Dubai: 2014 was the year of the data breach and the attack on Sony Pictures Entertainment was the most devastating.
The criminals broke in and stole gigabytes of valuable documents, caused millions of dollars in computers damage, exposed details of staff and emails, and leaked five movies.
When most of the breaches are done for a profit, the Sony attack was intended to hurt the company while the attack on retail stores like Target, Kmart, Neiman Marcus and Home Depot involved compromises of credit and debit cards.
The number of corporate sector targets in 2014 has more than doubled since last year and the number of victims affected by targeted attacks is 2.4 times that of 2013, when up to 1,800 corporate targets were discovered.
Over the last 12 months, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has reported on seven advanced persistent cyber-attack campaigns (APTs). Between them, these accounted for more than 4,400 corporate sector targets in at least 55 countries worldwide. This year also saw a number of fraud campaigns that resulted in losses totalling millions of dollars.
According to the survey carried out by Kaspersky Lab and B2B International, 51 per cent of users in the UAE faced financial cyber-attacks during the past year, with 10 per cent of respondents reportedly losing money as a result.
“Some users regard cyber-threats as some sort of remote entities that can only do damage in cyberspace. However, many online threats have clear implications for our lives in the real world — be it lost data or stolen money. Rather than paying for the consequences, it makes much more sense to take care of your security beforehand,” said Elena Kharchenko, head of consumer product management at Kaspersky Lab.
Almost 30 per cent of respondents in the UAE stated that hackers had stolen their money by gaining access to their payment services accounts, nine per cent believed they had fallen for fraudsters’ tricks and entered their credentials on a fake website and 10 per cent were sure that their logins and passwords had been intercepted by malware. The average amount stolen from each user was $243, but one victim in five lost over $1,000 to this type of online fraud.
During the year, many users’ online accounts — email, social networking, etc — were hacked. This was reported by 28 per cent of respondents in the UAE. In addition to being used by cybercriminals to send spam and malicious URLs, compromised accounts can be a source of financial losses. Information that can be found in a user’s mailbox often includes account credentials sent by payment services and online stores in response to registration and password recovery requests.
In addition, 51 per cent of respondents in the UAE reported a malware-related incident within the past year, with one incident in five resulting in financial losses. The average damage caused by malware amounted to $173 including, among other costs, expenses associated with mitigating the consequences of infection, getting help from IT experts and purchasing specialised software.
According to EMC’s 2014 Global Data Protection Index, UAE is in ranked 24th, which means it is actually the lowest ranking country in terms of maturity towards data protection and ability to recover from an incident.
The study revealed that data loss and downtime cost enterprises $1.7 trillion (globally) in the last twelve months, or the equivalent of nearly 50 per cent of Germany’s GDP. Data loss is up by 400 per cent since 2012 while, surprisingly, 71 per cent of organisations in the UAE are still not fully confident in their ability to recover after a disruption.
Fady Richmany, senior regional director for data protection and availability division at EMC said the report highlights the misalignment between the consequence of downtime and data loss and the approach towards preventing or even recovering from an incident.
He said that still 46 per cent of enterprises feeling challenged to protect hybrid cloud, big data and mobile, it’s understandable that almost all of them lack the confidence that data protection will be able to meet future business challenges.
“We hope the report will prompt IT and business leaders alike to re-evaluate the situation and implement the right data protection strategies and solutions to better align with their long term goals,” Richmany said.
Businesses in the UAE say they remain unprepared in the new era of mobile, cloud and big data
Richmany said that data loss and downtime costs enterprises in the UAE $2.8 billion while 77 per cent of companies have suffered disruptions in the last 12 months.
China, Hong Kong, The Netherlands, Singapore and the US lead protection maturity, according to the report.
The average business experienced 22 hours of unexpected downtime in the last 12 months in the UAE.
Among a range of security incidents, Kaspersky Lab found that targeted attacks and malicious campaigns stand out, particularly in terms of their scale and impact on businesses, governments, public and private institutions.
Alex Gostev, chief security expert at the Global Research and Analysis Team at Kaspersky Lab, said that organisations in at least 20 sectors (public sector, energy, research, industrial, manufacturing, health, construction, telecoms, IT, private sector, military, airspace, finance and media, among others) were hit by advanced threat actors last year.
Cyberespionage actors stole passwords, files and audio-streamed content, took screenshots, intercepted geolocation information, controlled web-cameras, and more. It is likely that in several cases these attacks were performed by state-sponsored threat actors, for example the Mask/Careto and Regin campaigns.
Regin is the first ever cyber-attack platform known to penetrate and monitor GSM networks in addition to other ‘standard’ spying tasks.
In the Gulf States, one quarter of the Regin infections were in Saudi Arabia.
“Targeted operations could mean disaster for the victim: resulting in the leak of sensitive information such as intellectual property, compromised corporate networks, interrupted business processes, and the wiping of data. There are tens of scenarios that all end up with the same impact: the loss of influence, reputation and money,” Gostev said.
