Monthly selection of cyber news
April-May 2021, issue 13
During a data security incident investigation, the KZ-CERT Computer Incident Response Service established that the data of over 3 million Facebook users in Kazakhstan had been compromised - a database of over 533 million Facebook users from 106 countries was published by one hacker forum user.
Draft changes have been proposed to legislative acts protecting personal data in Kazakhstan, Zakon.kz reports.
The amendments focus on article 145 “Image Rights”, with the proposed new version stating that another person’s image (including photographs, video recordings or works of art in which the person is depicted) can only be used or distributed with their consent or that of their legal representatives, or heirs after their death.
The Ministry of Digital Development set up an Information Security Committee as the personal data protection authority in Kazakhstan last summer and is currently carrying out unscheduled inspections based on complaints from individuals and materials received from other government agencies. Committee members are also initiating administrative cases around the legality of the collection and processing of personal data, as well as compliance with protection measures. Ruslan Abdikalikov, Information Security Committee Chairman, spoke about the results of the analysis during a CCS briefing.
The GTS KZ-CERT computer incident response service has reported malicious mailing on behalf of First Heartland Jýsan Bank, noting that it was not an isolated case, and popular brands were common targets for fake mailing lists. In this specific case, the mail was received from a fictitious bank employee requesting bids for services and, allegedly attaching a technical specification.
According to a report on audit chamber activities for 2020, many government agencies in Azerbaijan do not have medium-term strategic documents or policies outlining investment directions associated with data system development. The report also notes that data system management covers operational levels and is more technical support focused.
Scammers have launched so-called vishing attacks, “which are an audio version of phishing” according to the State Service for Special Communications and Information Security - Centre for Combating Computer Incidents. According to a report, fraudsters call the public and ask for card information. "People are advised to be careful not to pass any personal details such as passwords, card numbers, etc. to anyone in response to an incoming phone call”.
Work is underway in Azerbaijan to introduce biometric signatures, which is a new recognition technology that will replace e-signature cards and tokens in the future. It will allow users to authorise documents using individual biometric data such as fingerprints, eyes and so forth. The SHA-1 cryptographic algorithm, which currently provides digital signature security, is being replaced by the more secure SHA-2.
The Electronic Security Service is warning the public about “phishing” attacks targeting banks in recent days. Cybercriminals are attempting to seize bank and other personal details by abusing technical support services in Kapital Bank, Unibank and others. The scheme involves mobile numbers being called on behalf of bank employees, and any transfer is made in their name, requiring a card account number, password, confirmation code and other personal details.
Rabitabank is expected to activate an e-signatures service for its customers. The bank has made a request to the State Tax Service and hopes to be able to “offer about 10 digital solutions and products this year, which are currently being actively worked on”.
E-signatures integrated into Azerbaijan ID cards will be activated once fees have been set. The technical work has already been completed, but the fee has not yet been set by the government, according to source close to the project.
“Attention! The next page, which was used by fraudsters to seize contact information, deceive them and seize card information, has been exposed”, the State Service for Special Communications and Information Security - Centre for Combating Computer Incidents reports. According to the information, scammers are trying to deceive the public by creating the following type of website: https://azerdostavka.shop/. The website is not currently active.
Taalay Baiterekov, Head of the Kyrgyz Republic Digital Transformation Department, has said that the digitalisation process in Kyrgyzstan is very slow, but confirmed that every effort will be used to develop it, involving representatives from the business community. He was speaking at a briefing discussing “government IT plans after the dismissal of the heads of five enterprises”, Sputnik reports.
A new version of WhatsApp called WhatsApp Pink has appeared and is gaining popularity according to the Centre for Combating Computer Incidents of the State Service for Special Communications and Information Security.
The Electronic Security Service is warning the public about fake websites opened in the name of Azerpocht, claiming a group of cyber-fraudsters has been creating fake websites similar to the official Azerpocht website to obtain funds illegally. Their target is anyone selling items online. The cyber-fraudsters, acting as buyers, write to the sellers from fake WhatsApp numbers and ask them to enter their card details on a fake site made to look like Azerpocht to make payment. Once the seller logs on and provides his or her card detail, the funds on the account balance fall into the hands of cyber-fraudsters.
A first "beta" test version of a pest analysis application is ready after a long period of development. The statement came from the State Service’s Centre for Combating Computer Incidents.
The plan, according to the head of the government’s digital transformation department Taalay Baiterekov, is to streamline state IT-enterprises by combining them into one centralised organisation within the framework of "government IT plans after the dismissal of the heads of five enterprises." The measure should help reduce the number of administrative staff and attract more programmers, helping generate quality products that will find a practical use in the market. The corresponding government resolution is currently undergoing approval, but it is not yet known what form of ownership the new organisation will take, Sputnik reports.
The Azerbaijan prosecutor will create an electronic information system to ensure the application of modern information and communication technologies in its operations.
Azerbaijan is expected to approve a national information and cyber security strategy covering 2021-2025 according to the Ministry of Transport, Communications and High Technology. The action plan for implementing the strategy includes provisions for improving related legislation.
According to Kaspersky statistics, 42% of computers in Azerbaijan still use the Windows 7 operating system, which has been obsolete since January 2020. It may still work well as an operating system, but it is more exposed to attacks if it is no longer supported due to the lack of patches to fix weaknesses. The share of Windows 7 users among home users is 48%, among small and medium-sized businesses - 14%, and among micro-businesses - 30%. It is especially important for small businesses to keep their operating systems up-to-date, as they do not have the resources to combat cybersecurity.
A new, improved and more functional version of the Blacklist.gov.az project, created by the State Service for Special Communications and Information Security, has been launched. According to the Centre for Combating Computer Incidents, the project aims to improve efforts to fight online fraud and cyber threats in the country; expose domain names used in cyber-fraud and cyberattacks, and create protective extensions for web browsers and API integration to protect internet users.
The classic mechanism for acquiring bank card details in Russia through malicious emails is experiencing a rebirth. RIA News reports that scammers, posing as Yandex.Money e-wallet operators, are demanding funds be transferred to a bitcoin wallet under the threat of compromising videos being published.
In Russia, the number of pseudo-banks grew 20% in Q1 2021 to 1,529, according to the cybersecurity company BI.ZONE. The number of phishing sites is growing, as it proves to be the cheapest and most effective to reach as many members of the public as possible, explained Evgeny Voloshin, director of the company's expert services block. The average time needed to block fraudulent resources is between 10 and 70 hours, but in extreme cases, the time required to limit access can be up to several weeks, he stressed.
User data stolen as a result of phishing attacks is increasingly being uploaded not only via e-mail, but also in legitimate services as Google forms and the Telegram messenger, according to a study by Group-IB. Automated phishing makes use of Telegram bots on ready-made platforms as they are able to control the entire phishing attack process and keep a record of any funds stolen.
Social engineering remains the main threat to financial cybersecurity, but its share in total theft is falling, according to the Russian Central Bank’s “2020 review of operations performed without the consent of financial institution clients” report.
Social engineering’s share of all unauthorised operations decreased at the end of 2020 to 61.8% (from 68.6% in 2019) thanks to the joint efforts of the Bank of Russia, financial organisations and law enforcement agencies to increase the public cyber literacy, the regulator said in a statement.
The widespread use of biometric identification may lead to an increase in fraud using the technology. The opinion was expressed at a TASS press conference by the president of the InfoWatch group of companies, chairperson of the board of the association of software developers “techestvenny soft” Natalya Kasperskaya.
TASS reports that small banks in Russia are more exposed to cyber fraud according to Moody's.
Kommersant reports that the corporate data of hundreds of large and thousands of small Russian companies has appeared in the public domain, referring to information from the softline company Infosecurity. The organisations posted information on the boards of the free online project manager Trello. Almost a million public Trello boards are currently indexed by search engines, with thousands of them containing confidential information, analysts have said. In Russia, Trello boards are mainly used by small and medium-sized businesses; representatives of large organisations, including banks, according to Infosecurity.
According to Izvestia, Russian scammers have learned to use robots similar to those used by financial organisations, calling customers with individual offers, referring to banking sector experts. According to Alexey Konyaev, head of analytical solutions for countering fraud and financial crime at SAS Russia / CIS, robots are becoming popular in the early stages of fraud conversations, saving time when eliminating anyone not taken in by the scam. The scammers’ main tool is psychological pressure. If the potential victim does not drop the call and shows interest, then the call is transferred to a “bank employee”, who will continue the conversation. Mr Konayev added that if we remember this mechanism, it should be easy to distinguish between an attacker and a real financial organisation.
Data from social networks is a more effective way of finding information on a potential victim for a fraudster than from bank leaks, said Artem Sychev, Central Bank Information Security Department Deputy Head, who oversees the Centre for Monitoring and Responding to Financial Sector Cyber Attacks.
Rostelecom-Solar, a Rostelecom subsidiary and provider of cybersecurity technology, together with the National Coordination Centre for Computer Incidents, has identified a series of cyber group attacks on Russian authorities. According to the provider, the hackers’ main goal is to compromise IT infrastructure and steal confidential information, including documentation from isolated segments and key employee email correspondence.
Keep up to date!
Leaders like you are responding to one of the most sweeping crises in recent memory, calling for both empathy and action to guide your people and businesses through uncertain times. This page gathers Deloitte’s global insights to help you not only respond to this crisis, but recover and thrive.