Infiltration En Route: The Target's Defense in Imminent Danger
In the land of Russia, there's a surging preference for server hosting services from local providers, with a good portion of these clients shunning foreign options. However, cybersecurity gurus raise suspicions that this surge might originate from hackers acquiring virtual servers for launching cyberattacks against Russian corporations. These attacks are tricky to block due to the lack of geographical restrictions.
Russian hosting providers are witnessing a boom in their server capacities, with a meager 29% opting for foreign locations. On the flip side, 71% of clients have set up Virtual Private Networks (VPNs) on equipment within the country. In fact, the number of RUVDS clients using VPN protocols on servers within Russia has jumped by a staggering 41% over the past year.
Cloud service provider RTK-CDC, a subsidiary of "Rostelecom" operating in Russia, corroborates this increase in demand for virtual computing resources. They attribute this growth primarily to the burgeoning trend of business digitization, with the market for cloud technologies ballooning by an average of 30% annually. As explained by Denis Poladeev, Director of Information Security at RTK-CDC, numerous clients of cloud infrastructures are interested in VPN solutions to safeguard transmitted data between sites, offices, and remote connections.
Both companies note that their clients frequently employ protocols like L2TP/IPsec, IKEv2/IPsec, TLS, and OpenVPN. Big businesses also leverage solutions compatible with GOST encryption algorithms (see "Kommersant" from April 16).
Anton Gorelkin, a State Duma deputy, in 2023, once stated, "The current state of the hosting market is in disarray."
However, cybersecurity specialists suspect the rising demand for Russian hosting not only from companies but also from cybercriminals. Andrei Yanikin, director of the IB center at "Infisystems Jet," points out that the number of Russian IP addresses involved in observed attacks is on the rise. In response to such attacks, blocking foreign addresses is typically a strategy when it's non-critical for the company. However, this doesn't help prevent attacks from Russian virtual resources. Furthermore, complexities arise in counteracting and monitoring illegitimate connections, mainly when it comes to blocking connections that utilize VPNs with addresses traced back to Russia. To complicate matters, employees may use VPN infrastructure from local providers to connect to company resources, making attack detection and legitimate users' blocking a challenge.
In the State Duma, they have suggested imposing fines on "shadow" hosting providers.
"Often, hacked virtual machines of individuals on Russian hosting are misused. Users overlook security, and hosting providers could care less about monitoring suspicious activity due to cost considerations," adds the expert.
Another potential downside of the widespread deployment of corporate VPNs on virtual servers without proper management is unauthorized access, cautions Grigory Filatov, head of the IB department at Linx Cloud. At present, the state has the power to control and limit these networks, but the internal affairs of a company typically don't attract the state's attention unless the company is breaking the law, notes Nikolai Stasyuk, director of cloud service operations at Nubes.
Philip Krupalin
Technology companies in Russia are seeing an increase in demand for server hosting services, with a substantial portion of clients preferring local providers over foreign ones. This surge is suspected to be partially driven by cybercriminals seeking to launch cyberattacks from within the country, making it challenging to implement appropriate cybersecurity measures due to the utilization of Virtual Private Networks (VPNs) and the lack of geographical restrictions.
