April-May 2021, issue 13. Monthly selection of cyber news | Deloitte CIS

Kazakhstan News

5 April

Data of over 3 million people in Kazakhstan leaked to the Internet

During a data security incident investigation, the KZ-CERT Computer Incident Response Service established that the data of over 3 million Facebook users in Kazakhstan had been compromised - a database of over 533 million Facebook users from 106 countries was published by one hacker forum user.

14 April

Personal data protection laws in Kazakhstan amended

Draft changes have been proposed to legislative acts protecting personal data in Kazakhstan, Zakon.kz reports.

The amendments focus on article 145 “Image Rights”, with the proposed new version stating that another person’s image (including photographs, video recordings or works of art in which the person is depicted) can only be used or distributed with their consent or that of their legal representatives, or heirs after their death.

15 April

Illegal distribution of personal data already being punished

The Ministry of Digital Development set up an Information Security Committee as the personal data protection authority in Kazakhstan last summer and is currently carrying out unscheduled inspections based on complaints from individuals and materials received from other government agencies. Committee members are also initiating administrative cases around the legality of the collection and processing of personal data, as well as compliance with protection measures. Ruslan Abdikalikov, Information Security Committee Chairman, spoke about the results of the analysis during a CCS briefing.

6 May

The State Technical service deters a cyberattack on state agencies

The GTS KZ-CERT computer incident response service has reported malicious mailing on behalf of First Heartland Jýsan Bank, noting that it was not an isolated case, and popular brands were common targets for fake mailing lists. In this specific case, the mail was received from a fictitious bank employee requesting bids for services and, allegedly attaching a technical specification.

Caspian news

5 April

A number of Azerbaijani government agencies do not have data system development policies

According to a report on audit chamber activities for 2020, many government agencies in Azerbaijan do not have medium-term strategic documents or policies outlining investment directions associated with data system development. The report also notes that data system management covers operational levels and is more technical support focused.

19 April

New attacks on banking data registered in Azerbaijan

Scammers have launched so-called vishing attacks, “which are an audio version of phishing” according to the State Service for Special Communications and Information Security - Centre for Combating Computer Incidents. According to a report, fraudsters call the public and ask for card information. "People are advised to be careful not to pass any personal details such as passwords, card numbers, etc. to anyone in response to an incoming phone call”.

Biometric signatures to be used in Azerbaijan

Work is underway in Azerbaijan to introduce biometric signatures, which is a new recognition technology that will replace e-signature cards and tokens in the future. It will allow users to authorise documents using individual biometric data such as fingerprints, eyes and so forth. The SHA-1 cryptographic algorithm, which currently provides digital signature security, is being replaced by the more secure SHA-2.

20 April

The Electronic Security Service once again warns of “phishing” attacks

The Electronic Security Service is warning the public about “phishing” attacks targeting banks in recent days. Cybercriminals are attempting to seize bank and other personal details by abusing technical support services in Kapital Bank, Unibank and others. The scheme involves mobile numbers being called on behalf of bank employees, and any transfer is made in their name, requiring a card account number, password, confirmation code and other personal details.

21 April

Another Azerbaijan bank due to activate an e-signature service

Rabitabank is expected to activate an e-signatures service for its customers. The bank has made a request to the State Tax Service and hopes to be able to “offer about 10 digital solutions and products this year, which are currently being actively worked on”.

ID card e-signatures to be activated once fees have been set

E-signatures integrated into Azerbaijan ID cards will be activated once fees have been set. The technical work has already been completed, but the fee has not yet been set by the government, according to source close to the project.

23 April

More electronic fraud revealed in Azerbaijan

“Attention! The next page, which was used by fraudsters to seize contact information, deceive them and seize card information, has been exposed”, the State Service for Special Communications and Information Security - Centre for Combating Computer Incidents reports. According to the information, scammers are trying to deceive the public by creating the following type of website: https://azerdostavka.shop/. The website is not currently active.

28 April

Kyrgyzstan not satisfied with digitalisation

Taalay Baiterekov, Head of the Kyrgyz Republic Digital Transformation Department, has said that the digitalisation process in Kyrgyzstan is very slow, but confirmed that every effort will be used to develop it, involving representatives from the business community. He was speaking at a briefing discussing “government IT plans after the dismissal of the heads of five enterprises”, Sputnik reports.

State Service: The new version of WhatsApp steals your personal data

A new version of WhatsApp called WhatsApp Pink has appeared and is gaining popularity according to the Centre for Combating Computer Incidents of the State Service for Special Communications and Information Security.

Cybercriminals create fake pages similar to Azerpocht's official website

The Electronic Security Service is warning the public about fake websites opened in the name of Azerpocht, claiming a group of cyber-fraudsters has been creating fake websites similar to the official Azerpocht website to obtain funds illegally. Their target is anyone selling items online. The cyber-fraudsters, acting as buyers, write to the sellers from fake WhatsApp numbers and ask them to enter their card details on a fake site made to look like Azerpocht to make payment. Once the seller logs on and provides his or her card detail, the funds on the account balance fall into the hands of cyber-fraudsters.

30 April

Azerbaijan's first antivirus software presented

A first "beta" test version of a pest analysis application is ready after a long period of development. The statement came from the State Service’s Centre for Combating Computer Incidents.

Kyrgyzstan wants to reorganise IT state-owned enterprises

The plan, according to the head of the government’s digital transformation department Taalay Baiterekov, is to streamline state IT-enterprises by combining them into one centralised organisation within the framework of "government IT plans after the dismissal of the heads of five enterprises." The measure should help reduce the number of administrative staff and attract more programmers, helping generate quality products that will find a practical use in the market. The corresponding government resolution is currently undergoing approval, but it is not yet known what form of ownership the new organisation will take, Sputnik reports.

8 May

An "electronic prosecutor's office" information system to be created in Azerbaijan

The Azerbaijan prosecutor will create an electronic information system to ensure the application of modern information and communication technologies in its operations.

14 May

Azerbaijan has developed a five-year cyber security strategy

Azerbaijan is expected to approve a national information and cyber security strategy covering 2021-2025 according to the Ministry of Transport, Communications and High Technology. The action plan for implementing the strategy includes provisions for improving related legislation.

17 May

42% of computers in Azerbaijan still use Windows 7

According to Kaspersky statistics, 42% of computers in Azerbaijan still use the Windows 7 operating system, which has been obsolete since January 2020. It may still work well as an operating system, but it is more exposed to attacks if it is no longer supported due to the lack of patches to fix weaknesses. The share of Windows 7 users among home users is 48%, among small and medium-sized businesses - 14%, and among micro-businesses - 30%. It is especially important for small businesses to keep their operating systems up-to-date, as they do not have the resources to combat cybersecurity.

24 May

The fight against online fraud and cyber threats is intensifying

A new, improved and more functional version of the Blacklist.gov.az project, created by the State Service for Special Communications and Information Security, has been launched. According to the Centre for Combating Computer Incidents, the project aims to improve efforts to fight online fraud and cyber threats in the country; expose domain names used in cyber-fraud and cyberattacks, and create protective extensions for web browsers and API integration to protect internet users.

Russian news

5 April

Fraudsters using “Yandex.Money” to deceive Russians

The classic mechanism for acquiring bank card details in Russia through malicious emails is experiencing a rebirth. RIA News reports that scammers, posing as Yandex.Money e-wallet operators, are demanding funds be transferred to a bitcoin wallet under the threat of compromising videos being published.

6 April

Experts have counted over 1.5 thousand pseudo-banks in Runet since the start of the year

In Russia, the number of pseudo-banks grew 20% in Q1 2021 to 1,529, according to the cybersecurity company BI.ZONE. The number of phishing sites is growing, as it proves to be the cheapest and most effective to reach as many members of the public as possible, explained Evgeny Voloshin, director of the company's expert services block. The average time needed to block fraudulent resources is between 10 and 70 hours, but in extreme cases, the time required to limit access can be up to several weeks, he stressed.

7 April

Experts: scammers use Telegram bots and Google forms to automate phishing

User data stolen as a result of phishing attacks is increasingly being uploaded not only via e-mail, but also in legitimate services as Google forms and the Telegram messenger, according to a study by Group-IB. Automated phishing makes use of Telegram bots on ready-made platforms as they are able to control the entire phishing attack process and keep a record of any funds stolen.

12 April

Central Bank: social engineering remains the main threat to financial cybersecurity

Social engineering remains the main threat to financial cybersecurity, but its share in total theft is falling, according to the Russian Central Bank’s “2020 review of operations performed without the consent of financial institution clients” report.

Social engineering’s share of all unauthorised operations decreased at the end of 2020 to 61.8% (from 68.6% in 2019) thanks to the joint efforts of the Bank of Russia, financial organisations and law enforcement agencies to increase the public cyber literacy, the regulator said in a statement.

14 April

Mass use of biometrics could lead to an increase in cybercrime numbers

The widespread use of biometric identification may lead to an increase in fraud using the technology. The opinion was expressed at a TASS press conference by the president of the InfoWatch group of companies, chairperson of the board of the association of software developers “techestvenny soft” Natalya Kasperskaya.

20 April

Moody's: small banks in Russia are more exposed to cyber fraud risks

TASS reports that small banks in Russia are more exposed to cyber fraud according to Moody's.

The data of hundreds of Russian companies appears in the public domain

Kommersant reports that the corporate data of hundreds of large and thousands of small Russian companies has appeared in the public domain, referring to information from the softline company Infosecurity. The organisations posted information on the boards of the free online project manager Trello. Almost a million public Trello boards are currently indexed by search engines, with thousands of them containing confidential information, analysts have said. In Russia, Trello boards are mainly used by small and medium-sized businesses; representatives of large organisations, including banks, according to Infosecurity.

6 May

Bank fraudsters have started using robots to call customers

According to Izvestia, Russian scammers have learned to use robots similar to those used by financial organisations, calling customers with individual offers, referring to banking sector experts. According to Alexey Konyaev, head of analytical solutions for countering fraud and financial crime at SAS Russia / CIS, robots are becoming popular in the early stages of fraud conversations, saving time when eliminating anyone not taken in by the scam. The scammers’ main tool is psychological pressure. If the potential victim does not drop the call and shows interest, then the call is transferred to a “bank employee”, who will continue the conversation. Mr Konayev added that if we remember this mechanism, it should be easy to distinguish between an attacker and a real financial organisation.

12 May

"Collecting data from social networks is easier than from bank leaks”

Data from social networks is a more effective way of finding information on a potential victim for a fraudster than from bank leaks, said Artem Sychev, Central Bank Information Security Department Deputy Head, who oversees the Centre for Monitoring and Responding to Financial Sector Cyber Attacks.

A series of cyber attacks on Russian government agencies has identified

Rostelecom-Solar, a Rostelecom subsidiary and provider of cybersecurity technology, together with the National Coordination Centre for Computer Incidents, has identified a series of cyber group attacks on Russian authorities. According to the provider, the hackers’ main goal is to compromise IT infrastructure and steal confidential information, including documentation from isolated segments and key employee email correspondence.

Sources

We used the following information sources to prepare this material:

https://profit.kz/

https://www.banki.ru/

https://xeberler.az/

Monthly selection of cyber news