UAE climbs rankings in global internet security threat report

Dubai: The UAE has climbed the rankings in Symantec's global Internet Security Threat Report Volume XIII as a source and target of malicious activity, up two places from June 2007, to 38 in the world and second in the Middle East.

Saudi Arabia tops the ranking in the region at 32 among the 180 countries monitored.

"As countries across the region begin investing in upgrading and improving the internet infrastructure by providing bigger digital subscriber line (DSL) 'pipes' to subscribers; these countries have become an attractive target for attackers. The main reason is that the more bandwidth a subscriber has; the more bandwidth the attackers have access to - if they can - successfully infect or compromise these computers," Kevin Issac, regional director, Middle East and North Africa, Symantec, said.

The report said the UAE appears to have started to win the battle against spam and being a phishing host. As a source of spam, the UAE was ranked 91 globally - up from 51 in June 2007 - and its ranking as a phishing host has gone up from 66 to 69.

Among the other Gulf countries, Kuwait was placed 59, followed by Bahrain at 74, Qatar at 78 and Oman at 90.

Saudi Arabia was ranked number one in Europe, Middle East and Africa (EMEA) for malicious activity per broadband subscriber with 33 per cent.

Issac said one needs to bear in mind that the UAE has experienced rapid growth in the past 6 to 12 months. "Not only have we seen the population grow dramatically, but also we have seen more users coming online, and the vast majority of these users are broadband subscribers. This has several implications; as the vast majority of people getting online today are generally less well versed about the dangers and issues of internet security. Security awareness and education are vital in reigning in the increasing levels of threats," he said.

"Organisations and internet users alike need to realise that effective security against identity theft and attacks requires better security hygiene, and this requires awareness, use of not only anti-virus technologies, but also personal firewalls, and sensible use of instant messaging, file sharing and social networking tools," Issac said.

Saudi growth

"The internet growth in Saudi Arabia has been rapid in the past year. We have over 22 internet service providers (ISPs), a significantly larger population. With several initiatives to bring more people online via homes, schools, government and business; we are beginning to see the start of a growth in malicious activity. The issue is compounded by various other factors such as the relatively higher rate of piracy and the growing bandwidth subscribers."

Saudi Arabia has introduced a cyber crime-related legislation only recently, and while the UAE has seen several successful convictions on the basis of the UAE 02/2006 Prevention Of Computers Misuse/Cyber Crime penal code; there have been none in Saudi Arabia under the new legislation so far.

"Once the Saudi internet population reaches a 'critical mass', all indicators are that it will feature prominently at the top of most categories for malicious activity. Effective security awareness campaigns and value added security offerings from ISPs will go a long way in helping slow down [but not reverse] this trend," he said.

Issac said governments can only do so much to protect its citizens, and residents, and ISPs are ultimately not responsible for providing security to their subscribers. Every internet and technology user has a small part to play in helping to minimise and reduce the impact, not only on their respective countries, and businesses, but also upon themselves.

Credit card information accounted for 13 per cent of all advertised goods - down from 22 per cent in the previous period and sold for as low as $0.40. The price of a credit card in this underground market is determined by factors such as the location of the issuing bank.

Bank account credentials have become the most frequently advertised item, making up 22 per cent of all goods and selling for as little as $10.

"Attackers have realised that targeting end-users is easier and lucrative. They can gain access to personal information, launch attacks against organisations and countries, and also; if that user is a corporate user; gain access to proprietary company information and servers when the infected laptop is taken back into the corporate environment," he said.