Axtarış...

Quarterly bulletin

Quarterly bulletin of the State Service of Special Communication and Information Security on the work done to ensure the information security of state institutions:

III QUARTER

In order to ensure the information security of state institutions, 81 million malicious links were blocked in the AzstateNet state network during the 3rd quarter by means of new generation protection equipment, 873 thousand harmful viruses were blocked by means of a centralized antivirus system, and 83 thousand documents containing viruses were protected by a special "Sandbox" File Analysis detected through the systems and prevented from being sent to state institutions.

During the reporting period, 778 cyberattack indicators (IOCs) were identified and blocked, specially targeted APT cyberattacks against state institutions were prevented by analyzing cyberattacks, based on information received from state institutions. 443 of these cyberthreats were identified based on internal investigation, and 335 on the basis of investigations of incidents received by government agencies.

During the reporting period, by using cyber-intelligence capabilities, 40 fake domains similar to the domains of state institutions (gov.az) were prevented from operating across the country, and plans to use the name of state institutions in specially targeted cyber attack preparations by hackers were prevented and cyber attack attempts were prevented;

news-1-1.png


The largest DDoS attack during the reporting period was the DDoS attacks carried out by the enemy country during the "Qisas" anti-terror operations. Thus, the volume of those DDoS attacks increased from 40Gbps to 137 Gbps, and the number of requests reached 19,000,000 pps per second. Although the 8-day long DDoS cyber-attacks targeted a total of 78 information resources (15 of them state), 11 state information resources with AzStateNet users were provided with uninterrupted operation by us.

news-1-2.png


According to the Decree No. 654 of the President of the Republic of Azerbaijan on some measures related to ensuring the security of the Internet information resources and e-mail addresses of the state bodies of the Republic of Azerbaijan, a total of 7 million 230 thousand e-mails were processed and sent to the state e-mail service created by our Service for state institutions under security control during the 3rd quarter, 6 million 419 thousand of them were delivered to users, 732,000 were blocked due to their harmful contents, and 80,000 were quarantined as suspicious e-mails. Currently, 30,000 employees of state institutions use the e-mail system, which is provided with special protection equipment.

news-1-3.png


During the reporting period, 380 security gaps - defects were discovered in the state information resources, and audit reports were prepared and submitted to relevant institutions along with recommendations for elimination.

Also, during this period, 4,544 requests from state institutions were accepted and registered by means of the "Electronic Request System", which was put to use by state institutions in 2014, and necessary security measures were implemented.

news-1-4.png


Institutions most actively involved in reporting incidents and informing in the investigation and blocking of specific cyber attack indicators during the reporting period through the Electronic Inquiry System are reflected below:

news-1-5.png


During the reporting period, within the framework of the "Cyber Hygiene" project, 4,475 employees of state institutions were involved in trial tests, and 3,187 employees were involved in online training. The initial phase of the project is 74% completed. The analysis of the preliminary results showed a decrease in the risks that could lead to information leakage at the respective levels (in the low risk category - 3%, in the medium risk category - 15%, in the risky category - 60%, in the high risk category - 72%).

news-1-6.png


In order to strengthen the attention and control of information security against information leakage in state institutions, 90 state institutions have prepared and approved their internal information security guidelines for implementation based on the exemplary policy prepared by the Information Security Coordination Commission and presented to state institutions.

news-1-7.png


State institutions that have received letters of thanks from our Service for their active participation in ensuring information security by quickly responding to notifications, inquiries, investigation of incidents, audit-pentest results on information security sent through the "Electronic Request System", an information exchange platform with state institutions:

news-1-8.png