Experts reveal the top cyberthreats to Russia since the geopolitical tensions of 2022 that a quality NGFW can prevent

On November 20, Positive Technologies held a grand launch event for PT NGFW—the next-generation firewall. One of the main missions of PT NGFW is to protect companies from cyberattacks, which have increased significantly over the past two years. For instance, in the first three quarters of 2024, the number of cyberattacks was equal to the total recorded for all of 2022. On the day of the product presentation, Positive Technologies reviewed the transformation of the country's cybersecurity landscape since February 2022 and highlighted key trends in cyberthreats: an increase in the number of active APT groups, a rise in malware attacks, and critically dangerous vulnerabilities in Russian software.

Since 2022, the Cyberthreat Research Department at Positive Technologies' Expert Security Center (PT ESC TI) has been tracking 35 new hacktivist groups and 26 active APT groups. Six of these groups were first revealed by PT ESC. For comparison, from 2019 to 2021, hacktivists were barely on the radar of experts. During this period, the PT ESC primarily focused on APT groups, with 18 of them exhibiting particularly high activity.

The most common method of cyberattack is the use of malware. In 2023, it was used in 54% of all attacks and this has been steadily rising ever since. The primary types of malware used in successful attacks are spyware (49%) and remote access trojans (30%). Attackers often abuse legitimate tools, such as AnyDesk and TeamViewer, to carry out these attacks within organizations.

Over the past two years, the use of legitimate software to carry out attacks has emerged as another significant trend. Cybercriminals go to great lengths to hide their activities, often leveraging popular services like Dropbox, Google Sheets, Telegram, YouTube, and Yandex Disk.

Positive Technologies also warns of multiple vulnerabilities in Russian software. In 2024, PT SWARM, an expert team of ethical hackers, discovered nearly three times more vulnerabilities in Russian software compared to 2023, with 20% of the detected vulnerabilities being critically dangerous. Experts predict that with the rise of import substitution, the number of vulnerabilities in domestic products will continue to grow. 
With the unfortunate honor of topping the leaderboard of vulnerable Russian products are websites managed by the 1C-Bitrix content management system. The proportion of the vendor's products that are vulnerable has skyrocketed from 13% to 33% over the past year. However, security issues are not exclusive to domestic software¹.

Russian businesses tend to remain tight-lipped about cyberincidents, which most often come to light when the media uncovers the aftermath—particularly in cases involving data breaches. Nearly half of all successful attacks on Russian organizations in the first three quarters of 2024 resulted in leaks of confidential information. According to research by Positive Technologies, in the first half of 2024, 10% of data sale advertisements on dark web forums targeted companies in Russia, making the country the leader in this regard, followed by the U.S., India, China, and Indonesia. The second most common consequence of cyberattacks in Russia is the disruption of core operations—a challenge faced by Russian organizations in one out of every three successful attacks since 2022.
A game-changer in protecting Russian companies from cyberattacks is a reliable next-generation firewall (NGFW). From the very beginning of PT NGFW's development, Positive Technologies aimed to create a world-class product capable of protecting businesses from cyberthreats. PT NGFW's built-in security modules, such as its IPS system, antivirus protection, URL filtering, and threat intelligence enrichment, address current threats without sacrificing performance.

Denis Korablev, Managing Director and Product Director of Positive Technologies: "When we began developing PT NGFW, our goal was to create a high-performance and reliable product to protect businesses from cyberattacks. Rather than waiting for a special occasion to present it, we regularly shared updates on our progress and expertise. For example, when we achieved a speed of 380 Gbps in internal tests and developed a high-performance engine, we immediately shared the news with the market. Now, we've reached a point where PT NGFW is selling very well and is already protecting Russian companies from cyberattacks. On this official launch day, it's important to emphasize that one of PT NGFW's key missions is to enhance protection against the cyberthreats that have swamped Russia over the past two years. PT NGFW is designed to ensure this protection."

PT NGFW is available for shipment. The product is currently being piloted with Russian clients.