Every year, information technology makes our lives easier and more convenient, but at the same time, the number of threats to which both government agencies and ordinary users are exposed increases. Cyber attacks have become part of modern reality, affecting private data, finances, and even national security. The year 2024 was a year of vivid examples of how the digital age requires increased attention to cybersecurity issues. As is customary, at the beginning of each year, JSC State Technical Service presents a new issue of the cyber digest, which highlights incidents in the field of information security in Kazakhstan over the past period.
The Zaimer data leak.kz: personal data of millions is publicly available
In March 2024, Kazakhstan faced one of the largest data leaks. Microfinance organization database Zaimer.kz information including personal information of 1,947,022 citizens has been publicly available on Telegram. The data includes users’ full names, identification numbers, and contact phone numbers.
This information quickly fell into the hands of fraudsters, who used it to create fake loans, apply for loans, and steal money from customer accounts.
Why did this happen?
Cybersecurity experts point out that the organization has not provided an adequate level of database protection. The lack of regular security checks, outdated systems, and weak encryption caused the leak.
How can such cases be prevented?
Use database-level encryption.
Regularly audit security systems.
Notify clients about the risks and teach them the basics of cyber hygiene.
Cyber attack on the Ministry
In June 2024, attackers attacked the server of one of the country’s ministries. Using special utilities, they gained access to a database of employee accounts, including administrative ones. Using the data extraction technique, hackers could gain access to confidential correspondence and strategic documents.
This case has become a serious challenge to national security. Experts claim that the attack could have been organized by foreign hacker groups for the purpose of espionage.
Consequences of the attack:
The threat of data leakage related to international agreements.
The risk of deterioration of diplomatic relations.
What measures have been taken?
The compromised system was immediately disconnected from the network.
The employee credentials have been updated, and access to the server has been blocked.
Medical information system data leak: a threat to the most defenseless
Another major leak in 2024 was the compromise of data from the medical information system, which contains information about children registered in medical institutions in Kazakhstan. The children’s personal data, including their dates of birth, names and addresses, became publicly available.
Such data can be used for social engineering, creating fake profiles, or even kidnapping children. The vulnerability of the system has shown that even the most sensitive databases require more serious protection.
DDoS attack on domestic AI: an online resource under the gun
In January 2024, a domestic Internet resource became the victim of a high-intensity DDoS attack. Hackers used tens of thousands of requests from thousands of IP addresses to overload the server and make the site inaccessible.
This attack disabled the resource for several hours, resulting in reputational and financial losses.
After this incident, AI installed Cloudflare and CAPTCHA protection systems to reduce the risk of such attacks happening again.
DDoS attacks remain a popular hacker tool, and they can only be prevented by using professional traffic filtering solutions.
Global incidents: lessons for Kazakhstan
Kazakhstan was not the only country affected by digital threats. In 2024, the world faced a number of large-scale incidents that highlighted the global nature of cyber threats.
Hacking of the cryptocurrency exchange (USA): Hackers stole more than $ 1 billion due to a vulnerability in the exchange’s system.
India’s largest bank data leak: Millions of customers’ data has been published on the darknet, leading to a wave of financial fraud.
An attack on an educational platform in Europe: Hackers have compromised student data, including the personal information of minors.
These cases have shown that attacks are becoming more complex and widespread. Even the most technologically advanced companies are not ready for modern threats.
Cybersecurity is no longer just a technical challenge — it is a strategic necessity that determines the sustainability of organizations in the digital world. In 2025, an increase in the number of cyber attacks and the development of AI technologies is expected, which will require companies not only to implement advanced solutions, but also to train personnel capable of responding quickly to threats.
In 2024, GTS JSC recorded more than 41,000 incidents in the field of information security, including viruses, network worms and Trojans. The escalation of threats is associated with the use of IoT (Internet of Things) and AI in cyber attacks, which requires constant improvement of protection and improvement of user awareness on cyber hygiene issues.
Trends and forecasts: where is information security heading in 2025?
In 2025, one of the most significant threats in the field of disinformation will be the use of artificial intelligence. This poses a serious challenge to information security, as such technologies can be used to spread disinformation on a massive scale, and in the face of this threat, the need to develop and implement effective AI algorithms will become a priority for government agencies, technology companies, and international organizations.
For more information, see CYBERCODE 2024: Challenges of the Digital Age.
