Turkmenistan becomes latest country to beef up its laws

ANALYSIS Turkmenistan has become the latest central Asian nation to beef up its cybersecurity laws, in an effort to deal with high levels of cybercrime in the region.

New legislation passed this month by president Gurbanguly Berdimuhamedov is aimed at protecting national infrastructure, businesses and individuals, and includes plans for international cooperation, as well as collaboration with local security firms.

It's a long-awaited move, bringing the country into the same fold as Uzbekistan, Kazakhstan, and Kyrgyzstan, all of which already have legal and regulatory cybersecurity frameworks and guidelines for implementing national cybersecurity strategies.

Kazakhstan, for example, launched its Cyber Shield Kazakhstan program in 2017, opening a cybersecurity center and producing funding for cyber education and awareness programs. Since then, its ranking in the UN-led Global Cybersecurity Index has jumped from 82nd to 40th.

It's not all been plain sailing though, with the country's banks badly hit by criminally-motivated cyber-attacks. 

This has included phishing attacks targeting online bank accounts, as well as other more exotic forms of attack – in 2016 Kazakhstan’s Alfa-Bank was hit by ransom-driven distributed denial-of-service (DDoS) attacks, for instance.

And, according to Kaspersky, Kazakhstan ranks in the top ten when it comes to the share of users attacked by mobile ransomware trojans, ransomware trojans, and miners.

“Cyber-attacks are fixed every second and their number is growing. We fixed one billion such attacks in 2016,” Ruslan Abdikalikov of Kazakhstan’s Ministry of Defence and Aerospace Industry commented last year.

“There were 20 billion attacks on Kazakhstan last year, on the state information structures. Nobody knows how many attacks business faces.”

Further down the Silk Road

Elsewhere, says Kaspersky, Uzbekistan is the second-most targeted country in the world by ransomware, with a staggering 6% of users targeted in the second quarter of this year.

The country's government is trying to push back the tide. Uzbekistan recently published a draft resolution on securing critical infrastructure, and is working with other countries in the region, as well as developing public-private partnerships, some with foreign companies.

Attacks are frequent across central Asia as a whole – a bank in Kyrgyzstan was hit this summer through spear-phishing emails, and the Silence hacker group has been targeting ATMs in Kyrgyzstan, Tajikistan, Turkmenistan, and Uzbekistan, in addition to Kazakhstan.

An increasing number of computers are also being hijacked by the Cobalt hacking group, a cybergroup group that specializes in hacking ATM-controlling servers or card-processing systems and stole an estimated $600,000 from a bank in Kazakhstan.

Cyber-espionage enters the fray

According to a Kaspersky spokesperson, many cyberattacks in the central Asian countries originate in Russia or China and have a ‘political agenda’.

TajMahal, for example, had just a single identifiable victim - a ‘diplomatic entity’ in the region. The firm suggests there may be more.

Meanwhile, according to the spokesperson, LuckyMouse targeted central Asian government entities and, he says, coincided with certain high-level meetings.

Kaspersky warns that similar attacks are likely to continue.

RELATED Global governments demonstrate rising commitment to cybersecurity