The number of password attacks in Russia in the first quarter of 2025 increased nearly three times compared to the end of 2024 – up to 570 thousand. This data is obtained on the basis of trap analysis and sensor installed on different websites.
At the same time, hackers become more selective: they attack less often, but more continuous, with the calculation of spy, blackmail or weakening the work of specific organizations.
In total, about 608 thousand attacks were recorded in the first quarter – 2.6 times higher than a quarter. The main type is Bribbors, it is 94% of all incidents. The rest are efforts to break websites (paths), download malicious components or use clear vulnerabilities (CVE).
Most attacks still go from the US IP address (23%), China (16%), Russia (7%) and India (5%). Although the total number of attacks was reduced by a third, the number of average attacks per company increased by 3.3 times – to 134. This shows a tactical change: hackers are currently choosing more careful targets and more active attacks.
The biggest danger at the beginning of the year was set by programs – data stealing programs. Their shares increased to 35%. This may be due to more efforts to collect information about Russian companies in an unstable geopolitical situation.
The number of attacks related to APT groups (up to 27%) and means of illegal remote access to enterprise systems (18%) has also increased. The remaining cases are distributed between botnets (10%), encryption (3%), miners (3%), toxic software load set (3%) and fraud (1%).
In some industries, such as industry, education, banking industry and fuel and parties, there is the growth of attacks by robbery programs. In some cases, 2-3 times. This shows the efforts of hackers to earn directly, and not only spies or infrastructure instability.
At the same time, state agencies have recorded a decrease in the number of infections with companies from 27% to 13%-which can show the best control of IT infrastructure.
Experts similar to: To reduce risks, it is important to regularly check the infrastructure for holes, monitor incidents, use reliable passwords and authenticate two factors, as well as train employees -Because people are still the most vulnerable part even in well -protected systems.