Financial Crime World

Governmental Centre for Response on Cybersecurity Incidents Takes Centre Stage in Moldova

In an effort to strengthen its cybersecurity infrastructure, the Government of Moldova has established a centralized platform for responding to cyber threats. The Governmental Centre for Response on Cybersecurity Incidents (CERT-GOV-MD) has been operational since 2018 and has played a crucial role in identifying and mitigating various types of malware attacks.

Malware Surge in Moldova

According to a recent report by CERT-GOV-MD, the country experienced a significant surge in malware infections between 2015 and 2019. The most common types of malware detected during this period included:

  • Trojan.Emotet
  • Adware
  • InstallCore
  • HackTool.WinActivator
  • Riskware.BitCoinMiner
  • Virus.Renamer

Ransomware Attacks on the Rise

The report also highlighted the growing trend of ransomware attacks targeting public sector entities, with a significant increase in 2019 due to their ability to pay higher ransoms.

Regional Distribution of Malware Infections

The study found that most malware infections were detected in government networks (64.33%), followed by private companies and organizations. The top five regions affected by malware infections were:

  • Chisinau (58.92%)
  • Tiraspol (30.72%)
  • Bendery (3.38%)
  • Balti (1.36%)
  • Other areas

Malware Families

The CERT-GOV-MD report identified 108 different families of malware, with the most dominant being:

  • Wannacrypt (31%)
  • Pykspa (22%)
  • Mker0 (7%)
  • Andromeda (6%)
  • Monerominer (5%)
  • Sality (+Sality-p2p) (5%)
  • Android.Fobus-3540 (3%)

Cyber Attack Objectives

The report emphasized that the main objective of these cyber attacks is to exfiltrate information of strategic interest, often through Advanced Persistent Threats (APTs). The attackers employ various techniques such as:

  • Social engineering
  • Spear-phishing
  • Multiple levels of command and control servers or vulnerability scanning

CERT-GOV-MD’s Response Strategy

In response to these threats, the CERT-GOV-MD has developed a comprehensive strategy for addressing cybersecurity incidents. This includes:

  • Establishing incident response teams
  • Conducting regular threat assessments
  • Providing training and awareness programs for government officials and private sector entities

Conclusion

The establishment of the CERT-GOV-MD is seen as a crucial step in enhancing Moldova’s cybersecurity posture and mitigating the risks associated with cyber threats to national security.