Monthly selection of cyber news
August 2020, issue 5
In July 2020, 17.5 million subscribers with Internet access were recorded in Kazakhstan. 15 million are mobile subscribers with Internet access, which is 2.3% more than last year. The number of fixed-line Internet subscribers was 2.6 million (2.2% more than last year), of which 2.5 million have high-speed broadband access (also plus 2.2% year-on-year). In terms of the speed of the fixed Internet, Kazakhstan is ahead of Kyrgyzstan and Armenia, but inferior to Russia and Belarus. As for the mobile Internet, Kazakhstan's indicators are better than those of Kyrgyzstan and Belarus, but worse than those of Russia.
The Day of Digitalization of the Ministry of Industry and Infrastructure Development was held in Nur-Sultan. During the meeting, the following projects were presented: "Monitoring of ship systems"; "Complex of dredging works"; "Navigational signs". The event was held in an online format with the participation of Vice Minister Dinara Shcheglova, as well as representatives of Zerde Holding JSC and Astana Hub. Its goal is to organize a dialogue on the development of quality projects and proposals.
The Ministry of Information and Social Development has launched two new portals - the Unified Portal of State Programs and the Portal of State Media. The Single Portal of State Programs contains all the information about the progress and stages of state programs, as well as those responsible for their implementation.
Due to technical problems, the ticket sales system of JSC "Passenger Transportation" is temporarily out of order. Registration of travel documents (tickets) on the Bilet.railways.kz website and other online resources is temporarily unavailable
The government appointed Arman Abdrasilov, co-founder of the Center for Analysis and Investigation of Cyber Attacks, Chairman of the Board of Zerde Holding JSC. Until then, the holding was headed by Alexei Anisimov, who resigned from his post.
Given the ongoing digitalization, the Anti-Corruption Service pays special attention to the conduct of criminal proceedings in electronic format. In addition, work is being accelerated to fully equip workplaces for conducting pre-trial investigations in electronic format and ensuring the security of the processed data. The results were reported in the press service of the department. At present, six regions have switched to an electronic format for conducting a criminal case: Akmola, Zhambyl, Atyrau, West Kazakhstan, Pavlodar regions and Almaty.
As the epidemiological situation stabilized, the government approved a plan to gradually phase out quarantine measures, according to which restrictions on a number of businesses, including shopping centers, catering facilities, car dealerships, children's educational institutions, etc. were lifted from August 17. However, in accordance with the decision of the chief sanitary doctorof the Kazakhstan No. 47 of August 14, 2020, in order to obtain permission, all the business entities must register on Infokazakhstan.kzportal using electronic digital signature (EDS).
The Astana Hub International Technopark of IT Startups opens up new prospects for the development of startups and IT companies in the CIS. Technopark invites technology companies from the CIS to join a community of more than 500 residents and get access to venture capital investments and educational programs.
Before the start of the new school year, principals explained to teachers what sanitary and epidemiological measures were taken, and on what platforms distance education will be organized. In addition, the principals explained what changes have been made to the education system. The 2020-2021 school year will start in a distance learning mode, but parents will be able to enroll their children in duty classes if they study in grades 1-4. There should be no more than 15 students in each class.
The KZ-CERT Computer Incident Response Service received an appeal from Group-IB about 26 fraudulent Internet resources for buying air tickets online. KZ-CERT experts identified two fraudulent schemes in Kazakhstan. Internet resources are classified as “Phishing on the Internet”. Users were encouraged to purchase tickets at a bargain price. After choosing a ticket and a form of payment, the user was asked to enter the bank card details, and after the user agreed to pay, the payment card details were transferred to the attackers, which the user did not even know about.
Vitaly Yaroshenko, the chairman of the telecommunications committee of this department, spoke about this during an online press conference at the Central Communications Service under the President of the Republic of Kazakhstan: “Our ministry is now purchasing the necessary radio monitoring equipment. It is far from a secret that all technologies are present in the capital, but there are problems in providing quality. To control quality, we need a certain measuring complex. Now we have two cars in our department that can measure the quality of the Internet and four wearable complexes (backpacks). This year we announced the purchase of 6 more cars and 10 such complexes. In addition, a project of feedback from the population is being worked out in order to determine those places where there are problems, but already in rural areas provided with the Internet. "
The Ministry of Transport, Communications and High Technologies and Aztelekom LLC have developed a network infrastructure project to expand the coverage and improve the quality of broadband Internet in the regions using the latest GPON (Gigabit Passive Optical Network) technology. At the initial stage, infrastructure will be reconstructed in four regions - Ganja, Sumgayit, Absheron and Masalli.
At an online conference organized by Turkmenistan’s Telecom Agency, more than 30 Turkmen IT companies presented job offers and opportunities in the field of high technologies. This dialogue with private companies demonstrated the state's readiness to involve a large number of local contractors to help Turkmenistan digitalize. This cooperation should boost growth of the innovative sector and create new jobs for IT professionals in the country
According to Kaspersky Lab estimates, in the first six months of 2020, almost 41% of home and 30% of corporate users in Azerbaijan are faced with threats from various portable carriers, for example USB flash drives or memory cards, and not directly from the network. At the same time, 9% of home and 5% of corporate users are exposed to online infection risks.
An illegal mining farm was discovered in the Bishkek Free Economic Zone, the State Service for Combating Economic Crimes reports. On August 6, on the orders of the investigating judge, officers from the service searched a hangar equipped as a farm to mine digital currency.
The Bar Association of the Republic of Azerbaijan and LEGALAID LLC have jointly created a launched a LegalAid mobile application platform. The mobile application will expand the access of citizens to lawyers and increase access to legal assistance, as a further example of the comprehensive reforms carried out in our country in recent years. At the same time, LegalAid software will be a citizen-centric step to facilitate citizens' access to legal aid services, save their resources and increase the efficiency of legal assistance by lawyers.
The Instant Payment System (INP), developed by the Central Bank to promote access to new digital payment technologies as part of the "State Program for the expansion of digital payments in the Republic of Azerbaijan in 2018-2020", was launched in pilot mode.
In recent days, there has been a sharp increase in the number of incidents related to Wi-Fi security in Azerbaijan, mainly due to the seizure of users' network devices (routers and modems) and unwanted renaming of Wi-Fi networks. The incidents are being investigated by the Electronic Security Service under the Ministry of Transport, Communications and High Technologies. According to its findings, most attacks were made possible by absence of simple security measures for network devices. Common problems included use of default or weak passwords (admin, password, 12345, etc.) and personal identification information in network names (name, surname, phone number, address, etc.) used on devices, as well as lack of software updates.
The main goals of the project were to collect materials produced by news agencies and portals on one platform, as well as to establish cooperation between media outlets through this system. In this case, news portals will have exchanged their data. One of the advantages of the system is that the sites connected heredo not lose readers, but gain. So, if there is a transition of readers from one site to another, the system redirects the same number of readers to that site.
In July of this year, the average speed of incoming Internet traffic in networks of Azerbaijan’s mobile operators stood at 31.23 Mbit/s, according to the Ookla Speedtest Global Index. This is an increase of 0.77% from June.
As reported by the State Statistics Committee, in January-July this year, Azerbaijan produced 123.4 million manat worth of goods in the computer, electronic, optical products, and electrical equipment category. According to the report, compared to the same period last year, the production of computer, electronic and optical products increased by 42.8%, and the production of electrical equipment by 5.1%.
Starting this school year, paper diaries and journals will be abolished in 1,200 schools in Uzbekistan. Before the start of the 2020-2021 school year, the Ministry of Public Education informed parents of schoolchildren in Tashkent and in all the regions that instead of buying a paper diary, they should register at an electronic diary site Kundalik.com.
On August 21, the Bank of Mongolia issued payment service licenses to fintech companies that meet the requirements of the Law on the National Payment System. In particular, a license to process mobile bank cards was issued to MOST Fintech LLC, and a license to process payment cards was issued to M Chat LLC.
According to Parlamentskaya Gazeta, on April 22 the State Duma and the Federation Council amended the law "On information, information technology and information protection." The law will allow Russians to enter biometric data into the unified biometric system using mobile phones, smartphones, tablets or personal computers. The data will be processed using a special program provided by the operator of the unified biometric system.
An unknown cybercriminal posted usernames, passwords and IP addresses from more than 900 Pulse Secure corporate VPN servers on a Russian-language hacker forum.. All information was in plain text format.
Russian telecommunications company Maximatelecom, which is engaged in the creation and commercialization of public wireless networks, has won a tender to equip Moscow Metro cars with a video surveillance system with facial recognition.
Russians must be careful when ordering food and electronics, Information security experts warn, as many fake websites offering such services appeared since the beginning of the COVID-19 pandemic.
Rospechat proposes to create an information service based on artificial intelligence that will check news reliability, RBC reports citing a letter sent by the Deputy Head of Rospechat Ilya Lazarev to the Ministry of Digital Development, Communications and Mass Media.
In the first half of 2020, experts found more tracking applications on Russian smartphones than in the first six months of 2019. According to Kaspersky Lab, this figure increased by 28%.
RIA Novosti reports that the US State Department was sending SMS abroad, including to Russia, as part of a program to find those interfering in American elections. Earlier, US Secretary of State Mike Pompeo announced that US authorities are announcing a $ 10 million bounty "for the identification or detection of any person who, acting on the orders or control of foreign governments, interferes with the US elections through certain criminal activities." Later, the State Department clarified that we are talking about cybercriminals. After that, a number of users in Russia began to selectively receive SMS with relevant content.
Sberbank is testing a system designed to detect people in crowded places or large multi-storey buildings using augmented reality (AR) technology in one of its offices, and plans to launch the system in 2021.
Russian officials are still unhappy with the quality of Google's blocking of banned content in search results. A Moscow court has fined the Internet giant 1.5 million rubles. This is the second fine against Google on one occasion. In December 2018, the corporation was fined 500 thousand rubles.
Programmers from 41 Russian cities spent 7 days solving the problems given by Ak Bars Bank, InnoSTage IT company and the international Kaspersky iHub as part of the "Fintech & Security Superhero" hackathon.
The statute of limitations for considering cases related to the illegal use of personal data of Russians, as well as fines for such violations, must be increased, according to Roskomnadzor.. The position of the department was commented on by its current head Andrei Lipov at a meeting with Vladimir Putin. As an example, Lipov cited the largest fine for the illegal use of personal data of citizens - 75 thousand rubles. According to the head of Roskomnadzor, this is a trifle in comparison with the benefits of criminals and damage to citizens.
If they fall victim to bank fraudsters, Russians lose an average of five thousand rubles. This is the given in a Kaspersky Lab's survey.
Russian Foreign Minister Sergei Lavrov said he was concerned about the growing number of cyber attacks from Germany. The issue has already been discussed with the German Foreign Minister Heiko Maas.
Recently there has been an increase in new cases of fraud using QR codes in Russia. After attackers deceive a victim into scanning a QR code printed on paper, malware is installed on the phone. Scammers stick QR codes anywhere – on electric poles, benches, elevators, etc. They also print fake flyers on behalf of electronics stores and drop them in mailboxes.
German Foreign Minister Heiko Maas hopes that EU sanctions for a 2015 hacker attack on the Bundestag will be imposed to Russian citizens after the summer break, when Berlin's proposal goes through all the necessary procedures.
The Russian military department has initiated legislation to designate information classified as "official secret" and does not fall under the category of "state or military secret". To this end, it has proposed to amend the law "On Defense".
IntSights, a cyberthreat analysis company, has spoken out about schemes by Russian-language forum participants on the darkweb to steal identities of US citizens and try to get unemployment benefits on their behalf.
Legal entities and government agencies have become the main targets of the new phishing campaign, during which attackers send emails on behalf of the Federal Tax Service (FTS). The cybercriminal operation was recorded by experts from the CERT-GIB center, owned by Group-IB. The sent letters are disguised as a call to the executive authority. In reality, the attackers are trying to install malware on the victim's computer that allows them to remotely control the infected device.
Cybercriminals continue to target those who love online shopping and delivery. While researchers noted an increase in such phishing attacks this spring, there were even more in the summer. Experts from Kaspersky Lab warned about this growing cyber threat. Back in April, experts recorded dozens of phishing pages, but in July the count went up to hundreds. Attackers disguise their resources as message board sites.
Russian users have been warned about fake sources disguised as air ticket sites. Group-IB experts have detected more than 100 such fake online platforms.
The Central Bank of Russia has warned credit institutions and citizens about a new method to steal money from customers' accounts using the Fast Payment System and a vulnerability in the open API.
A major new cyber spy campaign is targeting Russian small and medium-sized businesses. The actions of the attackers were closely monitored by Kaspersky Lab specialists. The DeathStalker group, according to experts, has been engaged in cyber espionage since 2012. Among the victims of cybercriminals are small and medium-sized businesses around the world. Not so long ago, DeathStalker began attacking Russian organizations. The group has recently become particularly active, the researchers said.
In Russia, work is underway to create a Zoom-like service based on a cloud platform for secure video conferencing, according to Vladimir Kabanov, CEO of the Avtomatika Concern - the development company, which is part of the state corporation Rostech.
Keep up to date!
Leaders like you are responding to one of the most sweeping crises in recent memory, calling for both empathy and action to guide your people and businesses through uncertain times. This page gathers Deloitte’s global insights to help you not only respond to this crisis, but recover and thrive.