Cybersecurity is a broad concept that encompasses technologies, processes and policies that help prevent and/or mitigate the negative impact of events in cyberspace that may occur as a result of deliberate actions against information technology by a hostile or malicious entity. This includes physical security as well as cybersecurity such as protection against insider threats. This entails all levels of the Internet and all the multiple actors involved in providing and using the network, from those who control and build this infrastructure to the diverse end users.
Given this broad definition, the question to be answered is who then is responsible for cybersecurity? Although responsibility most often depends on the specific activity and context. In particular, the worldwide adoption of the Internet has enabled end users not only to access information from around the world, but also to create and otherwise obtain their own information for the world. In many ways, this has empowered users, as evidenced by the many ways in which users can challenge influencers such as the press with compensating information. However, this also means that the responsibility for the security of information resources on the Internet has shifted to users around the world and the institutions in which they participate, and not just to the technical experts involved in cybersecurity. This does not mean that end users should be responsible for their own online security, but they are increasingly expected to share some responsibility with other participants.
In the course of monitoring the national segment of the Internet network, susceptibility to 132,003 cybersecurity threats was revealed. Threat research has shown that:
- 106,508 cases refer to hosts that have become members of botnet networks;
- 13 882 connected with the blocking of IP-addresses blacklisted by various services due to sending spam emails or brute-force passwords;
- 8 457 associated with the use of the TFTP protocol (Trivial File Transfer Protocol) and related ports, the use of which can lead to the download of foreign content due to the lack of authentication mechanisms;
- 2 114 refers to the use of the vulnerable RDP protocol (Remote Desktop Protocol);
- 1,042 cases related to the use of software and the RMS that do not have an authentication mechanism.
Uzbekistan was no exception, only in 2021, numerous projects were completed to widely introduce information and communication technologies in the field of activity of state and economic authorities, local government and other organizations. All information and communication technologies and equipment used in Uzbekistan and the world in the aggregate is cyberspace. This development also has a downside - cybercrime, which gives attackers new and sophisticated ways to extort money and use cyberspace for malicious purposes.
A comparative analysis of the number of incidents for 2018 and 2019 showed a positive trend, namely a decrease in the number of incidents by 44%. In 2019, 268 incidents were detected in information systems and websites of the national segment of the Internet (of which 222 relate to unauthorized content download, 45 to the destruction or alteration of the content of the site, and 1 to hidden mining. Of the total number of identified incidents, 27 are government websites), 816 vulnerabilities and about 132,000 information security threats.
During the examination (audit) of information systems and websites for compliance with information security requirements, 816 vulnerabilities with different levels of criticality were identified.
Using these vulnerabilities will allow an attacker to gain remote access to an information system or website, as well as files and information, which in turn can lead to the leakage of personal data of 2,026,824 citizens of the Republic of Uzbekistan.
In 2020, based on the results of monitoring cybersecurity incidents committed against websites of the "UZ" domain zone, 342 incidents were recorded, of which 306 relate to unauthorized content uploads, the remaining 36 are related to unauthorized changes to the main page .
Along with this, when monitoring information systems, the specialists of the “Cybersecurity Center” presented an overview “Cybersecurity of the Republic of Uzbekistan. Results of 2021” of state bodies, in which 17,097,478 events were identified.
As of 2021, 100,015 domains of the national segment of the Internet “.uz” are registered in Uzbekistan, of which about 38,000 are active. Of the 38,000 active domains, only 14,014 are secure, i. have an SSL security certificate. In other cases, either the certificate is expired - 613 cases, or is absent.
In 2021, the Center identified 17,097,478 cases of malicious and suspicious network activity originating from the address space of the national segment of the Internet. Most of this activity, namely 76%, are members of botnets.
In particular, when compared with the same period in 2020 (more than 20 million cyber threats), the number of cyber threats to cyber security decreased by 20%, due to coordinated measures to respond to identified cyber security vulnerabilities and network anomalies.
In addition, with the help of the Center's web application protection system, 1,354,106 cyber attacks committed against websites of the national segment of the Internet were detected and repelled.
The largest number of cyber attacks were committed from the territory of Uzbekistan, the Russian Federation, Germany, etc.
During the monitoring of information systems of state bodies connected to the interdepartmental data transmission network (ISTN), 33,317,648 security events were recorded, of which 347,742 events could lead to unauthorized access and leakage of confidential information.
As a result of monitoring cybersecurity incidents committed against websites of the "UZ" domain zone, 444 incidents were recorded, of which the largest number were unauthorized content downloads - 341 and unauthorized changes to the main page (Deface) - 89. An analysis of incidents showed that the web -public sector sites (134 incidents) are attacked 3 times less frequently than those of the private sector (310 incidents).
A detailed analysis of incidents showed that the most vulnerable (often attacked) are websites developed on content management systems Wordpress, Joomla, Open Journal Systems and Drupal.
The main reasons and methods for the successful implementation of hacker attacks are: the presence of vulnerabilities in web applications, in particular due to their untimely updating (72%), the use of weak passwords (25%), and others. In particular, investigations revealed 6,635 malicious files and scripts that pose cybersecurity threats to information systems and resources, as well as their users.
Along with this, it was determined that in 97% of cases, the sources of illegal activity are the address spaces of foreign countries. In particular, the following countries are associated with the largest number of cases of illegal activity: the United States, Indonesia, the Netherlands, Romania, Algeria and Tunisia. At the same time, it must be remembered that attackers use proxy services to hide their true location and use chains of proxy servers to complicate their search. Such a large amount of illegal activity in the address space of the Republic is due to the neglect of the majority of owners and administrators of national information systems and resources with the requirements of information and cyber security, which significantly increases the risk of unauthorized interference in their work.
Among the identified events, 245,891 may lead to compromise of information systems (IS). Among the main factors that determine the vulnerability of IS from the means of information impact and increase the importance of the problem of protecting processed information from unauthorized access (UAS), include:
- a long period of operation inherent in information and network resources, due to the emergence of new tasks, tools and technologies for information processing in computer systems;
- the possibility of the presence in the software of computer systems of errors and undeclared features in the case of using software products executed on closed source codes;
- significant remoteness of computer system nodes from each other and their possible interaction through public networks (Internet), which leads to the need to organize secure computer communication channels via open communication channels;
- development of high-speed systems for obtaining and processing information based on molecular computers and artificial intelligence from a potential enemy.
All of the above indicates the aggravation of cyber threats in Uzbekistan. And it is not difficult to conclude that today it is worth paying special attention to security in cyberspace, in particular, increasing the level of security and ensuring cybersecurity of information systems and websites, as well as regularly raising the level of user knowledge in the field of information and communication technologies and information security. Along with this, experts recommend:
1. Use licensed and certified operating systems and software.
2. Regularly update and keep up-to-date versions of operating systems, software and security components used. Update from official sources.
3. Use security plugins with the functions of searching, removing and protecting against malware in the future.
4. Regularly carry out work on backing up databases, files, mail, etc.
5. Remove Unused Plugins - Any new plugin or extension increases the chance of being attacked by intruders. In this regard, it is recommended to disable and remove unused plugins and, if possible, use built-in mechanisms instead of installing a plugin on a case-by-case basis. 6. Strengthen password authentication - for the administrative account, personal account on the service provider's website and account on the server (for example, for dedicated or "co-location" hosting), it is strongly recommended to use a complex and non-repeating password. When changing a password, it is recommended to use the rules for generating passwords for accounts, which provide for the generation of passwords using numbers, special characters, upper and lower case letters with a minimum length of 8 characters. We recommend that you set up two-factor authentication (if available). It is also recommended to set a limit on the number of login attempts (protection against brute force attacks).
7. To access the information system or website from devices (computers, tablets) on which anti-virus software with up-to-date virus signature databases is installed.
8. Periodically conduct examinations for compliance with the requirements for ensuring the cybersecurity of information systems and resources. Timely eliminate identified vulnerabilities on the basis of recommendations sent following the results of the examinations.
9. Regularly improve the qualifications and level of knowledge in the field of information and communication technologies and information security of users (employees).
10. Respond promptly and take appropriate measures to eliminate threats and eliminate the consequences of cybersecurity incidents.
The adoption of the above and other additional protection measures will significantly reduce the risks of cybersecurity threats, which in turn will make it possible to protect yourself from possible attacks and the subsequent need to eliminate the causes and consequences of information security incidents.