Sponsored hackers threaten the security of the Mongolian government
In the first half of 2024, the number of internet users in Mongolia reached 4.5 million, a significant increase from 2.9 million last year. In the capital, this figure reaches 85.3%, while in rural areas it is 67.6%. Although Mongolia's population is not very large, these data indicate a high level of internet activity. Experts emphasize that all countries face challenges related to the internet and its safe use.
The International Chamber of Commerce (ICC) identifies the internet as a key factor contributing to global trade and economic growth. It serves as a bridge connecting people and ideas around the world. However, the task of ensuring its safe and ethical use is becoming increasingly urgent. Thus, the United States has officially recognized cyberspace as the fifth domain of warfare, alongside land, sea, air, and space. Cyberwarfare aimed at destroying information infrastructure is considered no less dangerous than traditional military actions. Mongolia, like other countries, faces growing challenges in cybersecurity that require enhanced digital protection and the establishment of effective countermeasures against foreign attacks.
Information Security Audits are Necessary
Government agencies collect crucial information about citizens, and the private sector is also increasing the volume of data collected. However, it is unclear how effectively these organizations can protect and manage the information collected without violating citizens' rights. In recent years, there have been numerous cases of cyberattacks on ministries, hospitals, and financial institutions, leading to data leaks.
Notably, 70% of cyberattacks in Mongolia target government structures and related organizations. 11% of attacks occur against parliamentary institutions, while 14% target the healthcare sector. According to the Ministry of Digital Development, Innovation, and Communications (MDIC), in 2023, more than 128 million attacks were recorded from Russia. Additionally, 65 million attempted cyberattacks came from the United States, and 50 million from China. This statistic highlights the high activity of cyberattacks in Mongolia, where between 60,000 and 90,000 attacks occur weekly. The effectiveness of the country's defenses and response mechanisms to such incidents is becoming critically important.
Last year, the MDIC conducted a cybersecurity assessment in 67 government institutions. The results showed that 29.4% of them had been subjected to cyberattacks, and 70.5% were either unaware of violations or did not take action. More than 56% of organizations lacked a security policy, and 30% had never conducted a risk assessment. During a technical audit, 21% of computers contained malware, and 15% were extremely vulnerable.
Since the beginning of 2024, the ministry, in collaboration with the Global Cybersecurity Centre of Oxford University, has begun researching the state of cybersecurity in Mongolia. The results, presented in February, revealed the need to strengthen policies and regulatory frameworks in cybersecurity, raise public awareness, train specialists, and expand international cooperation.
According to the Global Cybersecurity Index published by the International Telecommunication Union, Mongolia scored 56 points, ranking 103rd out of 194 countries, corresponding to the "developing" category. The country has achieved good results in legislation and organizational structure but significantly lags in technical capacity and personnel training. The government aims to elevate the level of cybersecurity to a "mature" state and achieve level five, which will allow it to effectively counter digital threats.
The Role of Administration in Cybersecurity
Cybersecurity legislation requires government agencies to conduct information security audits and risk assessments. In Mongolia, over 40 organizations are authorized to conduct such assessments, but many government bodies do not take the initiative in this direction. According to reports, some institutions prefer to pay fines rather than undergo assessments, as costs increase depending on the number of computers being checked.
All institutions handling large volumes of citizen data are required to submit annual risk assessment reports to the relevant authorities. For example, government agencies must report to the National Center for Cyberattack Prevention, while private organizations must report to the Incident Response Group.
Information security auditor Erdem Bodur emphasized the relevance of conducting risk assessments, highlighting that every organization faces the necessity of protecting its data. Without active support from management, creating a security system becomes challenging. The ISO/IEC 27001:2013 standard emphasizes the importance of management responsibility.
He also added that cybersecurity is a continuous process requiring constant attention. "There is no system that cannot be hacked. There will always be technologies capable of bypassing defenses. Therefore, strict adherence to norms and standards is critically important for protection against cyber threats," he noted. Risk assessment remains an important element of information security and should be conducted annually.
According to him, implementing standards such as ISO/IEC 27001 can prevent data leaks by ensuring the security of internal information. "Unfortunately, in Mongolia, cases of insider data leaks are not uncommon," he added.
Is Mongolia Ready for Cyberwarfare?
In recent years, cyberattacks carried out by state-sponsored hacker groups have become increasingly frequent. According to a study by Group-IB, in 2023, 828 state-funded attacks were recorded, of which 15.5% targeted governments and armed forces, an increase of 58% compared to 2022.
Attacks manifest in various forms, including phishing links and network breaches. Cyberattacks in Europe are associated with damage to underwater cables, while in Ukraine, they are linked to attacks on ground infrastructure. In the United States, attackers attempted to gain access to government systems. India emerged as the most vulnerable country, experiencing 31.4% of all attacks.
The study revealed that in 2023, personal data of more than 6.4 billion users was leaked. Hackers most frequently accessed email addresses, phone numbers, and passwords through phishing schemes.
Mongolia also faces these threats. Neighboring countries—Russia, China, and the United States—continue to conduct active cyberattacks on Mongolian networks. Despite having a legislative framework, including the Cybersecurity Law and National Strategy, the challenge lies in effective implementation and adequate funding.
Starting January 1 of next year, a special budget for cybersecurity will be allocated in Mongolia. However, there remains a serious issue of a shortage of qualified specialists. The question of how to fill this gap remains open.
Against the backdrop of global cyber threats, Mongolia stands on the brink of change. The country is actively developing a legal and structural framework to protect its digital space, but the task of integrating these measures into everyday practice remains.
Creating an effective cybersecurity system requires not only investments and modern technologies but also strong leadership and qualified personnel. In the face of rising cyberattacks, Mongolia must be prepared for ongoing and coordinated efforts to ensure its cyber defense.
Tatar S. Maidar
source: MiddleAsianNews
