Regulatory Agency for Electronic Communications and Postal Services along with its National CERT (SRB-CERT) is celebrating October, the European and global cyber security month, with a campaign "Active and Safe on the Internet". This campaign promotes the importance of information security to citizens, state organizations, public and private companies and aims to raise awareness and change behavioral patterns by providing basic information to all Internet users about available protection measures while being online.

As part of the Cyber Security Month, RATEL i.e. National CERT will hold a set of workshops intended for different user profiles, such as "Improvement of protection measures for safe Internet business" designed for small and medium enterprises in the Republic of Serbia (promotion of the Safety Act model), in cooperation with Serbian Chamber of Commerce.

In cooperation with NALED, with the participation of the Ministry of Trade, Tourism and Telecommunications and the Office for Information Technologies and e-Government, workshops are organized for local self-government units (Kragujevac, Belgrade, Niš, Novi Sad).

By means of the workshop titled "Active and Safe on the Internet", intended for the press and media companies in the Republic of Serbia, National CERT informs the journalists about current security risks on the Internet.

According to the National CERT's statistical data, the most frequent attack types remain phishing (in the region, different phishing campaigns in the banking sector are currently under way) and ransomware, followed by cryptomining and theft and leakage of personal and business data.

Cyber crime activities such as phishing, ransomware, data breach, DDoS and cryptomining account for 81.7% of the malware content, cyber espionage for 16%, while cyber warfare and hacktivism account for 1.2%  each.

The Regulatory Agency for Electronic Communications and Postal Services, in its capacity of the National CERT of the Republic of Serbia, will mark this year's international Cybersecurity Month with a campaign entitled “Knowledge is power”.

The cybersecurity month is celebrated throughout the world, while in Europe it was first observed in 2012, with the slogan „Cybersecurity is a common responsibility", uniting the European countries in their combat against cyber threats. Ever since, this capmaign has yearly promoted not only a safer and more responsible online behaviour, but also introduced trainings and seminars aimed at educating end-users, preparing them for ever-emerging challenges. In 2019, the year when the Republic of Serbia joined in, 525 activities were recorded in 36 countries.

This year's campaign „Knowledge is power“ kicks off with a workshop for the media representatives, with presentations on current cyber news, events and advices on how to prevent the most frequent cyber attacks and threats.

A webinar for the small and medium-sized enterprises will provide information about legal regulations in the area of cyber security, current free tools and recommendations for a safe work and reduced business risk. The webinar is set to take place on October 15, 2020, whereas all interested parties can apply by email (office@cert.rs).

In order to raise awareness on the issue of cybersecurity, the National CERT regularly updates its website with news, notifications, recommendations, publications and brochures on best prevention measures and practices against security risks, including information about current cyber threats to citizens, companies and governmental bodies. Since the beginning of the COVID-19 pandemic, the National CERT's recommendations have been focused on how to safely work from home and maintain cybersecurity, with the following brochures being published: Safety recommendations for remote workers, VPN access for small and medium-sized enterprises, Abuse of COVID-19 pandemic in cyberspace, Social engineering, How to reduce the risk of receiving phishing emails (SPF, DMARC, DKIM), Compromised business emails – all of which can be found in the Publications segment of the website. In addition, a promotional video has been created, to be available soon on the same platform.

The National CERT invites you to follow the prepared content featuring as part of the „Knowledge is power“ campaign, as well as on social media.

The Regulatory Agency for Electronic Communications and Postal Services, in its capacity of the National CERT of the Republic of Serbia, will mark this year's international Cybersecurity Month with a campaign entitled “Knowledge is power”.

The cybersecurity month is celebrated throughout the world, while in Europe it was first observed in 2012, with the slogan „Cybersecurity is a common responsibility", uniting the European countries in their combat against cyber threats. Ever since, this capmaign has yearly promoted not only a safer and more responsible online behaviour, but also introduced trainings and seminars aimed at educating end-users, preparing them for ever-emerging challenges. In 2019, the year when the Republic of Serbia joined in, 525 activities were recorded in 36 countries.

This year's campaign „Knowledge is power“ kicks off with a workshop for the media representatives, with presentations on current cyber news, events and advices on how to prevent the most frequent cyber attacks and threats.

A webinar for the small and medium-sized enterprises will provide information about legal regulations in the area of cyber security, current free tools and recommendations for a safe work and reduced business risk. The webinar is set to take place on October 15, 2020, whereas all interested parties can apply by email (office@cert.rs).

In order to raise awareness on the issue of cybersecurity, the National CERT regularly updates its website with news, notifications, recommendations, publications and brochures on best prevention measures and practices against security risks, including information about current cyber threats to citizens, companies and governmental bodies. Since the beginning of the COVID-19 pandemic, the National CERT's recommendations have been focused on how to safely work from home and maintain cybersecurity, with the following brochures being published: Safety recommendations for remote workers, VPN access for small and medium-sized enterprises, Abuse of COVID-19 pandemic in cyberspace, Social engineering, How to reduce the risk of receiving phishing emails (SPF, DMARC, DKIM), Compromised business emails – all of which can be found in the Publications segment of the website. In addition, a promotional video has been created, to be available soon on the same platform.

The National CERT invites you to follow the prepared content featuring as part of the „Knowledge is power“ campaign, as well as on social media.

The National CERT of the Republic of Serbia wishes to inform the public that a new phishing campaign against users of postal services is under way, during which the users can receive an email notification about the arrival of the user‘s parcel, which supposedly could not be delivered due to an unpaid customs fee in the amount of 36.14 dinars. The message is sent from a fake address: Post of Serbia ''Postas@’’@posta.rs, with an email subject: Your parcel could not be delivered on April 7, 2021 due to unpaid customs fee in the amount of 36.14 RSD. The email further asks the user to click on the link stating ''In order to confirm delivery of your parcel, please click here'', after which the user is to receive a delivery confirmation email or SMS for the item. By clicking on the offered link, the user is then transferred to a fake page posing as the Post of Serbia online payment page, where the following personal data are required to be entered: credit card number, name and surname, credit card expiry date and CVV2/CVC2 numbers. All the information supplied by the user on the fake form/page can end up being abused.

The National CERT advises all users who have possibly received similar emails neither to open them, nor to disclose their personal details, but to delete such emails permanently.

The National CERT of the Republic of Serbia wishes to inform the public that a new phishing campaign targeting the users of postal services is under way.

An e-mail is sent to the users, containing a false information about an unsuccessful delivery attempt. The e-mail, entitled “Upgade your delivery address,” is sent from various addresses, along with a request to fill in the user’s personal information by clicking on one of the two offered links – “Arrange delivery to this address” and “Upgade your delivery address.”

Both of the links lead to a phishing page featuring a fake logo of the “Post of Serbia” and a request to provide personal data. All the information supplied by the user on the fake form/page can end up being abused.

The National CERT advises its users who have possibly received similar e-mails neither to open them, nor to disclose their personal details, but to delete such e-mails permanently.

RATEL’s classroom hosted the first national cyber drill for the key stakeholder institutions in the Republic of Serbia, held on 8 June, within the project “Norway for you – Serbia”. Cyberbit/Cyber Range platform, donated as part of the project financed by the Kingdom of Norway and implemented by UNOPS, is intended for national cyber drills, mainly focused on the capacity building of the members of the national CERT community.

Participants of the drill were able to practice the defence from Keylogger malware, designed to record any input from the keyboard, used to steal personal or financial information. During the attack, the attacker gains access to a workstation within the network of the organisation, and laterally moves to the domain controller to install malware processes.

The defence from such attacks is particularly important, since the most frequent attacks in our country in 2020 included phishing, ransomware, trojans and other malware. Phishing is mainly used to distribute malware, e-mail being the principal way of attack, although the attacks are increasingly taking place via social networks, chat apps, text messages or phone calls.

Work in a hyper realistic cyber-attack simulation enables the participants of the exercise to improve their skills before the actual attack takes place, which is vital to the defence from cyber-attacks that have become increasingly sophisticated and difficult to detect.

The platform donated by the Kingdom of Norway is a cutting-edge platform designed for developing the skills necessary for cyber-attack detection and recovery, which will largely contribute to the resilience of the information security of the Republic of Serbia.

The National CERT warns the public that the scam directed against e-commerce platform users has been intensified in the past two weeks. This abuse targets the advertisers, contacted through an application by the supposed buyers interested in specific advertized products.

The communication is usually made via Viber, in bad Serbian, using contact telephone numbers mainly from abroad, with Ukranian numbers currently being the most popular.

The supposed buyer starts the conversation by asking the advertizer if the product is still available and if the purchase can be made online. Then, a link is provided to them on behalf of a supposed e-commerce platform administrator, along with an explanation that the supposed buyer has already made a payment via an application and that the advertizer is now required to follow a link leading to a page where credit card number and CVV number are to be entered in the offered field, so that the payment for the product could be supposedly finalized. Occasionally, the supposed buyer asks the advertizer additionally for the codes the latter gets while filling in the form. As soon as the advertizer enters the data and delivers the codes, the funds from their bank account get withdrawn, after which the fraudster leaves the conversation, blocking any further contact.

The National CERT advises all e-commerce platform users to be extremely vigilant when asked to disclose their personal bank account data, and to pay special attention to payment conditions on the platforms they use.

This very frequent phishing type of abuse is preventable by knowledge. Learn how to recognize phishing attacks and do not let yourself become an easy target.

Video

Brochure

The National CERT actively participated in the Fourth Regional Conference „Risks of the New Age: Sustainability and Resilience“, which took place on June 1, 2023 in the Hyatt Hotel in Belgarde. On that occasion, the National CERT took part in a panel titled „Cybersecurity“, also attended by the representaives of the Financial CERT and telecommunication company A1, where a discussion was held about most common types of cyber attacks and their impact on the businesses in Serbia. Some of the topics discussed at the panel were:

• For a second year in a row, cyber risks have been identified as a major threat on the list of business risks. Why?
• Does cyber crime intensify in the time of crisis?
• Why are Serbian companies increasingly targeted?
• Most frequent and most costly cyber frauds (social engineering) and how to recognize them?
• Cyber attacks on IT systems – ways of prevention, defense and recovery.

According to an Allianz risk research, cyber incident risks have been on the top of the list of business threats for a second year in a row, emphasizing the importance of cybersecurity. This study has been carried out since 2012. Whether it involves hacker attacks on a system or a system „intrusion“ due to the lack of human attention, or whether it be data theft or business interruption, it has been causing a constantly increasing average loss per company, reaching 4.35 million dollars of damage in 2022. The panel pointed to a growing number of social engineering attacks, among which phishing and ransomware, whereby the attacker, after an unauthorized access to resources, locks the victim’s valuable data, claiming a ransom. As a conclusion, it was explained how to detect a phishing attack in an environment of an ever- increasing use of artificial intelligence.