In the realm of cybersecurity, Uzbekistan faced a significant challenge last year, with more than 11.2 mn cyber attacks targeting web resources within the country. This statistic was revealed by the Center for Cyber Security, shedding light on the growing threat landscape faced by the nation's digital infrastructure.
An analysis of the geographical origins of these cyber attacks in 2023 revealed some notable trends. The Netherlands emerged as a prominent source, with 759.5 thousand attacks originating from IP addresses in the region. Following closely behind were the United States, Russia, Germany, India, and China, each contributing significantly to the volume of cyber threats faced by Uzbekistan.
Delving deeper into the nature of these attacks, it became evident that various vulnerabilities in web resources served as entry points for cybercriminals. Among the identified vulnerabilities were:
- Lack of verification and filtering of user content: This oversight allowed malicious actors to exploit weaknesses in the system, enabling them to inject harmful content or execute unauthorized actions.
- Coding vulnerabilities: Vulnerabilities in PHP plugins and other coding frameworks provided avenues for attackers to exploit flaws in the underlying code, compromising the integrity and security of web applications.
- Cross-Site Request Forgery (CSRF) vulnerabilities: CSRF attacks leveraged the trust between a user's browser and a web application to execute unauthorized actions on behalf of the user, often leading to data breaches or unauthorized transactions.
- Weak password protection: Inadequate password policies and weak authentication mechanisms made it easier for attackers to gain unauthorized access to sensitive accounts and data.
Until April 15, 2022, Uzbekistan lacked a specific law addressing cybersecurity issues. However, various laws already in effect touched upon general cybersecurity matters related to telecommunications and internet security. The Law of the Republic of Uzbekistan No. RK-764, enacted on April 15, 2022, marked the country's first comprehensive legislation dedicated solely to cybersecurity. Despite its enactment, this law has yet to fully consolidate provisions from several sector-specific laws.
The Law on Cybersecurity primarily focuses on delineating the powers of the State Security Service of Uzbekistan (DXX) without providing detailed mechanisms for their implementation. It stipulates that such mechanisms should either be regulated by existing legislation or developed by the regulatory authority. Notably, the law introduced key concepts and consolidated essential cybersecurity regulations previously dispersed across sector-specific laws and presidential and governmental decrees.
Follow Daryo's official Instagram and Twitter pages to keep current on world news.
Comments (0)