In 2024, the earnings of "white hat" hackers, who search for vulnerabilities in IT systems for rewards, increased significantly. According to Positive Technologies (creators of the Standoff Bug Bounty platform), the total amount of rewards paid to researchers since the platform's launch reached 158 million rubles.
At the same time, in 2024, the average payout for an accepted report from specialists increased by 13% and amounted to 58,000 rubles.
In 2024, 1.9 thousand vulnerability reports were registered on the platform, which is 43% more than in 2023. By the end of 2024, the number of researchers reached 18.4 thousand, which is more than double the figure for the previous year.
According to information provided by BI.ZONE, the developer of the BI.ZONE Bug Bounty platform, the amount of rewards for independent cybersecurity researchers in 2024 amounted to 64 million rubles. This is almost twice as much as in 2023.
Evgeny Voloshin, Head of Security Analysis and Anti-Fraud Department at BI.ZONE, emphasized that Bug Bounty programs are becoming more actively launched in the regions of Russia. According to him, the number of organizations from the public sector participating in the BI.ZONE Bug Bounty program has tripled over the past year.
Positive Technologies reported that government organizations have become leaders in the number of reports on critical vulnerabilities.
They accounted for 19% of the total number of reports.
In the financial sector, more than two-thirds of all detected vulnerabilities with a high and critical level of risk were caused by access control issues. This is due to the fact that systems in this area are complex and have multi-level access control mechanisms.
As noted in Positive Technologies, in 2024, the share of reports on vulnerabilities with a high and critical level of risk amounted to 31% of the total number.
Over the past year, the number of cyberattacks on Russian companies increased 2.5 times and reached 130 thousand. At the same time, most of them were aimed at critical industrial and infrastructure facilities.
In 2025, a moderate increase in the number of successful cyberattacks is predicted — from 5 to 10%. It is expected that the emphasis will be on digital espionage associated with pressure on business and government structures in Russia.
Read more on the topic:
In Russia, it was proposed to pay money for help in catching telephone scammers
Scammers steal cryptocurrency in Telegram using Frog Pepe
What fraud schemes will scammers use in 2025
A "university" for training hackers and scammers was uncovered in Russia
Cunning, fast, незаметный: new malware Loki attacks Russian enterprises
