Dubai: While businesses are investing more in cyber security, hackers continue to penetrate networks, pilfering money and customer data in the process. Cash from ATM machines are still being stolen. Fraudulent credit cards still abound and highly sensitive data are still being leaked.
The UAE is no exception. According to Kaspersky Lab, there were a number of cyber attacks detected in the country this year. One of these threats targeted automated teller machines (ATMs) in order to steal money from bank customers.
In its latest “Review of the Year,” Kaspersky Lab revealed the UAE became one of the prime targets for at least three massive cyber attacks in 2016. The company reported that in May, it uncovered a revived malicious software, otherwise known as malware, that targets ATMs in the UAE, along with France, United States, Russia, Macau, China, Philippines, Spain, Germany, Georgia, Poland, Brazil and the Czech Republic.
The global cybersecurity company’s report is silent about the financial losses incurred by banks or customers as a result, but one IT security expert said: “if cyberattacks keep happening, criminals must have made a lot of money in this market.”
Malware works likes a computer virus with the sole purpose of stealing money and highly sensitive data. They can be installed on ATMs or sneak into computers and mobile phones through email attachments or chats, and enable hackers to monitor everything a user does - record every site visited, every email sent, every number/key typed. In many cases, they leave hackers free to steal data from credit and debit cards, including bank account and personal identification numbers.
In one of the malwares that hit the UAE this year, hackers were able to penetrate the core of automated teller machines – the part of the device responsible for card processing and dispensing of cash.
“Rather than the well-established method of fitting a fake card-reader to the ATM, the attackers take control of the whole ATM. They start by installing [a malware called Skimer] on the ATM – either through physical access or by compromising the bank’s internal network,” said Kaspersky.
In June 2016, another cyber security breach was reported. Dubbed as “Operation Ghoul”, this new form of advanced targeted attack has also hit the UAE and some countries in Asia, Europe and the Middle East. Companies affected were engineering, industrial, manufacturing and shipping companies.
Between August 2015 and January 2016, Kaspersky said unknown criminals also targeted the UAE, as well as the United States, Italy, Germany, Turkey, India, Russia, Hong Kong and Taiwan through another malware called Adwind. More than 68,000 users encountered the attack as a result.
These cyber attacks further highlight the need for companies to find better ways of intercepting hackers.
“The number and range of cyberattacks and their victims seen in 2016 has put the subject of better detection at the top of the business agenda. Detection is now a complex process that requires security intelligence, a deep knowledge of the threat landscape, and the skills to apply that expertise to each individual organization,” said David Emm, principal security researcher, Kaspersky Lab.
Top 3 cyber attacks affecting UAE this year:
Skimer ATM
Through the so-called “Skimer ATM malware,” hackers or skimmers are able to take control of the whole ATM – either through physical access or by compromising the bank’s internal network. The specific part being targeted is the core of the ATM, which is responsible for interaction with the wider bank infrastructure, card processing and dispensing of cash.
This particular cyber attack enables hackers to capture data – including a customer’s bank account number and PIN - from the cards used at the ATM or steal cash directly.
Operation Ghoul
This is named after the group that was behind a series of attacks that were reported in June this year. What the cyber criminals do is simply send spear-phishing emails with malicious attachments mainly to top and middle level managers of numerous companies. These emails appeared to come from a bank in the UAE, with the message claiming to offer payment advice from the bank and included an attached SWIFT document. But the attachment really contained malware.
The organisations targeted by this attack included those in the industrial and engineering sectors, shipping, pharmaceutical, manufacturing, trading and educational industries.
Adwind Malware
Between August 2015 and January 2016, more than 68,000 users, including those in the UAE, United States, Italy, Germany, Turkey, India, Russia, Hong Kong and Taiwan encountered this type of malware.