The Cyber Security Center has published a report on “Ensuring cyber security in the Republic of Uzbekistan” for 2021. It reveals threats in cyberspace, recommendations for their protection, and a number of statistics.
It was reported that as of 2021, 100,015 domains were registered in the national Internet segment “.uz” in Uzbekistan, of which 38,000 were active. Only 14,000 active domains have a security certificate.
The Center has identified more than 17 million cases of malicious and suspicious network activity in the national segment in 2021. Most of these activities, or 76%, are bot-network participants.
More than 1.3 million cyberattacks on websites in the national segment of the Internet have also been detected and eliminated using the Center’s web application protection system.
The largest number of cyberattacks took place in Uzbekistan, Russia, Germany, the United Kingdom and the United States.
It was reported that as part of the safe operation of government websites (round-the-clock monitoring of incidents) in 2021, 636 security incidents were detected. This is about 1 million 48 thousand 216 minutes of inactivity (suspension) of the websites of state and economic administration bodies, local state authorities and other organizations.
As a result of monitoring of cybersecurity incidents against “Uz” domain zone websites, 444 incidents were registered, the most of which were unauthorized content downloads – 341 and unauthorized changes to the main page (Deface) – 89.
An analysis of the incidents shows that public sector websites (134 incidents) were 3 times less attacked than the private sector (310 incidents).
In 2021, 989 cybersecurity vulnerabilities were reported to the owners of information resources as a result of research and expertise. In particular:
- 683 of them are extremely dangerous;
- 271 are at medium risk;
- 24 are at low risk.
The Center for Cyber Security has made the following recommendations:
1. Use of licensed and certified operating systems and applications.
2. Regularly update the latest versions of existing operating systems, software and security components.
3. Use security plugins with the functions of searching for, removing and protecting against malware in the future.
4. Regularly back up databases, files, mail, etc.
5. Delete unused plugins;
6. Enhance password-based authentication;
7. Use devices (computers, tablets) with antivirus software with updated virus databases when accessing information systems or websites.
8. Carry out examinations of compliance of information systems and resources with the requirements of information security.
9. Continuous improvement of skills and knowledge of users (employees) in the field of information and communication technologies and information security, etc.
For information, on January 26 this year, the Legislative Chamber of Oliy Majlis considered the draft law “On Cyber Security”.
The law, initiated by the State Security Service, is necessary due to the growing threats to digital data security, threats to the interests of the state and society, as well as the personal rights of citizens.
At the regular plenary session of the Legislative Chamber of Oliy Majlis on February 25, the law “On Cyber Security” was adopted in the third reading.
The press service of the lower house said that the adoption of the bill will serve to regulate cybersecurity by the state, ensure the integrity of information systems and resources, prevent unauthorized actions, deletion, alteration, tampering, tampering, copying, blocking and illegal interference in information systems and networks.
The text of the draft law “On Cyber Security” has not been publicized.
