Monthly selection of cyber news
January 2021, issue 10
Over 100 thousand Zyxel firewalls and VPN gateways contain a backdoor
Over 100,000 firewalls, VPN gateways and access point controllers from Zyxel contained a hard-coded administrative backdoor account that could give cybercriminals root access to devices via the SSH interface or web admin panel. According to the Kazakhstan Computer Incident Response Service, the dangerous account was discovered by Eye Control specialists based in the Netherlands.
Kazakhstan hacker causes the postponement of 164 billion tenge of government procurements
The Kazakhstan National Security Committee press service has reported that the Goszakup.gov.kz site was hacked in May 2020 causing the postponement of 7,901 state procurements worth 164 billion tenge. The KNB, with the assistance of the Electronic Finance Centre, identified the hacker, who claimed he had wanted to fix the results of electronic procurements in his favour.
594 million attacks made against the Kazakhstan state authorities
In 2020, the State Technical Service identified and blocked 594 million network attacks on state electronic resources. According to the Ministry of Digital Development, Innovation and Aerospace Industry, the Integrated Internet Access Gateway significantly reduces the risk of unauthorised access and malicious impact on state electronic information resources.
Rules for the use of drones approved in Kazakhstan
On 31 December 2020, the Acting Minister of Industry and Infrastructure Development approved rules for operating pilotless aircraft in Kazakhstan airspace. Pilotless aircraft should be registered with the civil aviation authorities, with the exception of those subject to registration with the state aviation authorities, reports Zakon.kz.
More Internet fraud revealed in Azerbaijan
Online fraud continues to grow in Azerbaijan according to the Centre for Combating Computer Incidents. Individuals are being blackmailed to pay their accounts on fake pages under the threat of the seizure of their details.
Azerbaijan’s global internet speed ranking is announced
Azerbaijan has the 66th fastest mobile Internet speed out of 139 countries according to the Speedtest Global Index for November, which also gives the country 117th out of 176 countries in terms of stable internet speed. According to the rating, the download speed from the mobile Internet in Azerbaijan has increased from 30.26 Mbps to 31.45 Mbps over the past 12 months. Fixed internet download speed increased from 21.20 Mbps to 23.04 Mbps.
In 2020, demand for e-signature certificates increases by 32%
As the number of electronic signature certificates in Azerbaijan increases, so does the scope of their use. In 2020, the Ministry of Transport, Communications and Advanced Technology’s National Certification Services Centre issued e-signature tokens to 9,838 government agencies, 4,990 entrepreneurs, and 2,928 individuals, which is a 32% increase on 2019.
The Resource Management Centre system launches a new "Block List" module
The State Service for Special Communications and Information Security Computer Incident Response Centre has launched a new "Block List" module in its Resource Management Centre system to allow government agencies to learn about cybersecurity incidents detected by the Computer Incident Response Centre to analyse cyberattacks blocked by AZSTATENET for state network security, the reasons why they were blocked and the types of attacks used.
The Azerbaijan Innovation Agency compiles a catalogue of local IT companies
The Innovation Agency has developed a catalogue of IT companies operating in Azerbaijan, together with their address and contact number. You can download the catalogue from the documents and reports section of the agency's website or by following the link below: https://bit.ly/3qj3DS9.
Cybercriminals create fake sites similar to the official Azerpocht website
Given the large number of messages from the public and the fact that most people are victims of cyber-scams due to a lack of awareness, the Azerbaijan Electronic Security Service is warning about fake websites opened in the name of Azerpocht. According to the ministry, cyber-fraudsters are creating fake sites similar to the Azerpocht official website to obtain funds illegally from people selling products online. Acting as buyers, they use fake WhatsApp numbers to ask sellers to enter their card details on a fake Azerpocht site and make payment, after which funds fall into the hands of the cyber-fraudsters.
Google Cloud begins paying taxes in Uzbekistan
Google Cloud has become the fourth division of Google to register for tax purposes in Uzbekistan after Google Commerce Limited, Google Voice Inc and Google Ireland Limited.
Remote working creates new opportunities for fraud
A new form of fraud has appeared combining the approaches of hackers and social engineering, writes Kommersant, referring to the RTM Group. Attackers, under the guise of an employer, call their victims offering attractive working conditions, with the proviso that you first install a number of Play Market applications, one of which contains a virus previously downloaded by fraudsters.
Experts warn about cyber fraudster "courier scheme" activities
Group-IB company experts are tracking the activities of Russian-speaking groups in the CIS, Europe and US, stealing money and bank card details using fake courier service and marketplace sites. At least 20 large groups are working against users from Romania, Bulgaria, France, Poland, the Czech Republic, the US, Ukraine, Uzbekistan, Kyrgyzstan and Kazakhstan.
Cybercrime in Russia has increased 20 times in seven years
In an interview with TASS, the head of the Russian Investigative Committee’s Cybercrime and High-Tech Crime Investigation Department Konstantin Komarda declared that cybercrime in Russia had increased 20-fold over the past seven years and continues to increase.
Large companies receive fake mail on behalf of Russian Post
Employees of large Russian companies have received fraudulent parcel delay messages purporting to be from Russian Post, using a fake domain Mail.ru Group, writes Kommersant. Recipients were asked to click on the link to pay customs duties, a service fee or transportation costs to receive the allegedly delayed parcel.
Experts reveal the transfer of the personal details of many Russian through state applications
88% of state mobile applications, such as “Moscow State Services” and “Active Citizen”, have at least one inbuilt tracker that transmits data to third-party companies, according to RBC. The figure was taken from the ANO Infoculture “privacy of state mobile applications in Russia” paper.
We used the following information sources to prepare this material:
Keep up to date!
Combating COVID-19 with resilience | Deloitte Global
Leaders like you are responding to one of the most sweeping crises in recent memory, calling for both empathy and action to guide your people and businesses through uncertain times. This page gathers Deloitte’s global insights to help you not only respond to this crisis, but recover and thrive.