Russia tightens cybersecurity measures as financial fraud hits record high

Russian President Vladimir Putin signed a law Monday aimed at protecting citizens from cyber fraud, as financial cybercrime reportedly reached record levels in the country.

The legislation, among other things, prohibits the use of foreign messaging apps for communication by state institutions, banks and major digital platforms with over 500,000 daily users. Additionally, organizations will be required to label incoming calls with their official names to prevent scams in which attackers disguise their identity to appear as someone else.

The law also mandates the creation of a state-run information system to track individuals involved in cyber offenses. Lawmakers argue that these measures are necessary as cyber fraud and personal data leaks continue to rise across Russia.

In 2024, fraudsters stole a record 27.5 billion rubles ($300 million) from Russian bank accounts, marking a 74.4% increase from the previous year, according to the country’s central bank. Most incidents involved attackers gaining access to victims' mobile banking apps through malware or social engineering tactics, such as phishing links in SMS messages and fraudulent ads.

Over the past year, Russian financial institutions also faced an increasing number of cyberattacks. The Bank of Russia received more than 750 reports from credit institutions regarding cyber incidents, with distributed denial-of-service (DDoS) attacks being the most prevalent.

Russian lawmakers blamed large-scale data leaks as a major factor fueling cybercrime.

Last year, hackers leaked 286 million unique Russian phone numbers and 96 million email addresses, with the financial sector leading in the volume of exposed data, according to local experts. In response to these growing threats, Putin signed a law in November to increase both administrative and criminal penalties for data breaches and the illegal circulation of personal data.

Around the same time, the chief executive of state telecom giant Rostelecom said that the personal data of all Russian citizens had been compromised and leaked online. Sberbank, one of the country's largest financial institutions, estimated that around 90% of Russian users' data had been affected by the breaches.

The Kremlin has increasingly sought to tighten control over Russia’s digital ecosystem, purportedly amid growing concerns over cyber threats and geopolitical tensions.

As part of broader cybersecurity efforts, Putin previously banned the use of cybersecurity services from "unfriendly" countries. The restrictions target international open-source repositories like GitHub, as well as foreign cloud services and security technologies.

Russia’s crackdown on foreign tech services aligns with the Kremlin’s policy of digital isolation, pushing local companies to migrate to state-controlled infrastructure.

Earlier in March, Russian internet users faced widespread outages that regulators attributed to issues with “foreign server infrastructure.” However, local experts suggested the disruptions stemmed from Russia’s blocking of Cloudflare, a U.S.-based service that helps websites stay secure, load faster and remain accessible during cyberattacks.