skolkovo Technopark). At the event, a report on the work for 10 years from the Chairman of the Management Board, Viktor Vladimirovich Minin, will be presented.

This year ACISO is celebrating its 10th anniversary. The Association brought together ambitious, successful, talented experts in the field of information security. Also in the program are reports of ACISO Members: Alexander Mishurin, Mikhail Smirnov, Alexander Pershin, Konstantin Samatov, etc.

After which, it is planned to hold the Reporting and Election Conference of ACISO. It is held every two years and is obligatory for visits by all members of ACISO. If a member of the Association does not have the opportunity to attend the event, he draws up a power of attorney for the right to vote.

Source: ACISO.

Colleagues, the Association of Chiefs of Information Security Officers (ACISO) invites you to the 8th annual conference of ITS St. Petersburg 2019 (October 10, Prospect Medikov 3-A). Continuing the theme of the year: Beyond reality. The meeting participants will discuss issues of protecting information and the individual as a whole.

Welcoming remarks by the Chairman of the Board of ACISO - Victor Minin, and acquaintance with invited experts will open the event. The program has 3 sections planned, in one of them I will speak, in the light of work on the SICP project: Patrolling blockchains and investment security in the field of cryptocurrency circulation...

In addition, a round table with regulators will be held at the conference, as well as the 2nd version of the manual on the safety of СII (Critical Information Infrastructure) objects of the organization (each participant will get it)!

Source: ACISO.

On September 3, 2019, in St. Petersburg, specialists and residents of the SafeNet RIC of the St. Petersburg Technopark, together with the Russoft NP and Bee Pitron, held a presentation session for the Indian delegation of Infinity Group. The key focus of the event was the creation of a platform for interaction between participants in the Russian-Indian market.

As part of the meeting, Igor Bederov presented the developments of the Special Development Department for a distinguished guest from India. Mr. Darbari drew particular attention to existing developments in the field of cryptocurrency transaction control and crime prevention. According to him, in India, up to 20% of the population and a significant amount of low-level crime use cryptocurrencies. In addition, the country has not resolved the problem of relapse in previously convicted criminals.

Back in July, in the format of the Second Russian-Indian strategic dialogue, in order to establish a technology transfer, an agreement was signed between RUSSOFT and Infinity Group. As a result, the ICT Center of Excellence project was launched in India, designed to establish cooperation between the two countries in the direction of business development and international assistance to SMEs.

The delegation of the Infinity Group, headed by Mr. Darbari, flew to Russia to meet with potential recipients of investments and to transfer technology from Russia to India under the “Made in India” program.

After a tour of the engineering center, SafeNet residents presented their projects in the areas of Artificial Intelligence, Internet of Things, cyberphysical security, blockchain, virtual and augmented reality. The parties discussed the situation on the international high-tech market and considered options for potential mutually beneficial cooperation. ICT experts emphasized the relevance of Russian solutions to the market of India and other countries and discussed the possibility of implementation.

Source: Engineering center SafeNet.

Orlando, FL, United States – 21 June 2019. Financial innovation has drastically changed the financial landscape. New technologies, services and products offer efficient alternatives to classic financial products and can improve financial inclusion. At the same time, the speed and anonymity of some of these innovative products can attract criminals and terrorist who wish to use them to launder the proceeds of their crimes and finance their illicit activities.

This guidance will help countries and virtual asset service providers understand their anti-money laundering and counter-terrorist financing obligations, and effectively implement the FATF’s requirements as they apply to this sector.

This guidance follows revisions to the FATF Recommendations in October 2018 and June 2019 in response to the increasing use of virtual assets for money laundering and terrorist financing. The FATF strengthened its standards to clarify the application of anti-money laundering and counter- terrorist financing requirements on virtual assets and virtual asset service providers. Countries are now required to assess and mitigate their risks associated with virtual asset financial activities and providers; license or register providers and subject them to supervision or monitoring by competent national authorities. Virtual asset service providers are subject to the same relevant FATF measures that apply to financial institutions.

The guidance addresses the following:

- How do virtual assets activities and virtual asset service providers fall within the scope of the FATF Recommendations? (Section II)
- How should countries and competent authorities apply the FATF Recommendations in the context of virtual assets or virtual asset service providers? (Section III)
- How do the FATF Recommendations apply to virtual asset service providers, and other entities (including banks, securities broker-dealers) that engage in or provide virtual asset covered activities?

The guidance, which benefited from dialogue with the private sector, also includes examples of national approaches to regulating and supervising virtual asset activities and virtual asset service providers to prevent their misuse for money laundering and terrorist financing.

Source: Financial Action Task Force (FATF).