CYBERSECURITY INCIDENTS OVERVIEW IN MARCH 2023
«State Technical Service» JSC reports that over 14,782,467 cyber attacks were blocked by the equipment of the Unified Internet Access Gateway in March of this year, which is 53% more than in February of this year.
In the same period, manual testing was carried out in relation to the Internet resources of the state bodies of the Republic of Kazakhstan, where 19 vulnerabilities were identified and 11 vulnerabilities were in a high level of criticality. Among all vulnerabilities the most dangerous turned out to be SQL Injection, which is based on the injection of arbitrary SQL code into a query, and is one of the most common ways to hack websites and programs. Using this vulnerability, an attacker could read the contents of any spreadsheets, delete or modify data and execute arbitrary commands on the server.
Mozi.Botnet and Locky.Botnet became the most common types of botnet in the networks of state bodies, local executive bodies and the quasi-public sector. Moreover, the most of the botnets were recorded in local executive bodies.
395 cases of malicious software distribution were registered and processed. The main part also falls on local executive bodies.
Information security specialists of JSC «STS» regularly conduct lectures and seminars for employees of state bodies, local executive bodies and the quasi-public sector. In March, a lecture seminar on information security was held for «Zhasyl Damu» JSC and the Ministry of Energy of the Republic of Kazakhstan. Raising employee awareness is an essential part of keeping an organization safe. However, the ultimate goal should create a culture of information security with a consequent increase in user awareness.
In conclusion, it is important to note the awareness of compliance with information security requirements to prevent any critical consequences on a national scale.
If you encounter an information security incident, please notify us by toll-free number 1400 (24/7) or by following the link: https://www.cert.gov.kz/notify-incident, or by email: incident@cert.gov.kz.
