What is the difference between a cyber crime and a cyber incident?
A cyber incident is an event or series of unwanted or unexpected events related to cybersecurity that are likely to compromise operations and threaten information security. (According to Item 12 of the Additional Provisions of the Law on Cybersecurity)
Cybercrime – a socially dangerous act /action or omission/ committed culpably and declared punishable by law, directed at or committed in cyberspace.
Cybercrime - covers traditional crimes (e.g. fraud, forgery and identity theft), content-related crimes (e.g. online distribution of child pornography or incitement to racial hatred), and crimes that are only possible with computers and information systems (e.g. attacks against information systems, causing denial of service and malware).
Cybercrimes are under the authority of the Cybercrime Department at the Ministry of Internal Affairs and Communications
Contacts: Sofia, Alexander Malinov Blvd., No. 1,
entrance from the railway station "Youth 2"
[email protected]
тел. 0885 525 545
What is phishing, how does it work and how to protect yourself?
Phishing is one of the most common methods used by cybercriminals to defraud and steal sensitive information such as bank details, account passwords or credit card information.
The scammer uses social engineering techniques to pose as a reliable and trusted source in an apparently official electronic communication.
Email Phishing: Malicious content delivered via email.
Smishing: SMS/MMS text messages to a mobile phone.
Vishing: Fraudulent voice phone calls.
Geolocation phishing is a technique used to allow or deny access to the fake website to users from a specific country via an IP address or proxy server. Any unauthorized access from another part of the world will not be able to access the phishing page. The goal is to make these attacks more effective, making them more likely to reach users of the original site.
CERT Bulgaria recommends that you observe the following rules in order not to be deceived:
1. Check the source of your incoming emails:
✓ Your bank will never ask you to send them your passwords, bank card details or personal details by post;
✓ Do not answer questions related to passwords and bank card details;
✓ If you have any doubts, call your bank directly for clarification;
✓ Never enter your bank's website via the link in the email, but type it manually in your browser.
2. Install an antivirus program and make sure you are using the latest versions of all programs and the operating system.
3. Enter your confidential details only on secure websites. Note that they start with https:// and that they appear with a small locked padlock icon.
4. Periodically review your bank accounts to be aware of any irregularities in your transactions.
5. Phishing is NOT just about online banking. Identity theft methods are used for: eBay, Facebook, Twitter, PayPal, etc.
6. Phishing knows no borders and attacks can reach you in all languages. They are usually poorly written or translated, so this can be another indicator that something is wrong.
10 tips for using the Internet safely
1. Keep your web browser up to date
To surf the Internet, you will need a browser. Extensions, add-ons and plug-ins are small programs that add features to your browser. Disable or uninstall any programs you don't use. Make additional security and data protection settings to reduce confidential information that is stored and sent to third parties.
"Confidential" information is anything that reveals details about you or your online behavior. Features like "private mode" or "clear history", for example, prevent users using the same device from seeing which websites you've visited. "Block third-party cookies" ensures that only websites you have actually visited can track your browsing behavior. Make sure your web browser is always kept up to date. Use an ad blocker to protect yourself from the spread of malware.
2. Поддържайте вашата операционна система и друг софтуер актуален
Използвайте актуална версия на вашата операционна система и програмите, инсталирани на нея. Активирайте функцията за автоматично актуализиране, когато е възможно. Можете да проверите дали операционната система на вашия компютър е актуална в настройките под „Update“ (Актуализиране). Деинсталирайте всички програми, които вече не използвате. Колкото по-малко приложения сте инсталирали, толкова по-малко потенциални точки на атака за вашата система като цяло.
3. Use antivirus and firewall applications
The operating systems used have virus protection and a built-in firewall, which makes it difficult for criminals to carry out attacks from the Internet even in the default configuration. Enable these features or use a third-party anti-virus program.
Don't let an activated antivirus or firewall lull you into a false sense of security.
4. Create different user accounts
When malware enters a computer, it gets the same rights on the computer as the user account it logged in with. As an administrator, you have full access to your computer. Use the account with administrative rights only if absolutely necessary. Set up different password-protected user accounts through Settings, System Preferences, or Control Panel.
Always surf the web with a restricted user account, not an administrator role.
5. Protect your accounts with strong passwords
Use a unique password for every account you have.
A strong password must meet the following criteria:
✓ You should be able to easily remember a password.
✓ The longer the password, the better.
✓ Password must be at least eight characters long.
✓ You can usually use all available characters in a password, i.e. upper and lower case letters, numbers and special characters.
✓ The full password should not be a word that is easy to guess or personal data.
✓ Common sequences of numbers or keyboard patterns are also not suitable as a secure password. It is not recommended to add single numbers or special characters at the beginning or end of a normal word.
✓ It is important to never share your passwords.
6. Be careful with emails and their attachments
Verify the authenticity of any email before opening an attachment or link in it.
Do not open links from emails in your spam folders.
You can identify unwanted or dangerous emails by looking out for a few things:
• Hover over the sender's email address to see if the sender is fake, for example.
• Watch out for nonsensical sequences of letters, letters that are replaced by others that look similar or foreign domain ie. the last part of the email address.
• Also check the subject and body of the email for spelling errors and to see if it makes logical sense. Fraudsters often make mistakes with this. You should also be skeptical if the email requires you to respond quickly.
7. Be careful when downloading programs
Be careful when downloading programs from the Internet. Make sure your source is reliable before downloading programs. Download the program from the manufacturer's website and use only encrypted sites that you can recognize by the abbreviation "https" in the address bar of the browser.
8. Be careful when providing your personal information
Criminals can use data they have previously collected without permission, such as your browsing habits or names of people you know, to build trust. Consider which online services you really want to entrust your personal data to over open, unsecured networks.
9. Protect your data with encryption
Only visit and enter your personal data on websites that provide an encrypted connection. If the site uses the https secure communication protocol, you can see this in its web address. The address will always start with "https" and your web browser's address bar will usually contain a small locked padlock symbol or similar.
If you use a wireless LAN (WLAN) to surf the Internet, pay particular attention to wireless network encryption. Select the WPA3 encryption standard in your router, if not yet supported, select WPA2 for now. Choose a complex password of at least 20 characters. You can access your router through a specific web address given in your router's manual.
10. Make backups at certain intervals
If one of your devices gets infected despite all these protective measures, important data can be lost. To minimize the resulting damage, it is important to back up your files to external hard drives or USB drives at regular intervals. These storage media should only be connected to your computer when needed. You can use cloud services to back up encrypted data. Only restore your data from backup.
In a ransomware (cryptovirus) attack
A ransomware attack (cryptovirus) is a process that encrypts some/or all of the files on the infected machine and displays a ransom demand message to decrypt them.
You can recognize a ransomware attack by one or more of the following symptoms:
• Replacing the wallpaper with an image of a ransom demand;
• The appearance of text files with a ransom demand;
• The appearance of multiple files with the same extension that you do not recognize (eg .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .encrypted, .locked, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, . encryptedRSA, .crjoker, .EnCiPhErEd, extensions of 6-7 random characters, etc.);
• Stoppage of information systems and services due to inaccessible files.
In the case of Ransomware, it is recommended that the following steps be taken:
✓ View backups (archives)
Take a full review of your backed up files and track the backup process to make sure you're protecting all your important files. Make sure the recovery process is properly documented.
✓ Analyze the risk
Investing in a risk analysis and security audit is an effective way to find out if your systems are as secure as you think.
✓ Train employees
Training employees to prevent ransomware is an important step in protecting your data. Make sure everyone knows what NOT to do, such as following suspicious links and opening email attachments from unknown sources.
Create a rapid response plan so everyone knows what to do if their computer or device becomes infected with malware, including disconnecting the network, isolating infected devices, changing passwords, and notifying the administrator.
✓ Be proactive
Take the following steps to protect yourself from ransomware:
– Enforce a whitelist of applications and ensure that only approved applications can run on the organization's network;
– Follow security experts to stay up-to-date on the latest cybersecurity trends.
✓ Create an incident response and data recovery plan
Having an incident response plan in place will protect your organization's data, revenue and reputation in the event of a successful ransomware attack.
When creating a disaster recovery plan, the critical components are:
– Well-trained incident response team;
– Business Continuity Strategy;
– Cyber insurance;
– Inventory of hardware and software;
– Clear instructions for restoring from backups;
– Alternative means of communication.
Security for mobile devices
✓ Update:
• The Platform – Enable automatic operating system updates to improve privacy/security and fix flaws.
• Apps – Turn on automatic app updates to make sure you're using the most up-to-date security technologies.
✓ Use strong authentication
• Turn on device authentication. Set strong login passwords/PINs and use biometric authentication.
• Use two-factor authentication for apps and websites that support it.
✓ Tracking:
Install or activate software that allows you to remotely track your mobile device over the Internet. That way, you can connect to it over the internet and see where it is if you lose it or it's stolen, or in the worst case, delete the stored information.
✓ Maintain a good level of application security:
Use selected app stores:
– for Apple iOS devices such as iPad or iPhone, this means the Apple App Store.
– for Android devices, use Google Play;
– for Amazon tablets, use the Amazon App Store.
Disable third-party app stores that can be malware distribution vectors.
Delete unnecessary apps. Periodically review and delete unused or unnecessary apps.
✓ Privacy options:
Minimize personally identifiable information (PII) in all applications. Limit the personal information stored in apps.
Provide least-privilege access to all applications and minimize access to personal information.
Review location settings - allow access to your location only when the app is in use.
✓ Protect network communications
Disable unnecessary network connections (BT, NFC, Wi-Fi, GPS). Every connection is a potential point of attack.
Avoid public Wi-Fi networks. Cybercriminals can use public Wi-Fi networks, which are often unsecured, for attacks
✓ Protect the device
Install security software that protects against malware.
Use only reliable chargers and cables. A charger or computer can run malware on smartphones to bypass protections, gain access and take control of them. A phone infected with malware also poses a threat to external systems (eg PCs).
Enable the lost device feature. Configure the settings to automatically erase the device data after a certain time, after a certain number of incorrect login attempts, and enable the option to remotely wipe the device.
Have I been hacked?
No matter how much security you have, sooner or later incidents happen and you find yourself hacked.
Here are some signs that you may have been hacked and what to do if you are.
Online accounts
➢ Friends or relatives tell you that they are receiving unusual messages or invitations from you that you are sure you did not send.
➢ Your account password is not working, even though you are sure it is the correct password.
➢ You receive warnings from websites that someone has opened your account at a time that you know could not have been you. Do not use the links in such messages to verify your account; instead, open the website by typing its address yourself into your web browser or use a pre-saved bookmark as well as a mobile app.
Computer or mobile device
Your antivirus program displays a message that your system is infected. Make sure the message is coming from your antivirus and not a random pop-up from a website trying to trick you into calling somewhere or installing something. Not sure? Open and check the antivirus program to confirm if the computer is really infected.
You see a pop-up message saying your computer is encrypted and you need to pay a ransom to get your files back.
Your apps stop unexpectedly or load very slowly.
While using websites, you are often redirected to pages that you did not request, or new pages are opened.
Finance
Suspicious or unknown credit or debit card payments that you know were not made by you.
Now what? – How to take back control
If you suspect you've been hacked, don't worry - you can deal with this problem. If the hacking is related to your work, do not try to fix the problem yourself, but report it to your employer immediately. If the problem is with your personal system or account, here are some steps that:
Restore access to online accounts: If you still have access to the account, log in from a computer that you know is not infected and change the account password. As soon as you log in to the account, change the password to a new and unique one. All your accounts must have a different password. If it is not possible to remember so many passwords, we recommend that you use a password manager. If possible, turn on multi-factor authentication (MFA) for your accounts, which will help make sure criminals can't get back in. If you cannot access your account, contact the website and inform them that your account has been hacked.
Restoring a personal computer or device: If your antivirus program can't handle the infected computer, or you want to be more sure that your system is reliable, consider reinstalling the operating system. Backups should be
are only used to restore personal files, but not to reinstall the operating system. If you're not sure you can handle the reinstall, consider using a professional service.
Financial Account Recovery: For problems with a credit card or other financial account, call your bank or card issuer immediately. Call them at a phone number you can trust, such as the one written on the bank card itself or on your statement, or visit their website. Review your account statements and transactions frequently.
If you have suffered a significant financial loss or feel threatened, report the incident to the police or to the Directorate-General for Combating Organized Crime - Cybercrime Sector at:
https://www.gdbop.bg/bg/contacts
[email protected]
Privacy - Protecting your digital footprint
What is privacy?
There are many different definitions of "privacy". We will focus on personal privacy, dealing with information about you that is collected by others. In today's digital world, you'd be amazed at all the different organizations that not only collect information about you, but also legally share or sell it.. And if that information falls into the wrong hands, it can be used by cybercriminals against you.
The purpose of personal privacy is to manage your digital footprint, for example – making an effort to protect and limit what information about you is collected. Keep in mind that in today's digital world, it is almost impossible to completely remove your digital footprint or stop any organization from collecting information about you, you can only reduce it.
Steps to help protect your privacy:
✓ Limit what you post and share with others online, such as on forums and social media. This includes photos you share. Even in non-public forums or places with strict confidentiality, consider that someday anything you post may become public.
✓ When registering new online accounts, review what information is collected about you by the relevant website by reading the privacy policy, and only provide what is truly necessary. If you have concerns about the information collected, do not use this website.
✓ Keep in mind that no matter what the privacy settings are, information about you is collected, especially with free services like Facebook or WhatsApp. These services base their business model on collecting data about what you do and who you interact with. If you are really concerned about your privacy, don't use such free sites.
✓ Preview mobile apps before downloading and installing them. Are they coming from a trusted source? Have they been around for a long time? Do they have a lot of positive comments? Check the access requirements. Does this app really need to know where you are or access your contacts? If you are not convinced that this is the right choice, look for another application.
Search for apps that support it privacy and offer privacy options. Even if you have to pay for an app that respects your privacy, it's probably worth it.
✓ Consider using a virtual private network (VPN) for your internet connection, especially if you use a public network such as free WiFi.
✓ When using a browser, set it to private or incognito mode to limit what information is shared, what cookies are used and stored, and to protect your browsing history.
✓ Consider using anonymous search engines designed for privacy.