Monthly selection of cyber news
January 2021, issue 10
Over 100,000 firewalls, VPN gateways and access point controllers from Zyxel contained a hard-coded administrative backdoor account that could give cybercriminals root access to devices via the SSH interface or web admin panel. According to the Kazakhstan Computer Incident Response Service, the dangerous account was discovered by Eye Control specialists based in the Netherlands.
The Kazakhstan National Security Committee press service has reported that the Goszakup.gov.kz site was hacked in May 2020 causing the postponement of 7,901 state procurements worth 164 billion tenge. The KNB, with the assistance of the Electronic Finance Centre, identified the hacker, who claimed he had wanted to fix the results of electronic procurements in his favour.
In 2020, the State Technical Service identified and blocked 594 million network attacks on state electronic resources. According to the Ministry of Digital Development, Innovation and Aerospace Industry, the Integrated Internet Access Gateway significantly reduces the risk of unauthorised access and malicious impact on state electronic information resources.
On 31 December 2020, the Acting Minister of Industry and Infrastructure Development approved rules for operating pilotless aircraft in Kazakhstan airspace. Pilotless aircraft should be registered with the civil aviation authorities, with the exception of those subject to registration with the state aviation authorities, reports Zakon.kz.
Online fraud continues to grow in Azerbaijan according to the Centre for Combating Computer Incidents. Individuals are being blackmailed to pay their accounts on fake pages under the threat of the seizure of their details.
Azerbaijan has the 66th fastest mobile Internet speed out of 139 countries according to the Speedtest Global Index for November, which also gives the country 117th out of 176 countries in terms of stable internet speed. According to the rating, the download speed from the mobile Internet in Azerbaijan has increased from 30.26 Mbps to 31.45 Mbps over the past 12 months. Fixed internet download speed increased from 21.20 Mbps to 23.04 Mbps.
As the number of electronic signature certificates in Azerbaijan increases, so does the scope of their use. In 2020, the Ministry of Transport, Communications and Advanced Technology’s National Certification Services Centre issued e-signature tokens to 9,838 government agencies, 4,990 entrepreneurs, and 2,928 individuals, which is a 32% increase on 2019.
The State Service for Special Communications and Information Security Computer Incident Response Centre has launched a new "Block List" module in its Resource Management Centre system to allow government agencies to learn about cybersecurity incidents detected by the Computer Incident Response Centre to analyse cyberattacks blocked by AZSTATENET for state network security, the reasons why they were blocked and the types of attacks used.
The Innovation Agency has developed a catalogue of IT companies operating in Azerbaijan, together with their address and contact number. You can download the catalogue from the documents and reports section of the agency's website or by following the link below: https://bit.ly/3qj3DS9.
Given the large number of messages from the public and the fact that most people are victims of cyber-scams due to a lack of awareness, the Azerbaijan Electronic Security Service is warning about fake websites opened in the name of Azerpocht. According to the ministry, cyber-fraudsters are creating fake sites similar to the Azerpocht official website to obtain funds illegally from people selling products online. Acting as buyers, they use fake WhatsApp numbers to ask sellers to enter their card details on a fake Azerpocht site and make payment, after which funds fall into the hands of the cyber-fraudsters.
Google Cloud has become the fourth division of Google to register for tax purposes in Uzbekistan after Google Commerce Limited, Google Voice Inc and Google Ireland Limited.
A new form of fraud has appeared combining the approaches of hackers and social engineering, writes Kommersant, referring to the RTM Group. Attackers, under the guise of an employer, call their victims offering attractive working conditions, with the proviso that you first install a number of Play Market applications, one of which contains a virus previously downloaded by fraudsters.
Group-IB company experts are tracking the activities of Russian-speaking groups in the CIS, Europe and US, stealing money and bank card details using fake courier service and marketplace sites. At least 20 large groups are working against users from Romania, Bulgaria, France, Poland, the Czech Republic, the US, Ukraine, Uzbekistan, Kyrgyzstan and Kazakhstan.
In an interview with TASS, the head of the Russian Investigative Committee’s Cybercrime and High-Tech Crime Investigation Department Konstantin Komarda declared that cybercrime in Russia had increased 20-fold over the past seven years and continues to increase.
Employees of large Russian companies have received fraudulent parcel delay messages purporting to be from Russian Post, using a fake domain Mail.ru Group, writes Kommersant. Recipients were asked to click on the link to pay customs duties, a service fee or transportation costs to receive the allegedly delayed parcel.
88% of state mobile applications, such as “Moscow State Services” and “Active Citizen”, have at least one inbuilt tracker that transmits data to third-party companies, according to RBC. The figure was taken from the ANO Infoculture “privacy of state mobile applications in Russia” paper.
Keep up to date!
Leaders like you are responding to one of the most sweeping crises in recent memory, calling for both empathy and action to guide your people and businesses through uncertain times. This page gathers Deloitte’s global insights to help you not only respond to this crisis, but recover and thrive.