High-tech Crime in Serbia – Over 90% of Cyber Attacks Start with Phishing
Members of the Ministry of Internal Affairs, the Department for Suppressing High-tech Crime, filed 166 criminal charges against 168 persons suspected of having committed a high-tech crime-related offense from the beginning of 2020 to October 13.
– The most frequent criminal offenses are fraud, crime against sexual freedom committed against underage persons, displaying, obtaining and owning pornographic material and using an underage person for pornography, stalking, endangering of safety, unauthorized access to a protected computer, computer network and electronic data processing, computer fraud, computer sabotage and others – the Ministry of Internal Affairs says for eKapija.
In order for companies to be protected from high-tech crime, they need to invest in technical equipment, up-to-date operating systems and antivirus tools and in the education of their employees, the ministry advises.
Over 90% of cyber attacks start with phishing
When it comes to ICT systems of special importance, the institution in charge of monitoring incidents on a national level is CERT (National Center for Prevention of Security Risks at the ICT Systems of the Republic of Serbia).
Attacks on such systems have mostly come from abroad. Phishing is the dominant attack vector, aiming to distribute the malware called LokiBot, Jovan Milosavljevic of CERT says and clarifies:
– This trojan is one of the most famous infostealers, which uses a keylogger to oversee the browser and the screen activities and steal cookies and credentials, that is, usernames and passwords stored on such services as web browsers, messaging apps, VPN, FTP, email, gamer accounts and accounts used for online payments and so on.
He adds that, in Serbia, LokiBot has been distributed since May 2020, initially being directed at users in the financial sector and then at public institutions and business entities.
– Considering that over 90% of cyber attacks begin with a phishing campaign, there are preventive solutions which can considerably reduce the reception of such messages. Primarily, these are protocols like SPF, DMARC and DKIM. For that reason, the National CERT has, among other things, presented this topic in the form of a publication available at our web page www.cert.rs, where there`s a detailed explanation about how these protocols are implemented and how important they are.
– The most frequent criminal offenses are fraud, crime against sexual freedom committed against underage persons, displaying, obtaining and owning pornographic material and using an underage person for pornography, stalking, endangering of safety, unauthorized access to a protected computer, computer network and electronic data processing, computer fraud, computer sabotage and others – the Ministry of Internal Affairs says for eKapija.
In order for companies to be protected from high-tech crime, they need to invest in technical equipment, up-to-date operating systems and antivirus tools and in the education of their employees, the ministry advises.
Over 90% of cyber attacks start with phishing
When it comes to ICT systems of special importance, the institution in charge of monitoring incidents on a national level is CERT (National Center for Prevention of Security Risks at the ICT Systems of the Republic of Serbia).
Attacks on such systems have mostly come from abroad. Phishing is the dominant attack vector, aiming to distribute the malware called LokiBot, Jovan Milosavljevic of CERT says and clarifies:
– This trojan is one of the most famous infostealers, which uses a keylogger to oversee the browser and the screen activities and steal cookies and credentials, that is, usernames and passwords stored on such services as web browsers, messaging apps, VPN, FTP, email, gamer accounts and accounts used for online payments and so on.
He adds that, in Serbia, LokiBot has been distributed since May 2020, initially being directed at users in the financial sector and then at public institutions and business entities.
– Considering that over 90% of cyber attacks begin with a phishing campaign, there are preventive solutions which can considerably reduce the reception of such messages. Primarily, these are protocols like SPF, DMARC and DKIM. For that reason, the National CERT has, among other things, presented this topic in the form of a publication available at our web page www.cert.rs, where there`s a detailed explanation about how these protocols are implemented and how important they are.
Law on Information Security
The Ministry of Trade, Tourism and Telecommunications of Serbia, the institution in charge of information security, carries out inspection supervision, the purpose of which is to check the implementation of the stipulations of the Law on Information Security by the operators of ICT systems of special importance.
According to the Law on Information Security, the operators of ICT systems of special importance are obliged to file a notification of incidents at ICT systems, which can have a substantial impact on jeopardizing information security.
– These are in fact incidents which can cause great damage and serious consequences, due to which there can be a break in the continuity of business activities or the provision of services, or which can affect a large number of services, a large number of users, a large part of the territory, or which can have an impact on public safety and so on. So far, the ministry has not received a great number of reports of such incidents in the Republic of Serbia, so it can be said that, according to our findings, incidents at that level of seriousness are rare here – says the Ministry of Trade, Tourism and Telecommunications.
Coronavirus and cyber crime
Jovan Milosavljevic of the National CERT believes that the pandemic has substantially increased the number of cyber attacks in the world. The most common type of attack is, once again, phishing.
– The difference primarily lies in the fact that the entire work process has gone through certain changes due to the pandemic and that a large number of users has switched to working from home, which is an added benefit to the attackers. Also, it is apparent that there are still numerous uncertainties when it comes to COVID-19, which has made things even easier for the attackers. The users are under pressure, both due to the conditions of working from remote locations and due to a large amount of information and disinformation about the pandemic, on a daily basis – eKapija`s interviewee says.
Aleksandra Kekic