Notifications

7. December 2021

30. November 2021

Phishing campaign abusing COVID-19 pandemic

The National CERT wishes to inform all Internet users that a phishing campaign abusing the COVID-19 pandemic and current situation pertaining to Digital green certificates is under way. This phishing campaign is usually being carried out via e-mail messages.

The phishing message contains a link to download an e-document on vaccination, instructing the user to click on the link and download a supposed Digital green certificate. The e-mail sender is certain Zorica Torlak, Head of Pharmacy Service Belgrade.

The legitimate issuer of the Digital green certificate in the Republic of Serbia is the Office for IT and e-Government, therefore the National CERT urges the users to pay attention if they receive any similar suspicious e-mail message offering the Digital green certificate, not to open it, but to delete it immediately.

An example of the phishing e-mail can be viewed below:

 

1. October 2021

October – Cybersecurity Month

The Regulatory Agency for Electronic Communications and Postal Services, in its capacity of the National CERT of the Republic of Serbia, continue to mark the international Cybersecurity Month with its campaign “Knowledge is power”.

The cybersecurity month is celebrated throughout the world, while in Europe it was first observed in 2012, with the slogan „Cybersecurity is a common responsibility", uniting the European countries in their combat against cyber threats. Ever since, this campaign has yearly promoted not only a safer and more responsible online behaviour, but also introduced trainings and seminars aimed at educating end-users, preparing them for ever-emerging challenges.

This year’s National CERT’s campaign includes a webinar dedicated to small and medium enterprises (SMEs), continues with a webinar for the employees of the Regulatory Agency for Electronic Communications and Postal Services and ends with a workshop dedicated to media companies. 

The webinar for small and medium-sized enterprises will provide information about latest news and events in the area of cyber security, free tools that can be useful in the everyday SME business activities and recommendations for a safe work and reduced business risk. The webinar is set to take place on October 20, 2021 and all interested SMEs can apply by email: office@cert.rs.

In order to raise citizens’ awareness on the issue of cybersecurity, the National CERT regularly updates its website with news, notifications, recommendations, publications and brochures on best prevention measures and practices against security risks, including information about current cyber threats to all target groups – citizens, companies and governmental bodies. The above material is available to users on the following page: https://www.cert.rs/en/publikacije.html.

22. September 2021

Fraud on e-commerce platforms

The National CERT warns the public that the scam directed against e-commerce platform users has been intensified in the past two weeks. This abuse targets the advertisers, contacted through an application by the supposed buyers interested in specific advertized products.

The communication is usually made via Viber, in bad Serbian, using contact telephone numbers mainly from abroad, with Ukranian numbers currently being the most popular.

The supposed buyer starts the conversation by asking the advertizer if the product is still available and if the purchase can be made online. Then, a link is provided to them on behalf of a supposed e-commerce platform administrator, along with an explanation that the supposed buyer has already made a payment via an application and that the advertizer is now required to follow a link leading to a page where credit card number and CVV number are to be entered in the offered field, so that the payment for the product could be supposedly finalized. Occasionally, the supposed buyer asks the advertizer additionally for the codes the latter gets while filling in the form. As soon as the advertizer enters the data and delivers the codes, the funds from their bank account get withdrawn, after which the fraudster leaves the conversation, blocking any further contact.

The National CERT advises all e-commerce platform users to be extremely vigilant when asked to disclose their personal bank account data, and to pay special attention to payment conditions on the platforms they use.

This very frequent phishing type of abuse is preventable by knowledge. Learn how to recognize phishing attacks and do not let yourself become an easy target.

Video

Brochure

30. June 2021

SMS scam targeting postal service users

The National CERT warns all postal service users of an ongoing scam against „Pošta Srbije“. The users are sent an SMS informing them about a supposedly incoming order for which it is necessary to pay due costs.

The link from the message redirects the user to a fake page where he/she is asked to enter their personal credit card data, which then enables the attackers to empty the bank account. The fake page visually mimics the legitimate page of „Pošta Srbije“, although a random combination of English and Serbian languages, as well as latin and cyrillic alphabets is noticeable.

The Public Enterprise „Pošta Srbije“ has informed the public that it does not communicate with its users in such a manner and that special attention is solicited with respect to this issue.

The National CERT urges all users who have received similar SMS not to open the link from the message nor to enter the required data.

You can report this scam to „Pošta Srbije“ through their call center numbers 0700 100 300 and 011 3607 788, from 8h to 20h on weekdays, and from 8h to 15h at weekends, as well as to the National CERT.

 

7. June 2021

Phishing scam attempt

The National CERT of the Republic of Serbia wishes to inform all Internet users of a new ongoing phishing campaign titled „**SPAM** Ulazak u sistem je uspešno završen, svi podaci sa Vašeg uredaja su kopirani. Pročitajte uputstva dalje.“ The phishing message further reads a threatening information about all the user’s data having been copied and locked, and even a video caption of the user been taken, including all of his/her social network contacts. In exchange for the „recovery“ of the stolen data, a Bitcoin payment in the amount of 1400 USD within 50 hours is requested. The message itself does not contain a fake link, but fraudulently influences the user to willingly make a payment in order to recover their data.

The National CERT recommends that all such emails be deleted. Careful scrutiny of similar incoming messages makes it harder for the attackers to take advantage of your lack of attention on the Internet. Users are advised to be particularly watchful when receiving emails from unknown senders, containing grammatical errors, where an immediate action is required from them.

9. April 2021

Phishing campaign against users of postal services

The National CERT of the Republic of Serbia wishes to inform the public that a new phishing campaign against users of postal services is under way, during which the users can receive an email notification about the arrival of the user‘s parcel, which supposedly could not be delivered due to an unpaid customs fee in the amount of 36.14 dinars. The message is sent from a fake address: Post of Serbia ''Postas@’’@posta.rs, with an email subject: Your parcel could not be delivered on April 7, 2021 due to unpaid customs fee in the amount of 36.14 RSD. The email further asks the user to click on the link stating ''In order to confirm delivery of your parcel, please click here'', after which the user is to receive a delivery confirmation email or SMS for the item. By clicking on the offered link, the user is then transferred to a fake page posing as the Post of Serbia online payment page, where the following personal data are required to be entered: credit card number, name and surname, credit card expiry date and CVV2/CVC2 numbersAll the information supplied by the user on the fake form/page can end up being abused.

The National CERT advises all users who have possibly received similar emails neither to open them, nor to disclose their personal details, but to delete such emails permanently.

 

3. March 2021

Abuse of e-commerce platforms

The National CERT warns the public of a scam directed against e-commerce platform users. This abuse targets the advertisers, contacted through an application by the supposed buyers interested in specific products. The communication is made in bad Serbian, with contact telephone numbers usually from abroad. The advertisers are asked to answer if the product is available, following which a link is provided to them on behalf of a supposed platform administrator, along with an explanation that the supposed buyer has already purchased the product via an application and that the advertiser is now required to enter their credit card number and CVV number in the offered field, so that the payment to the advertiser can be finalized. As soon as the advertiser enters the data, the funds from their bank account are transferred to the bank account of the supposed buyer, after which the latter leaves the conversation, blocking any further contact.

The National CERT advises all e-commerce platform users to be vigilant when asked to disclose their personal bank account data and to pay special attention to payment conditions on the platforms they use.

More on safe e-commerce activities can be found here.

1. March 2021

ICT Systems – submitting of statistical reports

The National CERT of the Republic of Serbia wishes to inform all operators of ICT  systems of special importance that, in the period between January 1, 2021 and February 28, 2021, the entry of statistical data on all incidents for the previous year will be made available through a web form created for this purpose, accessible to the ICT systems registered users at this link. The statistical data to be submitted should relate to incidents that have not significantly compromised the ICT systems’ operation over the last year, as set forth in the Law on Information Security (Article 6a, paragraph 1, Item 7).

For all information regarding access and entry of data, as well as other questions pertaining to the above activity, all registered ICT systems users are welcome to write to us at statistika@cert.rs

25. December 2020

Solar Winds Cyberattack

In mid-December Solar Winds suffered a highly sophisticated cyberattack causing public concern. The company is a leader in monitoring and management software. This was a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware. The attacker gained backdoor access to victims via trojanized updates. In this way the attackers gained access to organizations worldwide, including the US Finance, Trade and Energy Departments, US National Security Agency, National Nuclear Security Administration and several State Department networks.

Suspecting a massive cyber espionage financed by a foreign government, the US Cybersecurity and Infrastructure Security Agency published the Emergency Directive with instructions to Mitigate SolarWinds Orion Code Compromise.

So far, there are around 18000 confirmed cases of users who installed the infected updates.

SolarWinds published a Security Advisory for users of Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to urgently upgrade to Orion Platform version 2020.2.1 HF 2, and the users of Orion Platform v2019.4 HF 5 to urgently upgrade to Orion Platform 2019.4 HF 6.

This attack was very sophisticated since it installed malicious software during standard updates, published in March this year and identified by FireEye company a couple of months later. Also, Microsoft, as the products user, announced that malware software was identified and successfully isolated and eliminated. No indicators of access to development services or user data have been found, nor the evidence that the company products had been used for further spread of malware.

Recovery recommendations are highly demanding and require extraordinary competence of experts, more information is available here  

 

Useful links:

Microsoft-Cyberattacks-cybersecurity-solarwinds-fireeye

Thehackernews.com-microsoft-says-its-systems-were

Reuters- us-usa-cyber-breach

The website www.cert.rs uses cookies for improvement of user experience and website functionality. By continuing to browse this website, you agree to the use of cookies.

Details