One in Ten Russian Critical Infrastructure Entities Infected with Malware

Experts from the Solar JSOC cyberattack monitoring and response center, part of Rostelecom-Solar, have released notable statistics on cyber incidents across Russia. According to their findings, one in ten Russian critical information infrastructure (CII) entities has already been affected by various types of malware.

Vulnerabilities Remain Unpatched for Years

The statistics on vulnerabilities within CII objects are particularly concerning. Some organizations have failed to address security gaps that were first reported over a decade ago. These unpatched vulnerabilities allow even low-skilled cybercriminals to infiltrate many critical infrastructure systems.

Most Active Malware Types Detected

By deploying a network of sensors and honeypots, Rostelecom identified the highest activity from four types of malware:

• Glupteba – Known for data theft and cryptocurrency mining.
• PonyStealer – A botnet that has been active for ten years.
• Trojan-Spy.Win32.Windigo – Used for sending spam.
• NjRAT – Provides attackers with remote administration capabilities.

Perimeter Security and Update Delays

Solar JSOC specialists also highlight ongoing perimeter security issues: many companies still have old but relevant vulnerabilities. Researchers attribute this to the lack of a software update process in 90% of organizations. As a result, the average update period exceeds 42 days.

COVID-19 Pandemic Worsens the Situation

The COVID-19 pandemic has further worsened the statistics, as there are now significantly more industrial control systems (ICS) accessible from the internet. Experts note that the number of such systems increased by 60% over the past year.

Expert Opinion on CII Vulnerability

Roman Pustarnakov, Director of Customer Relations at Gazinformservice, commented on the vulnerability of CII objects in Russia:

“Currently, cybersecurity for CII objects in Russia is developing. Federal Law 187 has certainly improved the situation and at least forced organizations to focus on the problem, but it has not solved it.

To improve CII security, organizations themselves need to conduct ongoing security work, such as regularly monitoring network activity and checking the reliability of intrusion protection.

It’s important to understand that administrative liability for non-compliance with regulatory requirements is far from the only problem organizations may face. Lack of CII protection can lead to much more serious consequences, such as complete or partial shutdown of production.”