By Vugar Khalilov
Azerbaijani cybersecurity expert Farid Pardashunas has warned against various cyberattacks spread in the country recently, Trend has reported.
Cyberattacks common in Azerbaijan
Especially, two methods of cyberattacks - Man-in-the-middle and Caller ID Spoofing are common in Azerbaijan, the expert said.
The Man-in-the-middle attack (MITM) is a general term when a perpetrator positions himself in a conversation between a user and an application - either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.
The attack aims to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, online businesses, e-commerce sites and other websites where logging in is required.
“So, attackers call through various fake profiles, in particular, elderly people, politicians, and people with a certain status in a social network. During calls, female profiles are used, which offer the opposite party to perform certain actions of an intimate nature. If the plan succeeds, the cybercriminal takes a video of the victim, sends him this record and, blackmailing him with the distribution of the record, demands money," Pardashunas said.
A common practice that attackers employ to evade detection is to break into poorly secured computers and use those hijacked systems as proxies through which they can launch and route attacks worldwide. Although such attacks are an international problem, there is no international response, which frustrates local law enforcement seeking cooperation from countries where these proxy servers typically reside.
"The main precaution is not to answer video calls from unknown phone numbers. People are simply being deceived and blackmailed using digital engineering methods. Unfortunately, the older generation is not fully aware of the safe use of the Internet, so they are mainly the targets of these attacks," Pardashunas added.
The expert said that Man-in-the-middle and Caller ID Spoofing methods also involve altering the phone number from which the target receives calls.
"It has been observed for many years, and mobile operators are not immune from such cyberattacks, which is one of the big problems in the field of telecommunications,” he underlined.
Another method is the Caller ID Spoofing attack when a perpetrator deliberately falsifies the information transmitted to the target’s caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that the target may already know and trust. If the person answers, they use scam scripts to try to steal money or valuable personal information from the target, which can be used in fraudulent activity.
Victims of cyberattacks
The expert stressed that the victims of such cyber-crimes are usually the elderly people, who are not aware of such threats and not capable of taking preventive measures.
“No government agency or bank can require or demand any confidential information from its client. You can only be invited to the branch of the bank or authority. Basically, attackers try to get bank card data under the pretext of ‘your card is blocked’, ‘your funds may be stolen’, ‘for security reasons',” Pardashunas added.
“I would like to emphasize again that it is impossible to transfer personal information to the opposite side by phone," he concluded.
In early September, the Central Bank of Azerbaijan said that it is expanding international cooperation in the field of information and cyber security.
According to the bank, work continues studying international experience in the field of information and cyber security, as well as the application of solutions based on technologies of other central banks in the banking sector of Azerbaijan.
In this July, the country set up a cyberattack modeling laboratory under the data processing center of the Transport, Communications and High Technologies Ministry to study processes related to cybersecurity and take measures against possible cyber attacks.
"The laboratory will also train specialists in this sector. It’s planned to identify bottlenecks in the systems, provide audit and security services. Besides, regular imitation attacks will be carried out by the experts," the source at the ministry said.
Follow us on Twitter @AzerNewsAz