Cybersecurity: New challenges in cyberspace for Azerbaijan Caliber.Az review

Amid global disintegration and geopolitical tensions in recent years, a new wave of cyber warfare has emerged. Hacker attacks on media network resources, websites, and digital document management systems of government structures, as well as E-Government service portals, have significantly intensified. Simultaneously, there has been a noticeable increase in criminal cyber threats, posing serious risks to individuals, as well as to the corporate and financial sectors of many countries worldwide.

Azerbaijan is not immune to such risks. Notably, according to recently published information, the State Service of Special Communication and Information Security of Azerbaijan (SSSCIS) has identified a cyber group operating across 135 countries, including Azerbaijan.

The methods and practices of global cybercrime are increasingly being employed as instruments of ideological and military-political struggle, as well as cyber espionage, between conflicting states. These states actively use cyber groups, often fostering ideological motives to underpin the activities of hacker organizations. This trend intensified significantly in 2022 with the onset of the Russia-Ukraine war.

Today, the most prioritized targets for cyberattacks remain government service portals, electronic media websites, and critical infrastructure within the corporate sector, including industrial and energy facilities, as well as financial structures.

Despite Azerbaijan's policy of neutrality and non-involvement in global conflicts, the growing tension in global cyberspace indirectly affects the country. Recently, the State Service of Special Communication and Information Security of Azerbaijan (SSSCIS) reported progress in an investigation that uncovered an international cyber group operating in over 100 countries. According to the State Service, through malware analysis, reverse engineering, and counter-cyberintelligence measures, the central command server of the malicious software was seized.

"According to the investigation, the cyber group managed to infect a total of 270,741 computers across 135 countries, including 7,790 in Azerbaijan. Of these infections in Azerbaijan, 35 were found on computers of various government institutions not connected to a centralized antivirus system," the SSSCIS reported.

To ensure information security, the State Service implemented appropriate security measures in government institutions and blocked all indicators in the country associated with the identified virus.

The "Computer Emergency Response Team" (CERT.gov.az), operating under the SSSCIS, shared information about infected computers with partner CERT centres in several countries. This collaboration helped neutralize the activities of the international cyber group in many parts of the world.

To minimize similar incidents in the future, CERT recommends that government agencies in Azerbaijan connect to the centralized antivirus system, while encouraging citizens to use antivirus software individually.

Thanks to the efforts of SSSCIS specialists and the CERT Center, significant progress has been made in recent years to protect government web resources and critical infrastructure in Azerbaijan from cyber threats. This includes safeguarding servers integrated into the centralized antivirus system.

Notably, the issues of cybersecurity for information resources, government portals, and the overall e-government system, along with enhancing mechanisms for protecting and maintaining the confidentiality of digital information, were recently discussed during the UN Climate Conference – COP29 held in Baku.

"It is essential to develop data recovery plans that account for the risks posed by digital transformation, particularly those related to information security. This issue is critical as societies are becoming increasingly vulnerable to cyberattacks, making timely cybersecurity measures absolutely vital," stated Vincenzo Aquaro, Chief of Digital Government at the UN Department of Economic and Social Affairs (UN DESA), during COP29 events. "Other risks involve systemic failures, including potential data loss, which underscores the necessity of establishing robust data recovery mechanisms."

These challenges are equally relevant for Azerbaijan. In this context, DATA centres play a crucial role in thwarting attempts by cybercriminals to breach databases and web resources of private companies and government institutions. By ensuring effective protection and secure storage of digital information, these centres form the backbone of Azerbaijan's centralized "Government Cloud" (G-cloud) system.

Not long ago, many government and private entities in Azerbaijan relied on their own server infrastructures, foregoing the advantages of cloud storage and DATA centres due to inertia. This duplication of functions led to unnecessary expenses and complicated operational processes, requiring each organization to maintain a large staff of system administrators and cybersecurity personnel.

Today, however, the G-cloud project, operated by AzInTelecom, a structural division of the Ministry of Digital Development and Transport of Azerbaijan (MCDT), has facilitated the full or partial migration of information systems and resources for about 200 government institutions and private companies to primary and backup DATA centres located in Baku and Yevlakh. These centres meet the international Uptime Institute TIER III standards, offering a range of cloud services. They play a critical role in preventing cyberattacks, ensuring robust cybersecurity for primary and backup databases, and supporting the seamless operation of web resources.

In recent years, Azerbaijan has undertaken large-scale efforts to enhance the cybersecurity of its governmental and corporate information systems. These initiatives have yielded significant results: in the 2020 Cybersecurity Index by the International Telecommunication Union, Azerbaijan climbed 15 positions, ranking 40th among 169 countries. For comparison, Israel ranked 36th, Switzerland 42nd, and Georgia 55th.

According to Kaspersky, the least protected segment in Azerbaijan remains private users, while small media outlets and private organizations also exhibit notable gaps and shortcomings in network security. These issues are significant, considering that last year 97 informational resources registered under Azerbaijan’s .az domain were subjected to cyberattacks.

Investigations into these incidents revealed numerous violations in the area of network security for the country’s informational resources. For example, 34% of local web resources were encoded incorrectly and insecurely, while 66% suffered from improperly configured servers, making them vulnerable to hacking.

According to S&P Global Ratings, banks, payment systems, other financial institutions, and their clients are the most attractive targets for cybercriminals. The primary objectives are gaining access to valuable personal data and transaction mechanisms, with organizations that have weak risk management systems being particularly vulnerable to cyberattacks.

This issue is also present in Azerbaijan. In March, the Ministry of Digital Development and Transport (MCDT) reported the discovery of a database containing the card details of 13,000 clients from various banks who had fallen victim to cybercriminals earlier this year. The database was handed over to the relevant authority to notify affected citizens. Meanwhile, social media users were advised not to click on suspicious links and to avoid sharing confidential information.