Dubai: Cybercriminal attacks have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world's largest corporations and government entities mainly for financial gain, said top officials at Symantec.

"The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments," Johnny Karam, Regional Director — Middle East & North Africa, Symantec said.

He told Gulf News that the skyrocketing severity and frequency of cyberattacks against enterprises globally pose an ominous threat to the stability of the international economy as the underground economy is maturing more and more everyday.

"The trend we see is that criminals are focusing on emerging markets. Why? The established markets like US and Europe are cracking down very hard. They have built legislation [in order] to crack down. Attackers are now going to places where legislation is not that advanced. They go after growing infrastructure. In UAE, Saudi Arabia and Egypt for example, the penetration rate of DSL is very high. So for the attackers it is very big news. The Middle East has become the hot spot," Karam said.

Simple toolkit

Bulent Teksoz, regional technology manager, Symantec Mena, said that cybercriminals have made it easy for unskilled attackers to steal data and identity from computers by a simple toolkit called Zeus (Zbot), which can be purchased for as little as $700 (Dh2,569). Using these kits, attackers create literally millions of new malicious code variants in an effort to evade detection by security software.

Karam said that internet-based attacks have grown significantly. Today's attackers leverage social engineering techniques to lure unsuspecting users to malicious web sites. These web sites then attack the victim's web browser and vulnerable plug-ins normally used to view video or document files. In particular, 2009 saw dramatic growth in the number of web-based attacks targeted at PDF viewers; this accounted for 49 per cent of observed web-based attacks. This is a sizeable increase from the 11 per cent reported in 2008.

According to Symantec's new Internet Security Threat Report volume XV, the UAE is ranked number 18 in EMEA (Europe, Middle East and Africa) and 36 in the world in 2009 for malicious activity.

In comparison to the previous year, the UAE has seen an improvement in global ranking from number 40 to 36. Egypt is ranked 15th in EMEA and 31st in the world in 2009, climbing from number 26 globally in 2008. Saudi Arabia is ranked 13th in EMEA and 29th in the world in 2009 for malicious activity. Egypt, Turkey and Saudi Arabia were the top three ranked countries for potential virus infections during 2009, in that order.

"In 2009, Saudi Arabia had the highest number of potential worm infections in EMEA, unchanged from 2008 while the UAE and Egypt ranked second and third for potential worm infections in 2009, respectively. These two countries ranked fourth and fifth in 2008, respectively, and their increase in rank for 2009 is attributed to the drop in rank of the United Kingdom and Spain, from second and third in 2008 to sixth and eight in 2009, respectively.

The rise of worm activity in the UAE and Egypt can be attributed to the previously mentioned connection between worm and virus activity in the region, as both of these countries ranked in the top five for viruses," the report said.

"Egypt was the top-ranked country for viruses while Saudi Arabia was the top-ranked country for worms. Worms are malicious programmes that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file," Bulent said.

He said the value of data loss by an average medium-to-large enterprise stood at around $2 million and it has increased quite a bit compared to last year.

The second most common malicious code sample causing potential infections in EMEA in 2009 was the Mabezat.B worm.

Weak passwords

Mabezat spreads through e-mail, removable drives, and network shares protected by weak passwords. It also infects executable files and encrypts data files.

Karam said that attackers are leveraging the abundance of personal information openly available on social networking sites to synthesise socially engineered attacks on key individuals within targeted companies.

Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.