Cyber attack security
According to a recent survey by Proofpoint and Etisalat’s Help AG, 15 per cent of organizations in UAE suffered a phishing attack in 2019, with an additional 15 per cent suffering a business email compromise attack. Picture used for illustrative purposes only. Image Credit: Vijith Pulikkal/Gulf News

Cyberattacks are still the number 1 threat to Middle East’s businesses. With a rising number of employees switching to hybrid working models, IT infrastructure and data centers of a large number of companies are at risk of being breached by cyber criminals.

Email and social media users also need to watch out for phishing attempts that could lead to information theft.

According to a recent survey by Proofpoint and Etisalat’s Help AG, 15 per cent of organizations in UAE suffered a phishing attack in 2019, with an additional 15 per cent suffering a business email compromise attack.

In the meantime, only around 69 per cent of the Forbes ‘Top 100 Middle East Companies’ have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place. In other words, 31 per cent of them are leaving customers at risk of email fraud.

What is a cyberattack?

It is an assault launched by cybercriminals using computers against a single or multiple computers or networks. With more than 3 billion people worldwide on the internet, cyberattacks have become the weapon of choice for many malicious actors who are actively looking to participate in illegal activities such as cyber theft, compromising networks and even sabotaging vital national infrastructure of countries.

What is DMARC?

DMARC, an email protocol, is being adopted globally as the 'passport control' of the email security world. It verifies that the purported domain of the sender has not been impersonated.

The system is designed to protect employees, customers, and partners from cybercriminals looking to impersonate a trusted domain. Some industries in the region have led the charge in terms of DMARC adoption, according to the Help AG report.

Almost all logistics firms and 80 per cent of banking and financial services providers have published a DMARC record. However, some other industries are clearly lagging behind - only 50 per cent of real estate and construction firms and only 20 per cent of companies from the retail sector have started their DMARC records.

What is phishing?

It is a kind of cybercrime where a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure the individual into giving sensitive data such as banking and credit card details and passwords.

How serious are email phishing attacks?

Email phishing attacks can be extremely serious due to their sheer volume and the consequences they carry for individuals and businesses. On an individual level, a successful phishing attack could enable a hacker to steal credit card information and make purchases using an individual’s credentials.

For employees using a corporate email, a phishing attack could cause the theft of information such as username and password credentials, and in other instances, this could serve as the mode of entry of the attackers into the entire organization’s infrastructure.

“The disruption that can be incurred due to an email phishing attack can trigger data breaches and result in legal fines; costing businesses millions of dollars, not to mention the resulting reputational damage and the possible theft of intellectual property,” said Nicolai Solling, Chief Technology Officer, Help AG.

Considering the fact that people often use the same password across multiple applications, credential theft often tends to set off a chain reaction of breaches. This risk has only increased significantly with distributed workforces becoming the new norm.

The Dubai Future Foundation has reported that phishing emails have surged over 600 per cent since February 2020.

How can client emails be compromised?

According to Help AG, client emails can be compromised if the clients’ partners do not have measures in place to prevent domain spoofing. Without implementing tools like Domain-based Message Authentication, Reporting & Conformance (DMARC) records, a company runs the risk of cybercriminals impersonating it in emails to get clients to make a wire transfer, give sensitive information, or open malicious links and files.

Another issue facing client emails is Email Account Compromise. In this type of attack, a hacker obtains access to a trusted email domain and sends fraudulent emails to clients through that domain. This can be difficult to prevent, as the email domain used is legitimate and will not be filtered.

“However, even with all the best security measures in place, network security is only as good as its weakest link which, in most cases, is the end user,” said Help AG’s Solling. “Social engineering tactics have proven to be the most effective way to obtain an employee’s sensitive data to hack into company networks, whether by posing as a legitimate actor or a fellow employee,” he added.

Phishing campaigns have also become increasingly sophisticated and harder to spot, imitating social media platforms or financial service providers with surprising accuracy to trick users into entering personal data. These issues can only be addressed by comprehensive training programmes to raise awareness and educate end users about the potential risks.

What are the threats faced through personal emails?

Cybercriminals can design phishing emails that look like they were sent from the platform. For example, an individual could receive an email that appears to be from a legitimate company that prompts them to click through to a fake login screen. If you enter your credentials, your account and all the data associated with it could be compromised.

The personal information shared on social media – about one’s whereabouts, interests, personal relationships, etc. – can be used as ammunition by cybercriminals to personalize their phishing emails and manipulate users into clicking.

What are some of the preventive measures that corporate clients can take?

According to Help AG, corporate clients should follow security best practices, such as checking the email address of the sender, never entering sensitive data unless they are sure the email is legitimate, never clicking links or downloading attachments from unknown senders, installing and constantly updating security software on their devices, enabling multi-factor authentication on their accounts, and installing a phishing filter.

Individuals should also keep their personal and corporate emails and devices separate. Organizations need to seriously rethink their cybersecurity in terms of securing the distributed workforce and ensure that productivity or convenience does not compromise security.

How UAE’s large oil, gas and infrastructure companies are secured

Large oil, gas and infrastructure companies in the UAE have recognized that they are prime targets for cyber-attacks and have taken cybersecurity more seriously.

“However, the question is whether or not they are responding quickly or robustly enough to keep up with rapid digitization and automation trends, and the growth in scale and sophistication of bad actors,” said Solling.

In the industry as a whole, large organizations are increasingly integrating infrastructure such as SCADA (Supervisory control and data acquisition) with IT networks to automate systems and manage plant operations based on data provided in real time, thereby boosting efficiency and profitability.

Cyber threats and security
Image Credit: Vijith Pulikkal, Assistant Product Manager

What is SCADA?

It is a system that seeks to monitor and control field devices at remote sites. SCADA systems are critical as it helps maintain efficiency by collecting and processing real-time data.

Increased risk

With the modernization and automation of oil and gas infrastructure comes increased vulnerability, as the OT systems (operational technology) running them are becoming increasingly interconnected with IT systems and the internet, often including Internet-of-Things (IoT) devices in remote locations, such as sensors attached to pipelines and water mains.

What is OT?

Operational Technology (OT) is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in an enterprise.

According to a report by Fortinet, 9 in 10 organizations experienced at least one OT system intrusion in 2020, while 65 per cent of them had 3 or more intrusions. The same report also saw a drastic increase in hacking activity over 2019, all of which points to a worrying trend in OT cybersecurity as a whole.

If successful, attacks on companies in these industries could potentially shut down or disrupt production, and in the worst cases, put the physical safety of employees at risk, or cause significant economic damage.

What are some of the biggest cyber threats to UAE’s firms?

Ransomware, Distributed Denial of Services (DDoS), and carding attacks are among the biggest threats facing organizations in the UAE and the region, according to Help AG.

In particular, ransomware attacks are increasing in sophistication and, according to Cybersecurity Ventures, could cost the global economy up to $20 billion in 2021.

“Our own research has revealed that the region has been witnessing a tremendous growth in DDoS attacks in frequency, volume, new attack vectors and multifaceted tactics,” said Solling. “In Q3 2020, we captured many DDoS attack types among which we detected 24,386 high-volume Total Traffic attacks; attacks based on total traffic volume exceeding the defined threshold”

What is a DDoS attack?

Distributed denial of service attack is when an attacker tries to make it impossible for a service to be carried out. This is done by stopping access to servers, devices, services, and even transactions within some applications.

What is ransomware?

This is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via ordinary post. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.

What is carding?

Help AG has seen a significant increase (500%) in carding; the illegal usage of a credit or debit card by unauthorized individuals to buy a product.

“This growth in cyberthreats is expected to increase as people worldwide continue working remotely, relying on VPNs, and using unsecure networks and devices,” said Solling.