Tha National CERT of the Republic of Serbia wishes to inform and warn all users that a Viber phishing campaign is under way, recognizable by links beginning with hypertext “https://www.viber.com/activate_secondary/.“ Should you receive such message, the National CERT recommends you not to click on the link, otherwise you could compromise your Viber account.

The click on the link enables the attacker to add their device as one of the legitimate devices your personal access to Viber is authorized from. This means the attacker can read your messages, access your contact list and assume your identity.

Tips to stay protected:

• Do not open suspicious links.
• If you receive an unusual text or a message with an unexpected link, do not open it.
• Confirm the source: If a link is sent to you by some of your contacts, check with that person by other communication channel if they really intended to send you the link.
• Use official links: Always use an official web location or Viber app for all necessary activities concerning your account.
• Update your Viber app regularly.

What to do if your account gets compromised?

If that happens, you are advised to disable access to your Viber account on other devices (PCs or tablets), by taking the following steps:

• Open the Viber app on your mobile device.
• Select option More at the bottom right part of the screen in order to access the menu.
• Select option Settings in order to access the settings menu.
• Select Account.
• By selecting Desktop and Tablets, you will be able to access the list of devices where your Viber account is active.
• From the list you should select the device you wish to deactivate.
• Confirm deactivation when asked to.

By applying the above steps, you will be able to remove your Viber account from the selected devices and thus disable the use of your account on them.

The Kaspersky Lab has detected a new type of malicious software called Rakhni Trojan (Trojan-Ransom.Win32.Rakhni). This type of malicious software has multifunctional abilities. It can be run as ransomware, crypto-miner or net-worm depending on the attacker's decision. Initially, it runs content checks on the victim's PC after which the attacker triggers one of the three possible options.

This type of malicious software emerges on the territory of Russia and spreads further via spam and phishing campaigns. It contains e-mails with fake corporate financial documents. Once they have opened the e-mail, users get instructions on how to open the attached PDF file. By clicking on the PDF, the victim launches an executable file written in Delphi which uses a fake Adobe Systems Incorporated digital signature.

If an attacker decides to launch the ransomware option, the user will receive a MESSAGE.txt file with the ransom request (please visit decryption tools).

If an attacker decides to start the crypto-mining option, a VBS script will start mining Monero and Dashcoin cryptocurrency.

If the previous two options are not suitable, the attacker may decide to run net-worm option which allows the Trojan to copy itself on all computers of the local network.

For more details please visit: threatpost.com

The National CERT of the Republic of Serbia wishes to inform the public that a new phishing campaign targeting the users of postal services is under way.

An e-mail is sent to the users, containing a false information about an unsuccessful delivery attempt. The e-mail, entitled “Upgade your delivery address,” is sent from various addresses, along with a request to fill in the user’s personal information by clicking on one of the two offered links – “Arrange delivery to this address” and “Upgade your delivery address.”

Both of the links lead to a phishing page featuring a fake logo of the “Post of Serbia” and a request to provide personal data. All the information supplied by the user on the fake form/page can end up being abused.

The National CERT advises its users who have possibly received similar e-mails neither to open them, nor to disclose their personal details, but to delete such e-mails permanently.

Regulatory Agency for Electronic Communications and Postal Services along with its National CERT (SRB-CERT) is celebrating October, the European and global cyber security month, with a campaign "Active and Safe on the Internet". This campaign promotes the importance of information security to citizens, state organizations, public and private companies and aims to raise awareness and change behavioral patterns by providing basic information to all Internet users about available protection measures while being online.

As part of the Cyber Security Month, RATEL i.e. National CERT will hold a set of workshops intended for different user profiles, such as "Improvement of protection measures for safe Internet business" designed for small and medium enterprises in the Republic of Serbia (promotion of the Safety Act model), in cooperation with Serbian Chamber of Commerce.

In cooperation with NALED, with the participation of the Ministry of Trade, Tourism and Telecommunications and the Office for Information Technologies and e-Government, workshops are organized for local self-government units (Kragujevac, Belgrade, Niš, Novi Sad).

By means of the workshop titled "Active and Safe on the Internet", intended for the press and media companies in the Republic of Serbia, National CERT informs the journalists about current security risks on the Internet.

According to the National CERT's statistical data, the most frequent attack types remain phishing (in the region, different phishing campaigns in the banking sector are currently under way) and ransomware, followed by cryptomining and theft and leakage of personal and business data.

Cyber crime activities such as phishing, ransomware, data breach, DDoS and cryptomining account for 81.7% of the malware content, cyber espionage for 16%, while cyber warfare and hacktivism account for 1.2%  each.

The Regulatory Agency for Electronic Communications and Postal Services, in its capacity of the National CERT of the Republic of Serbia, will mark this year's international Cybersecurity Month with a campaign entitled “Knowledge is power”.

The cybersecurity month is celebrated throughout the world, while in Europe it was first observed in 2012, with the slogan „Cybersecurity is a common responsibility", uniting the European countries in their combat against cyber threats. Ever since, this capmaign has yearly promoted not only a safer and more responsible online behaviour, but also introduced trainings and seminars aimed at educating end-users, preparing them for ever-emerging challenges. In 2019, the year when the Republic of Serbia joined in, 525 activities were recorded in 36 countries.

This year's campaign „Knowledge is power“ kicks off with a workshop for the media representatives, with presentations on current cyber news, events and advices on how to prevent the most frequent cyber attacks and threats.

A webinar for the small and medium-sized enterprises will provide information about legal regulations in the area of cyber security, current free tools and recommendations for a safe work and reduced business risk. The webinar is set to take place on October 15, 2020, whereas all interested parties can apply by email (office@cert.rs).

In order to raise awareness on the issue of cybersecurity, the National CERT regularly updates its website with news, notifications, recommendations, publications and brochures on best prevention measures and practices against security risks, including information about current cyber threats to citizens, companies and governmental bodies. Since the beginning of the COVID-19 pandemic, the National CERT's recommendations have been focused on how to safely work from home and maintain cybersecurity, with the following brochures being published: Safety recommendations for remote workers, VPN access for small and medium-sized enterprises, Abuse of COVID-19 pandemic in cyberspace, Social engineering, How to reduce the risk of receiving phishing emails (SPF, DMARC, DKIM), Compromised business emails – all of which can be found in the Publications segment of the website. In addition, a promotional video has been created, to be available soon on the same platform.

The National CERT invites you to follow the prepared content featuring as part of the „Knowledge is power“ campaign, as well as on social media.

The Regulatory Agency for Electronic Communications and Postal Services, in its capacity of the National CERT of the Republic of Serbia, will mark this year's international Cybersecurity Month with a campaign entitled “Knowledge is power”.

The cybersecurity month is celebrated throughout the world, while in Europe it was first observed in 2012, with the slogan „Cybersecurity is a common responsibility", uniting the European countries in their combat against cyber threats. Ever since, this capmaign has yearly promoted not only a safer and more responsible online behaviour, but also introduced trainings and seminars aimed at educating end-users, preparing them for ever-emerging challenges. In 2019, the year when the Republic of Serbia joined in, 525 activities were recorded in 36 countries.

This year's campaign „Knowledge is power“ kicks off with a workshop for the media representatives, with presentations on current cyber news, events and advices on how to prevent the most frequent cyber attacks and threats.

A webinar for the small and medium-sized enterprises will provide information about legal regulations in the area of cyber security, current free tools and recommendations for a safe work and reduced business risk. The webinar is set to take place on October 15, 2020, whereas all interested parties can apply by email (office@cert.rs).

In order to raise awareness on the issue of cybersecurity, the National CERT regularly updates its website with news, notifications, recommendations, publications and brochures on best prevention measures and practices against security risks, including information about current cyber threats to citizens, companies and governmental bodies. Since the beginning of the COVID-19 pandemic, the National CERT's recommendations have been focused on how to safely work from home and maintain cybersecurity, with the following brochures being published: Safety recommendations for remote workers, VPN access for small and medium-sized enterprises, Abuse of COVID-19 pandemic in cyberspace, Social engineering, How to reduce the risk of receiving phishing emails (SPF, DMARC, DKIM), Compromised business emails – all of which can be found in the Publications segment of the website. In addition, a promotional video has been created, to be available soon on the same platform.

The National CERT invites you to follow the prepared content featuring as part of the „Knowledge is power“ campaign, as well as on social media.

The National CERT of the Republic of Serbia wishes to inform the public that a new phishing campaign against users of postal services is under way, during which the users can receive an email notification about the arrival of the user‘s parcel, which supposedly could not be delivered due to an unpaid customs fee in the amount of 36.14 dinars. The message is sent from a fake address: Post of Serbia ''Postas@’’@posta.rs, with an email subject: Your parcel could not be delivered on April 7, 2021 due to unpaid customs fee in the amount of 36.14 RSD. The email further asks the user to click on the link stating ''In order to confirm delivery of your parcel, please click here'', after which the user is to receive a delivery confirmation email or SMS for the item. By clicking on the offered link, the user is then transferred to a fake page posing as the Post of Serbia online payment page, where the following personal data are required to be entered: credit card number, name and surname, credit card expiry date and CVV2/CVC2 numbers. All the information supplied by the user on the fake form/page can end up being abused.

The National CERT advises all users who have possibly received similar emails neither to open them, nor to disclose their personal details, but to delete such emails permanently.

RATEL’s classroom hosted the first national cyber drill for the key stakeholder institutions in the Republic of Serbia, held on 8 June, within the project “Norway for you – Serbia”. Cyberbit/Cyber Range platform, donated as part of the project financed by the Kingdom of Norway and implemented by UNOPS, is intended for national cyber drills, mainly focused on the capacity building of the members of the national CERT community.

Participants of the drill were able to practice the defence from Keylogger malware, designed to record any input from the keyboard, used to steal personal or financial information. During the attack, the attacker gains access to a workstation within the network of the organisation, and laterally moves to the domain controller to install malware processes.

The defence from such attacks is particularly important, since the most frequent attacks in our country in 2020 included phishing, ransomware, trojans and other malware. Phishing is mainly used to distribute malware, e-mail being the principal way of attack, although the attacks are increasingly taking place via social networks, chat apps, text messages or phone calls.

Work in a hyper realistic cyber-attack simulation enables the participants of the exercise to improve their skills before the actual attack takes place, which is vital to the defence from cyber-attacks that have become increasingly sophisticated and difficult to detect.

The platform donated by the Kingdom of Norway is a cutting-edge platform designed for developing the skills necessary for cyber-attack detection and recovery, which will largely contribute to the resilience of the information security of the Republic of Serbia.

The National CERT of the Republic of Serbia wishes to inform the citizens that a new phishing campaign is under way, which abuses the name of the National Bank of Serbia. Phishing attempts are initiated from Facebook page named ’’NBS’’, mimicking the legitimate web page of the National Bank of Serbia, whereby the citizens are offered a false possibility to double their Dina Card balance, if they provide required information.

The message reads:

Since the phishing page is created with an intent to collect citizens’ personal data, the advertized reward being fraudulent and not associated in any way with the National Bank of Serbia, the National CERT urges the citizens not to disclose their personal information.

Notification and recommendations of National Bank of Serbia, regarding this fraud, are available at the link.