Phishing websites, spear-phishing, whaling — Cyber Shield of Kazakhstan improves security systems

Back in 2017 when he was the Head of State, the First President of Kazakhstan - Elbasy Nursultan Nazarbayev in his Address "Third Modernization of Kazakhstan: Global Competitiveness" drew attention to the urgency of the problem of combating cybercrime. Then the Government and the National Security Committee of the Republic of Kazakhstan were instructed to take measures to create the Cyber ​​Shield of Kazakhstan system. How is the country's cybersecurity system developing now? Read the review by Primeminister.kz about the problems and their solutions in the light of new world challenges.

The pandemic has expanded the types and scope of cybercrimes. Fearing the risk of infection, people have practically transferred most of their life processes from purchasing products to labor relations to Internet sites where data leakage is likely.

How to ensure information security in such conditions, to resist the growing cyber threats, to protect the personal data of citizens, information infrastructure, strategically important facilities and, in general, to increase the security of the national information space?

In order to solve all these tasks, in June 2017, the Government approved the Cybersecurity Concept "Cyber ​​Shield of Kazakhstan».

The concept is based on an assessment of the current situation in the field of informatization of state bodies, automation of public services, the prospects for the development of digital economy and technological modernization of production processes in industry, expanding the scope of provision of information and communication services.

The document determined the main directions for the implementation of state policy in the field of protecting electronic information resources, information systems and telecommunication networks, ensuring the safe use of information and communication technologies.

Since 2018, the State Technical Service Joint Stock Company (JSC GTS) has become one of the active participants in the implementation of the activities of the Concept of Cyber ​​Shield of Kazakhstan and the State Program Digital Kazakhstan. Due to the significant results of the company in the development of the cybersecurity system in its industry, for 2019-2020, according to the official report of the International Telecommunication Union, the Republic of Kazakhstan ranks 31st in the International Cyber ​​Readiness Rating. And this is given that in 2018-2019 Kazakhstan was ranked 40th, and in the report of the International Telecommunication Union for 2017-2018, Kazakhstan was ranked 83rd. Such significant results have been achieved in a couple of years as part of the implementation of the Cyber Shield Concept.

So, for more than 10 years, JSC GTS has been working to protect the electronic border of Kazakhstan and carries out monopoly activities in the fields of informatization and information security. Among them:

- Response to computer incidents (KZ-CERT);

- Monitoring of information security events of objects of informatization of state bodies;

- Monitoring of information security of objects of informatization of electronic government;

- Research of malicious code;

- Testing of objects of informatization of e-government for compliance with information security requirements;

- A single gateway for access to the Internet and a Single gateway for e-mail of e-government (ESEP);

- Organization and technical support of Internet traffic exchange points for long-distance and international operators on the territory of the Republic of Kazakhstan (Peering).

Thanks to the technological solutions of JSC GTS, about 1 million attacks are repelled daily. At the same time, every day to ensure the integrity of the state structure, the received letters are checked by means of the Unified School of Economics, where out of 500 thousand letters, only 180-200 thousand are received. The rest of the letters are spam mailings or contain malicious software.

Continuing the topic of statistics on cyber incidents, it should be noted that for 5 months of 2021, the National Computer Incident Response Service KZ-CERT registered 11,432 incidents and information security threats. Compared to the same period last year, the increase was about 15%.

For Kazakh users, the most urgent threat remains the spread of phishing resources. Compared to the same period in 2020, there is an increase in their number, which are associated with the emulation of various popular services and mailings on behalf of second-tier banks, postal organizations, trading platforms, online stores, taxi services, etc.

In addition, the threat of the spread of malicious software in the Kazakhstani segment of the Internet is no less urgent. So, in 2020 alone, 2,458 incidents related to this threat were registered and processed. Compared to 2019, the growth was 6%.

Among malicious software for both Kazakhstani users and users around the world, the most common is the spread of botnets, which account for about 83% of the total number of incidents registered in 2020.

Also, computer viruses, Trojan horses and network worms are actively spreading in the Kazakhstani segment of the Internet. The peak in activity of cybercriminals using malware was observed in March 2020, during the period of a massive transition to a remote mode of work and training during the quarantine of the coronavirus pandemic.

Most popular phishing schemes for cybercriminals

Today, the following cybercriminal schemes remain the most popular:

Phishing sites. This is the most popular method of mass identity theft (bank details, personal data, etc.). For this purpose, phishing Internet resources are specially created that are hosted on domains that are as similar to real ones as possible. In this case, URLs with deliberate typos or subdomains are used (goooogle.kz, yandeks.kz, mail.com.ru, olxxx.kz, kolessa.kz>, etc.). The design of the site is made in a similar style and, as a rule, at first glance, does not arouse obvious suspicions among the user. The KZ-CERT service more and more often identifies popular "clones" or supposedly draws from global brands and celebrities (note "Toyota Camry draw from Khabib Nurmagomedov", "Adidas shoes draw", "OLX Delivery", "Social payments", etc. .).

Spear-phishing — sending emails to users on behalf of a fake sender (Bank, Tax, Public Service Center, etc.). Basically, mailing takes place among users (victims) and high value organizations (big business organizations and corporations). Attackers use this scheme to gain access to the bank credentials of users or employees of an organization. Such a scheme is more beneficial for an attacker than "manual" searches for bank details of users on the Internet.

Whaling is a phishing attack aimed at the leaders of large organizations, where the attacker impersonates the leadership of the organization in order to exploit his official position in order to entice employees (the victim) to make payments or share information (confidential or personal data).

Targeted attacks involving the sending of SMS messages or voice calls (smishing) follow the same patterns as e-mail attacks.

Vishing (voice phishing). Phishing isn't limited to email. This method has been actively used since the beginning of 2020 and up to the present time among clients of second-tier banks.

Unsolicited calls from "technical support of banks" are made to mobile numbers, which in most cases are tied to bank cards. In such support-related phishing scams, attackers convince unsuspecting people to provide them with a code from an SMS message that the attacker will send to the victim's number. Posing as technical support, criminals gain control over users' bank accounts.

International cooperation

Of course, in the field of information security, active international cooperation is necessary for ensuring prompt response to threats and information security incidents. National Computer Incident Response Service KZ-CERT JSC GTS on an ongoing basis works to establish interaction with foreign organizations in the field of information security - Services / Teams / Computer Incident Response Teams (CERT / CSIRT) and various cybersecurity alliances.

In addition, KZ-CERT JSC GTS is:

  • Full member of the Organization of Islamic Interaction of the Computer Incident Response Services — OIC-CERT;
  • Member of the Anti-Phishing Working Group — APWG;
  • Member of the Steering Committee of the Cybersecurity Alliance for Mutual Progress — CAMP;
  • Member of the Forum of Incident Response and Security Teams — FIRST;
  • APCERT Liaison Partner (Asia Pacific Computer Incident Response Services);
  • Trusted representative of the TF-CSIRT Security and Incident Response Services.

To date, JSC GTS has signed more than 16 memorandums and agreements with foreign organizations.

Among them: as part of the event, the Computer Incident Response Service of the National Information Security Coordination Center in 2020 re-signed the Memorandum of Understanding with the Computer Incident Response Service of the Republic of Indonesia ID-CERT. Memorandums of cooperation in the field of cybersecurity were also signed with the Computer Incident Response Services with the National Cyber ​​Directorate of the State of Israel, the State Cyber ​​Security Service under the Türkmenaragatnaşyk Agency (Turkmenistan), the rapid response group to computer incidents — the Data Exchange Agency of the Ministry of Justice of Georgia.

Within the framework of Cybersecurity Concept, a special Action Plan approved

In general, funds for the implementation of the Concept are not provided, and the period includes two stages:

In October 2017, the Action Plan for the implementation of the Cybersecurity Concept was approved, within the framework of which the information security standards were improved and legislatively enshrined.

In addition, the concept of cyber insurance has been introduced into the sectoral law, which allows compensation for property damage to an organization caused by computer incidents, as well as moral damage to an individual caused as a result of data leakage.

For the first time in the country, an authorized body in the field of personal data protection has been identified — the Information Security Committee of the ICRIAP of the Republic of Kazakhstan.

In 2020, the rules for the collection and processing of personal data were approved, which determined the procedure and requirements for handling personal data from the stage of collection to the stage of their destruction.

In 2020, a law enforcement practice was launched to prosecute for violation of the requirements for the protection of personal data for EIR (verification against a telecom operator, private business entities) and legislation on electronic documents and digital signatures.

Since 2018, to test the mechanisms for responding to cyber threats within the framework of the National Anti-Crisis Plan for Response to Information Security Incidents, command-and-staff exercises have been held with the participation of representatives of interested government agencies.

In 2018, the National Security Committee of the Republic of Kazakhstan created and launched the National Information Security Coordination Center, which protects the information resources of state bodies and the critical information infrastructure of the Republic from cyber attacks and cyber incidents.

In 2020, 17 central government bodies are centrally equipped with anti-virus protection, prevention of computer attacks and information leaks, and monitoring of information security events. As a result of the implementation of these software and hardware tools, the National Information Security Coordination Center in government agencies recorded more than 55 thousand unique types of events that led to 4 thousand information security incidents. The Head of State has been informed about critical information security incidents.

Also, in order to raise awareness of threats to information security, the following measures are taken:

- Informing about the adopted regulatory and technical requirements in the field of information security;

- Online trainings and refresher courses for civil servants were conducted;

- New professional standards were developed (9 new specialties in the field of information security);

- Specialties in the field of information security were developed. According to the Classifier, a separate direction of training in Information Security has been introduced, for which grants for training are allocated annually.

- Participation in the formation of educational programs of universities;

- Conducting command and staff exercises on countering virus attacks;

- Conclusion of memorandums with universities, providing for the improvement and the number of trained specialists in the field of information security;

- Support of non-governmental organizations and public associations in the field of information security;

- Organization and sponsoring of conferences on topical issues of information security

- explanatory work regarding the need for measures to ensure information security and data protection.

In addition, as part of the implementation of the Concept, a sociological study is carried out annually on the topic: "Awareness of the population about threats to information security (cyber security)».

According to the results of a sociological survey conducted in September 2020, the awareness indicator for 2020 was 78%. This suggests that the awareness of the population in 2020 increased by 15% and 4.5%, compared to 2018 and 2019, where the indicator was 62.9% and 73.5%, respectively.

On July 14, 2021, the Ministry of Digital Development, Information and Aerospace Industry together with Kaspersky Lab JSC conducted a strategic interactive online training Kaspesky Interactive Protection Simulation, organized for employees of diplomatic services. To raise awareness of the security issues of computer systems, the interactive training immersed professionals in a simulated environment where they faced many unexpected cyber threats. At the same time, the participants of the KIPS training had to build a cybersecurity strategy, choosing the best methods of proactive and reactive protection.

Since Jan. 5, 2021, on the website of the Academy of Public Administration under the President of the Republic of Kazakhstan, the program on Digital Civil Servants has been implemented in the public domain in an online format in the form of video courses for training civil servants.

The program includes courses for managers, executives and industry specialists on digitalization of government bodies, which covers the following training topics: "In-depth study of IT legislation", "Information security", "Digital competencies", "Electronic government eGov.kz", Cybersecurity concepts (Cyber ​​Shield of Kazakhstan).

Within the framework of the bill "On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on the Promotion of Innovation, Development of Digitalization and Information Security", amendments have been developed in the field of information security, in particular on:

- duties of local executive bodies, state legal entities, subjects of the quasi-public sector to pass the R&D and IS of mandatory tests for compliance with information security requirements;

- introducing, as an alternative to identifying users who post information on publicly available electronic information resources, in addition to SMS messages, the use of Internet services, the infrastructure of which is located on the territory of the Republic of Kazakhstan to obtain a one-time password;

- attraction of specialists, consultants, experts of civil defense and subordinate organizations, expert-auditors to confirm the conformity of the IS management system, accredited by the authorized body for technical regulation and metrology;

- introduction of the concept of an information security inspector who provides information security audit services on the basis of a license;

- obligations of the owner and owner of OI to record and update information about objects of informatization of e-government and electronic copies of technical documentation of objects of informatization of e-government on the architectural portal;

- fixing the Bug bounty platform (platform for identifying vulnerabilities in informatization objects), which allows, through the involvement of domestic IT specialists, to identify vulnerabilities in state and quasi-state information systems and implement a mechanism for public (professional) control over information security at informatization objects and receive remuneration;

- consolidation of testing for state legal entities and subjects of the quasi-public sector in accredited testing laboratories in accordance with this Law and the legislation of the Republic of Kazakhstan in the field of technical regulation.

Along with this, it is planned to make changes and additions to the Decree of the Government of the Republic of Kazakhstan "On approval of uniform requirements in the field of information and communication technologies and information security" No. 832 dated Dec. 20, 2016.

A working group has been created to develop proposals for amendments and additions to the Unified Requirements in the field of information and communication technologies and information security.

According to the plan of the program, at the second stage, an opportunity should be provided for the participation of Kazakhstani IT companies in the work of national security systems of information and communication infrastructure.

In order to ensure information security in government agencies and create conditions for the development of domestic manufacturers of electronic products and software (hereinafter referred to as ES and software), the Register of trusted products of the electronic industry and software was created. In 2019, amendments to the legislation on public procurement were adopted, according to which ES and software products are included in the Register and purchased on a priority basis. This rule came into force on Jan. 1, 2020. As of today, the Register includes 85 names of ES products and software from 34 manufacturers (software, personal computers, automatic telephone exchanges, noise generators, surge protectors, etc.).

In order to develop the market for high-quality professional services in the field of information security, on behalf of the Head of State, work was carried out with organizations on the feasibility of creating Operational Information Security Centers (hereinafter — OISC), today the total number of OISC on the market is 19.

Cyber ​​Shield of Kazakhstan will sum up the results in 2023

What results should the country come to after the implementation of the Concept of Cyber ​​Shield of Kazakhstan? First of all, of course, as a result, Kazakhstan will receive an improved, well-oiled mechanism for the operation of the cybersecurity system. Further, we can highlight:

1. Global cybersecurity index of Kazakhstan by 2022 — 0.600;

2. Raising awareness of information security threats in 2022 by 20% compared to 2018;

3. Number of retrained specialists in the field of information security by 2022 — 800 people;

4. Increase in the share of domestic software products in the field of informatization and communications used in the state and quasi-state sectors in 2022 by 50% compared to the base period of 2017;

5. The share of using domestic security certificates for encrypted data transmission by Internet resources with the .KZ and .ҚАЗ domains in 2022 is planned to be increased to 100%;

6. The share of information systems of state bodies, non-state information systems integrated with state ones, information systems of critical objects of information and communication infrastructure connected to information security monitoring centers will also reach 100%.

Improvements in cybersecurity system will be constant

As cybercrime is improving, so the cybersecurity system must be in a mode of continuous improvement. Today, in the country, in pursuance of the instructions of the Head of State Kassym-Jomart Tokayev, given within the framework of the National Plan dated Sep. 1, 2020, work has been carried out to transform the Digital Kazakhstan State Program into the Concept for the Development of the Information and Communication Technologies and Digital Sphere Industry, for the implementation of which the National the project Digital Lifestyle (DigitEL).

Achievement of the Global Cybersecurity Index and the target indicator "The level of use of information protection means by the population" are provided for in the Action Plan for the implementation of the Digital Lifestyle Concept (DigitEL). The Concept for the development of the industry of information and communication technologies and the digital sphere specifies the task "Ensuring information security in the field of information and communication technologies."

Stay updated about the events of the Prime Minister and the Government of Kazakhstan - subscribe to the official Telegram channel

Subscribe