Dubai: Organisations in Europe, Middle East and Africa are 2.5 months slower to respond to a cyber incident than the global average, according to M-Trends 2018 report released on Monday.

Investigations conducted by Mandiant security analysts, a FireEye company, showed that the average time for a Mena-based company to detect an incident stands at 175 days for EMEA compared to a global average of 101 days.

Speaking to Gulf News, Yazan A. Hammoudah, Manager for Systems Engineering at FireEye Middle East and Africa, said that the increase is due to the amount and variety of attacks from both advanced persistent threat (APT) or state-sponsored attackers and cybercrime groups.

In 2016, it was 106 days for EMEA and 99 days globally. So, he said that it shows how advanced the threat actors have evolved over the years.

In 2017, Hammoudah said that Iran has increased its cyber espionage capabilities and is now operating at a pace and scale consistent with other state-sponsored APT groups.

“We found four groups such as APT32, APT33, APT34 and APT35 from Iran and their victims spans every sector and extends well beyond regional conflicts in the Middle East,” he said.

The report said that APT32 targeted Vietnam while APT33 targeted Saudi Arabian and Western organisations that provide training, maintenance and support for Saudi Arabia’s military and commercial fleets; APT34 targeted Middle Eastern financial, energy and government organisations, and APT35, since 2014, targeted the US and the Middle Eastern military, diplomatic and government personnel, media, energy and defence industrial base.

Iranian hackers

From August 2016 to August 2017, he said that APT35 engaged in multiple operations against a broad range of victims.

“Rather than relying on publicly available malware and utilities, Iranian hackers developed and deployed their own malware. When they are not carrying out attacks against their targets, they are conducting espionage and stealing data,” Hammoudah said.

“Some of the industrial control systems (ICS) in the region are using very old machines and now we are discovering a number of compromises. Once we went into the ICS, the malware has been in the system for many years with the hackers thinking like a foothold for future positioning rather than active attacks in 2017,” he said.

He, however, said that this is due to the shortage of cybersecurity skills gap and the average dwell time will increase further in the coming years.

“We are starting to see increased investment in developing the cyber defence skills among universities. As the demand for skilled personnel capable of meeting the challenges posed by these threat actors continues to rise, the supply simply cannot keep pace,” he said.

FireEye’s research indicates that Chinese cyber operations targeting the intellectual property of US companies declined significantly after the signing of an agreement by former President Barack Obama and China’s President Xi Jinping in September 2015.