Appearance with passwords: every second hacker attack leads to data leakage in companies
- Статьи
- Economy
- Appearance with passwords: every second hacker attack leads to data leakage in companies
Every second hacker attack on a business in Russia leads to a data leak. Their theft is already recorded in 56% of cases against 44% a year earlier, and work failures — in 40% against 37%, cybersecurity companies told Izvestia. Most often, attackers steal trade secret data, accounts, and personal information. On shadow sites, most of the databases being sold are valued at less than $1 thousand. For more information, see the Izvestia article.
Why hackers started hunting databases
In Russia, every second cyberattack on Russian companies today ends with a data leak. Over the past year, the share of such incidents has increased significantly: if they were previously recorded in 44% of cases, now they are already in 56%, Positive Technologies told Izvestia. Attackers are also increasingly damaging the work of organizations — failures and system shutdowns were observed in 40% of attacks against 37% in 2024.
If in 2023 and the first half of 2024, hackers' attention was focused on temporarily disabling systems or blackmail, then in the second half of last year and in the first half of 2025, the priority shifted to stealing information of value to the market. According to the company, criminals most often steal official documents containing trade secrets — in 30% of cases, user accounts and access to corporate services — in 24% of incidents, as well as personal data of customers and employees — in 17%.
Stolen information quickly ends up on shady platforms, forums, and specialized resources, where it is already exchanged or traded by hackers. More than half of the publications about leaks are related to the free distribution of databases in order to damage a specific organization. In the case of an extortion campaign, attackers can upload some of the stolen data for free, demonstrating the seriousness of the threat to publish all the stolen data if they refuse to pay the ransom.
— Another 27% of ads relate to the sale of information, but in 81% of cases the cost of such databases does not exceed $ 1 thousand. Most of the offers on the underground markets relate to small amounts of data — up to 100 thousand records, the company noted.
However, according to her data, there are also large-scale leaks: about one in ten ads contains databases of more than 5 million records, and 6% of publications offer archives over 100 GB.
According to Yana Avezova, a leading analyst at Positive Technologies Group, cases of blackmail with leaks will increase in 2026. This is due to the fact that since May 30, 2025, fines for companies for violations in the field of personal data have increased in Russia, and now they will be afraid that their customers' data may end up with intruders.
How companies can enhance security
The growing number of leaks is a consequence of two interrelated trends, says Igor Bederov, director of the Internet Search company. On the one hand, this is the result of the transition from mass to targeted attacks, as well as attacks on supply chains. On the other hand, there is a lack of cyber protection and the presence of fundamental vulnerabilities, such as the human factor and dependence on imported and outdated solutions.
The consequences go beyond data leaks. For example, companies face disruption or complete shutdown of business and production processes, financial losses and reputational damage, added Kirill Mitrofanov, head of the Cyber Threat Intelligence analytics team at Kaspersky Lab.
According to him, the motives of the attackers vary depending on their goals and the profile of the victim. Some act for the sake of ransom — the double extortion tactic, when they first siphon data from the infrastructure, and then encrypt the system and demand money. Others pursue destructive goals by using vipers (malware) and permanently delete information in an effort to cause as much damage as possible.
However, the expert cannot say that such groups are not interested in money at all. Sometimes they make money from victims — they install miners, steal crypto wallets or data from browsers. But their main goal is not money, but access to important information.
Today in Russia, the requirements for personal data operators have already been strengthened, and the authorities continue to move in this direction. Responsibility for violating the rules of data storage and processing becomes real — with large and even negotiable fines, Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technologies and Communications, federal coordinator of the Digital Russia party project, told Izvestia.
— It is important to understand that this is not a punitive, but a preventive measure. It is designed to force organizations to take information protection as seriously as they do financial reporting or tax obligations," the deputy said.
Data is a strategic resource, and every leak undermines the trust of citizens and businesses in digital services, he noted.
— At the same time, we understand that not all companies have the necessary resources. Today, millions of operators work with personal data, including many small organizations that simply do not have information security specialists and technical capabilities for reliable data protection," said Anton Nemkin, adding that in such circumstances, the creation of the institute of special operators of personal data becomes a logical and necessary step.
According to him, these organizations will be able to centrally and professionally ensure the storage and protection of information, working according to unified state standards. For small businesses, this is not an additional burden, but, on the contrary, a way to reduce risks and get rid of unusual functions by transferring responsibility to professionals, he concluded.
Переведено сервисом «Яндекс Переводчик»
