Dubai: The UAE is the second-most targeted country for ransomware after Saudi Arabia in the Middle East and Africa (MEA), according to Symantec’s Internet Security Threat Report Volume 22.

Hussam Sidani, regional manager for Symantec Gulf, told Gulf News that Saudi Arabia is ranked 20th and the UAE is ranked 26th globally for ransomware attacks. Saudi Arabia represents 0.7 per cent and the UAE about 0.5 per cent of all global detections.

“Couple of highlights in 2016 was that email is becoming, and will become, the most used weapon of choice for attackers. Ransomware attacks have grown 36 per cent globally and the preferred source for ransomware is still email while cloud has become the second frontier for attacks,” he said.

However, he said that the UAE has improved its regional and global standings. In the region, the UAE is ranked 10th compared to sixth in 2015. The UAE is ranked 51st globally compared to 41st in 2015 and 49th in 2014.

A lower rank means that the country is in a better position.

The US is ranked first globally, followed by China, Brazil and India.

Symantec identified over 100 new malware families released into the wild, more than triple the amount seen previously.

He said that 30 per cent of the UAE ransomware victims is willing to pay a ransom, compared to 34 per cent globally, and simultaneously the global average ransom spiked 266 per cent with criminals demanding an average of Dh4,000 per victim up from Dh1,000 as reported for 2015.

Symantec found one in 136 emails in the UAE contained a malicious link or attachment. Large enterprises (more than 2,501 employees) in the country received the most emails containing malware and phishing, while small enterprises (less than 250 employees) received the most spam. Cybercriminals attack large companies given the bigger user and asset base, which makes them a more lucrative victim given the multiple attack vectors.

Additionally, the services industry was the most affected by malicious emails in the UAE (one in 53 emails), while 57 per cent of all emails received by organisations were identified as spam, higher than the global average.

Symantec found one in 131 emails globally contained a malicious link or attachment — the highest rate in five years.

“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” Sidani said.

Moreover, he said that the world has seen specific nation states doubling down on political manipulation and straight sabotage. In the Middle East, we saw Shamoon virus putting Saudi Arabia on high alert again after attacks were uncovered late 2016. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools, unsecured IoT devices and cloud services.

He said that a new breed of attackers revealed major financial ambitions, which may be an exercise to help fund other covert and subversive activities. Today, the largest heists are carried out virtually, with billions of dollars stolen by cyber criminals.

“While some of these attacks are the work of organised criminal gangs, for the first time nation states appear to be involved as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland,” he said.

He added that one of the major factors is that attackers are becoming more organised and funded. They [attackers] are operating like normal businesses with working hours and taking holidays in order to increase the efficiency of their attacks against enterprises and consumers.

Regarding the industry outlook, he said that cyber criminals are going to focus their attention on cloud platform and ransomware on cloud is going to increase.