Dubai: The top security story in 2013 was no doubt that of the National Security Agency (NSA) whistle-blower Edward Snowden. His revelations about the breach of user privacy by the US government have had a ripple effect.
One of the key implications has been the loss of trust.
Internet privacy will emerge as the top security concern of businesses and Internet users in the year ahead. This is because the increased awareness about Internet privacy in the wake of the NSA revelations.
With most large cloud service providers such as Salesforce, Google, Microsoft and Amazon being US-based, companies in the Middle East have become very cautious.
This is because cloud services require data to be stored on servers that aren’t necessarily within the region and are therefore subject to different laws, which might compromise the privacy and security of the information.
Other top trends are the rise in cybercrime particularly relating to increasing malware on the Android mobile platform and the emergence of threats on non-traditional devices such as smart cars, game consoles and smart TVs.
“New types of attacks targeting mainly Android devices like ransonware, sandbox-aware, return-oriented programming attacks that cause legitimate applications to behave in malicious ways, self-deleting malware that covers its tracks after subverting a target, advanced attacks on dedicated industrial control systems that have the potential to damage public and private infrastructure, politically motivated attacks around major activities in the region are some of the trends we see this year,” Vibin Shaju, presales regional manager at McAfee MENA, told Gulf News.
Last year, cybercriminals targeted oil companies, financials, governments and mobile phones for various interests of Hactivism, political and financial objectives but this year, mobile phones, virtual currencies, political motivation, social platform, vulnerabilities above and below operating systems are the major targets.
“Cybercriminals are very specialised now — there are some in finding zero day vulnerabilities, others in building botnets and spam campaigns, there are cybercriminals specialised in executing advanced targeted attacks or building banking Trojans,” said Ghareeb Saad, senior security researcher, global research and analysis team at Kaspersky Lab.
He said cybercriminals will increase the use of techniques like watering hole or spear phishing. Mobile attacks will be very popular and new attacks will be developed for new technologies like HTML5 and cloud applications.
They share strategies and tools and can combine forces to launch coordinated attacks. They even have an “underground marketplace” where cybercriminals can buy and sell stolen information, identities and more importantly the knowledge which helps it to expand.
According to the UAE Ministry of Interior, banking topped the list of most targeted sectors with 35 per cent of attacks in the country. Government e-services, telecommunication systems and educational institutions accounted for the remaining 65 per cent.
“This does not come as a surprise given the potential value of targeting banks. Also interesting is that attacks are no longer just carried out by individuals. Rather, it is well-organised and well-equipped groups that are behind these attacks,” said Pradeesh VS, General Manager at ESET Middle East.
While banking and government sectors will remain the main targets for attackers, he said and added that there are new targets emerging on account of the popularity of new services. Of these, e-commerce will no doubt stand out.
According to a PayPal report, the e-commerce market in the Middle East will grow from $5 billion (Dh18.37 billion) in 2011 to $15 billion by 2015. Cyber criminals will use attacks such as “SQL injection” to gain access to information such as credit card details and user information.
“Cybercriminals can then use this data for identity theft, fraud or even sell it to the highest bidder,” Pradeesh said.
Also cybercriminals have an obvious interest in targeting health care organisations in terms of stealing the information largely about patient billing and insurance records. Identity theft, again for the purposes of stealing money, is a common outcome here.
With many critical systems like in health care and other critical infrastructure running on legacy operating systems having the username and password hardcoded — which can’t be changed — will invite targeted attacks on these platforms.
Moreover, health care records have become increasingly electronic, and these records can easily make their way onto laptops and mobile devices. It means a “flood of sophisticated malware targeting their computers,” Pradeesh said.
Targeted attacks will grow because businesses are developing, their dependence on IT is also increasing, this will give cybercriminals an even bigger spectrum to attack and perform their usual and evolved cybercrimes.
Spam is still a main source for finical gains for cyber criminals and they are going to investment more in spam by creating more botnets for sending spam emails.
Besides spam emails, an increase in spam in chat clients and mobile messaging applications as well as in social networks are expected to grow.
Global spam volume had increased to 125 per cent in 2013. Much of it is the legitimate marketing firms purchasing and using mailing lists from less reputable sources. In a single month now “we see around one trillion legitimate email and four trillion spam messages. This trend is likely to continue since email is still used as a primary method of all communication,” Shaju said.
“The use of Denial of Service (DDoS) attacks increased dramatically during last year both in strength and in number of attacks and are expected to continue during this year especially with the increase in hacktivism groups using it as a way of protesting,” Saad said.
Pradeesh said that spending on DDoS mitigation solutions had already increased in 2013 and is set to increase further this year.
