Monthly selection of cyber news
July 2020, issue 4
On 24 June, the international analytical company IDC held an online event, IDC Digital Reload Forum, Back to the Future Part II for over 300 leaders and specialists in information technology and security, business unit heads and HR directors from thirteen countries - from Mongolia to Belarus, including participants from Central Asia and the Caucasus regions.
In a conversation with financiers, the President noted the importance of the effective implementation of monetary policy in the current environment and stated the need to take into account fundamental international market trends in a Monetary Policy Strategy for 2030, which should create macroeconomic stability and ensure the sustainable development of the country's financial system.
A mobile application is currently being developed to simplify the process for small businesses and self-employed individuals to pay taxes in Kazakhstan. Acting Minister of Finance Berik Sholpankulov explained the work being done by commenting at a government meeting that non-cash tax payments and push notifications were becoming more popular.
Seattle authorities have published an indictment against a Kazakhstan citizen accused of a series of cybercrimes. According to the document, 37-year-old Andrei Turchin took part in attacks on government agencies, schools, banks and hotels.
The Publicbudget.kz project, a special interactive map of open budgets, is being implemented at the initiative of the Anti-Corruption Agency to simplify data access, increase public confidence in the State, and create an effective dialogue platform. The map provides detailed information on allocated budget funds in real time, allowing people to control government spending.
Health Minister Alexey Tsoi announced that the Health Department had launched an online monitoring system for medical institutions to coordinate measures and strengthen the country’s fight against COVID adding that it was needed to understand how each institution was operating.
Cyber security has become more important during the pandemic with many people working or studying remotely due to forced isolation or restrictions in movement. In the first half of 2020, 7.8 thousand violations of information security were recorded in Kazakhstan — 25.1% less than for the same period in 2019 (10.4 thousand). At the same time, the highest number of cyber-attacks this year were observed in April (1.5 thousand) and May (1.7 thousand) during quarantine.
A new UN survey on e-government development levels has been published. The study is conducted every two years and in 2018, Kazakhstan placed 39th, this year rising 10 places to 29th out of 193 UN member countries.
The President has signed a law amending a number of legislative acts to improve enforcement proceedings and criminal legislation, including a switch to SMS notification about initiation of enforcement proceedings.
Marat Beketayev, the Minister of Justice, has responded to a statement made by representatives of the centre for the analysis and investigation of cyber-attacks about personal medical data leaks, stating that to his knowledge no such leaks had occurred.
On 17 July 2020, a law entered into force amending a number of legislative acts around foreign currency mortgages, improving the regulation of payment service companies, universal declaration and the restoration of economic growth. The document aims to improve the regulation of non-bank financial organisations to reduce money laundering risks, money being sent abroad and counter the shadow economy.
The Computer Incident Response Service KZ-CERT presented an overview of information security incidents in Kazakhstan for the first half of the year. A total of 8,300 is incidents were detected; the number of phishing attacks increased 25% and the number of DDoS attacks - by 42% year-on-year.
Due to the extension of restrictive quarantine measures in Kazakhstan, electronic services, including public services, are becoming more and more relevant and popular. At the end of 2019, the percentage of PC users aged 6-74 increased to 82.2% from 80.3% a year earlier, while the percentage of Internet users rose to 84.2% from 81.3%).
The State Computer Incident Response Service has reported an increase in the number of cases where fraudsters have allegedly acted on behalf of public figures, creating fake accounts in the telegram messenger using public figure photos and details. The fake accounts were used to send messages requesting financial assistance. All information received was sent to the Ministry of Internal Affairs.
The Internet availability map contains details on existing optical infrastructure and mobile broadband coverage. The Digitalkz.kz/map/ resources allows users to obtain information on Internet access across the country.
The AFC Analytical Centre has presented non-cash card payment statistics for Kazakhstan as at 1 July 2020. After reaching a record high in May, the volume of non-cash card payments in the country in June again broke the record, increasing from KZT 2.4 to 2.7 trillion (+15.4%), and almost triple the figure of KZT trillion from the same period in the previous year.
Demand for electronic signatures from the Ministry of Transport, Communications and High Technology has increased during the COVID-19 pandemic. Between January and June 2020, a total of 1,244 e-signature certificates were given to individuals, 2,144 to small businesses and 1,666 to companies. This is a 20% increase on the number issued in the same period in 2019.
Azerbaijan has submitted a candidate to the board of the FIRST (Forum of Incident Response and Security Teams) international organisation. Azerbaijan’s membership confirms the recognition of work done in cybersecurity in the country and the ease of access to global methods and tools used to fight cybercriminality.
Research results confirm the development of e-commerce in Azerbaijan. Over 35% of survey respondents confirm they can easily order online any item they wish, such as clothing and goods used in the home.
Kyrgyzstan activists have set up a coordination centre to track the needs of the public in the fight against coronavirus. The centre tracks requests from medical professionals and sends them to volunteers or volunteer organisations.
A first high-level political session discussing “Information Technology Trust and Security” has been held as part of the World Summit on Information Society 2020, which was organised online this year by the International Telecommunications Union. The session’s main goals were possible expansions in the use of information-communication technology, related trust and security issues, especially during the “COVID-19” pandemic, as well as discussions on work done in the field so far.
The Uzbekistan Ministry for the Development of Information Technology and Communications, the Ministry of Health and the Tashkent city government report on the implementation of a Self-Safety mobile application for those who have been in contact with a coronavirus infection. The application was developed by UZINFOCOM.
Through the portal, users will be able to get official updates and the latest news about events happening in the country and across the world; read informative medical articles as well as learn about the latest developments regarding the COVID-19 pandemic.
According to Rostelecom experts, DDoS attacks for the first five months of 2020. Between March and May, attacks were five times higher than for the same period a year earlier and attributed to the self-isolation restrictions in place during that period.
Ruslan Rakhmetov, General Director of the Intellectual Security Group of Companies, was among the nine start-up heads of the Skolkovo Innovation Centre who met with Dmitry Medvedev, Deputy Chairman of the Russian Security Council. During the meeting, he raised important topics related to the certification of information security products, the closed nature of a number of companies for innovative products and how innovation companies could enter international markets.
Unknown cybercriminals managed to hack the official Twitter account of the Russian Ministry of Foreign Affairs. The incident took place on July 2, when the attackers tried to sell the stolen database for 66 bitcoins.
The European Court of Human Rights has registered a lawsuit about the illegal use of facial recognition in the Russian capital. The lawsuit was signed by activist Alena Popova and oppositionist Vladimir Milov.
InfoWatch Group analysts have studied data leaks from Russian companies and government agencies in the last year. According to a report, the number of incidents in Russia increased 1.5-fold in 2019.
The United States and Russia registered the greatest number of leaks last year. In addition, personal data and payment information leaks occurred most often in Russia, according to an InfoWatch study. In Russia, over the past year, 395 corporate and government agency information leaks were recorded resulting in over 172 million personal data and payment information records being compromised. This is a 46% increase on 2018 and a six-fold increase in the number of compromised records.
Ilya Sachkov, CEO and founder of the international company Group-IB, which specialises in preventing cyber-attacks, claims that many hackers involved in DDoS attacks "showed ethics" and did not attack Russian medical information systems during the coronavirus pandemic.
Ilya Karpov and Yevgeny Druzhinin, Rostelecom-Solar Automated Control System Cybersecurity Laboratory experts identified a number of vulnerable areas in Schneider Electric industrial equipment, which is widely used in power system management. Some are critical, which allow the hacker to take control of the device or completely shut it down.
Agari researchers spoke about a new group of cyber-criminals targeting corporate email. Experts believe the criminals are from Russia.
Prime Minister Mikhail Mishustin is concerned about the "global cybercrime pandemic", believing the international community needs to join forces to fight it. At the same time, Russia, according to Mishustin, is ready to take the first steps and share its information security developments.
The Moscow authorities did not leak the personal details of online voters says Artem Kostyrko, Head of the Moscow Smart Project Improvement and Development Department.
Unified Biometric System to be given state information system status; personal details will be better protected
The Unified Biometric System has every chance of being given state information system status soon according to Ministry of Digital Development, Communications and Mass Media representatives.
Artyom Kiryanov, First Deputy Chairman of the Public Chamber Commission for the Review of Socially Significant Bills and Other Legal Initiatives, has proposed creating an Internet Prosecutor's Office and Internet Police.
According to the Intelligence and Security Administration, Russia is resorting to malicious cyber activity to defend its position as an aggressor. For example, the Kremlin is still trying to interfere in elections in other countries.
Russians will be able to buy digital financial assets, for example, the so-called tokens, in ordinary banks, according to a new version of the bill "On Digital Financial Assets". The head of the State Duma Financial Market Committee Anatoly Aksakov confirmed with TASS that under the current version of the bill, individuals will indeed be able to purchase tokens from credit institutions, but only if they are issued within the framework of Russian law.
Check Point has drafted a report on the most active cyber threats in Russia in the first half of 2020. According to experts, scammers are actively using the pandemic to organise attacks.
In an interview with Izvestiya on 22 July, Antonina Levashenko, head of the Russian Centre for the Competence and Analysis of OECD Standards and Moscow Digital School lecturer, said she believed a tax manoeuvre will improve the position of the IT sector in Russia.
The State Duma adopted an IT industry “tax manoeuvre” law in the second and third readings. Under the new law, the corporate profit tax rate for payment to the federal budget is 3%, and the corporate profit tax rate to be paid to regional budgets is 0%. The right to apply a reduced corporate income tax rate will be granted to organisations working in information technology and that are entitled to apply reduced rates on insurance premiums. The concessions will not take into consideration income from rights to the use of programmes for computers and databases, unless the rights in question are associated with the distribution of Internet advertising.
Telephone scammers have found a new way of defrauding their victims by warning them that their deposits are in danger and suggest transferring funds to a supposedly safe account, said Artem Sychev, First Deputy Head of the Bank of Russia Information Security Department.
According to a new Group-IB company analytical report, In 2019, the pirate market in Russia declined by US$ 23.5 million, showing its first drawdown after five years of growth.
Head of the "For Security" public movement Dmitry Kurdesov proposed banning loans through bank mobile applications. A copy of the letter addressed to the chairman of the Central Bank of Russia Elvira Nabiullina is at the disposal of RT.
The number of fraudulent calls allegedly from banks increases by 300% during the pandemic
The number of fraudulent calls where attackers pose as bank employees has increased by 300% during the coronavirus pandemic. At the same time, the value of damage from telephone scammers has remained unchanged, said Artem Sychev, First Deputy Director of the Central Bank Information Security Department, at a Far East Media Summit.
Databases with the personal details of about 600 thousand Avito and Yula ad site users, including addresses and phone numbers, have appeared in the Internet, Kommersant writes. The databases are freely available and any user can download them. The first archive was uploaded on 26 June, the last - on the morning of 22 July. The files are not protected and can be opened using any spreadsheet application.
Internet Ombudsman Dmitry Marinichev named the possible cause of home Internet price increases as Rouble depreciation, the coronavirus pandemic and the Yarovaya package.
Sberbank breaks the record for DDoS in the first half of 2020
Stanislav Kuznetsov, Sberbank Deputy Chairman of the Board, spoke about how the country's largest credit institution copes with cyber-attacks. According to Kuznetsov, in 2020 the number of attacks on the bank increased sharply.
Keep up to date!
Leaders like you are responding to one of the most sweeping crises in recent memory, calling for both empathy and action to guide your people and businesses through uncertain times. This page gathers Deloitte’s global insights to help you not only respond to this crisis, but recover and thrive.