During 2022 alone, Ermes – Cybersecurity blocked around 500,000 connections to the under attack Russian search engine Yandex. Because the conflict between Russia and Ukraine is being fought on two levels. The first visible to all, the second invisible to the majority, and is that of cybersecurity. Just in these days, in fact, the news has arrived that Yandex, the most popular search engine in Russia, has suffered a data breach. According to some sources they are leaked 44 gigabytes of data belonging to the giant, used by many sites for its session reply services, useful marketing tools for using the collected data.

A huge amount of data

Yandex is a service used by many websites, visited daily by millions of users, which collects e conserva a wide range of information. These are sensitive data (name, age, telephone number, account registration credentials), electronic data (IP address, cookies, browser ID data, info on installed hardware and software, wi-fi network data). Or payment card data, geolocation data, or personal information for processing in accordance with the terms governing the use of specific Yandex sites or services.

Yandex under attack, real risks for Italy

Last year, Ermes – Cybersecurity systems inhibited connections to the technological giant on online shopping sites, such as Alibaba and Aliexpress. And again: on information sites (such as formiche.net), commercial realities (Piquadro and Crai Supermercati) or trade unions (FLC CGIL). Finally on sites that provide utilities, such as, for example, video-to-mp3-converter.com.

Hassan Metwalley, CEO and co-founder of Ermes Cybersecurity

Much attention has been paid to the Kaspersky case, which is actually only the tip of the iceberg. Without assessing the intrusiveness and pervasiveness of other services that potentially they can do a lot of damage. We hope that now attention and analytical skills will also increase, embarking on a healthy path of technological independence. The attacks are increasingly targeted and it is easy for a cybercriminal to deceive a user and obtain the keys to open the house door.

The role of Session Replay Scripts

A particular category of web trackers, evolution of cookies, consists of Session Replay Scripts. Present in the majority of sites that users visit on a daily basis, they are used to monitor online activity. These scripts capture all the information that a user enters on a website in order to use a category of services, sometimes even those in online forms or questionnaires. This information, once recorded, is then sent to the script provider’s servers, which in turn provides it to the webmaster to measure the effectiveness of the page.

Yandex under attack

Session Replay Scripts are marketed as Software as a Service (SaaS) and are used by offices marketing of companies to improve the performance of web pages. In fact, for both users and businesses, these services are a breeding ground for unwanted attack threats.