Most organizations face imbalances between people, technology, and processes, leaving vulnerabilities that attackers ruthlessly exploit
Dubai – The world has witnessed several high-profile ransomware attacks in 2021, which have had devastating economic ramifications for those targeted
Cyber ââattacks such as ransomware are here to stay, and when they hit an organization, there’s not much anyone can do about it, experts say.
Therefore, organizations must be prepared to stay one step ahead of malicious actors by understanding the specific threats that affect them and strengthening their security posture to be more proactive in hunting down threats.
Ashraf Koheil, Business Development Director for Middle East and Africa at Group-IB, explained that the current cyber threat landscape is extremely diverse for large enterprises, as well as at the user level.
“The Covid-19 pandemic has favored both petty con artists and sophisticated threat actors pursuing large-scale, high-value targets,” he told the Khaleej Times. âThe GCC region is home to some of the largest shopping centers in the world and is experiencing rapid digital evolution. The UAE is leading in many areas of technology and innovation; and cybercriminals haven’t fallen behind – bad actors are constantly reinventing their tactics.
He noted that regional organizations have suffered a “scam”, which poses a significant threat to both organizations, whose brand is exploited by crooks, and end users who easily fall into the trap of fraudulent campaigns misusing their brands. favorite.
Scams and phishing, he explained, continue to thrive thanks to the increase in time spent online due to the pandemic.
âThey are growing in scale and sophistication,â Koheil said. âIn December, Group-IB’s digital risk protection unit observed a global scam campaign targeting users in more than 90 countries, including the United Arab Emirates, in which crooks used targeted links containing branded fake surveys tailored to each victim. Such links are unique and will only work once and only for a specific use, making the scam extremely difficult to detect and investigate.
Ransomware on the rise
Rahil Ghaffar, regional director of MEA at Virsec, noted that ransomware was a persistent threat to large enterprises, government entities and BFSI, and caused considerable damage to the reputations of these organizations. The scale and sophistication of such attacks differ depending on the target, he explained. In addition to ransomware, there has also been a rapid increase in targeted attacks against users. This includes phishing attacks and stalkerware, which creep into people’s personal space, often with devastating consequences.
âIt is essential that users and businesses can identify and stop any potential compromise immediately before any damage is done,â he said. âRansomware attacks are on the rise in the United Arab Emirates. In fact, we were approached by a few government and financial institutions, which were constantly under attack with ransomware despite multiple layers of security from major vendors. We’ve helped these organizations secure their server infrastructure against zero-day fileless and remote code execution attacks with our unique, patented runtime protection technology.
Stalkerware enters the scene
Hadi Hosn, CEO of Axon Technologies, noted that the incredible advancements seen over the years in technology, especially in this region, have connected us more than ever, driving innovation, opportunity and progress.
âThe pandemic has accelerated this trend as well, but we are probably still in the early stages of a long-term digitization shift,â he said. âThe change is changing the way we live, work and communicate, and it is transforming the critical systems we rely on in areas such as government services, finance, healthcare and transportation. The scale and speed of this change introduces complexity and risk to our businesses and everyday users. In the last year alone, cyber attacks have been launched against hospitals and pipelines, schools and businesses of all sizes. “
He added that 2021 was the âbreaking yearâ for ransomware and stalkerware. âAlthough ransomware is not new, it has gained the attention of the highest levels of government this year because it has affected people’s ability to get healthcare, put gas in their vehicles and to do the grocery shopping. When it comes to stalkerware, we’ve seen the Covid-19 pandemic cause an increase in the use of stalkerware – which is originally marketed as employee or child monitoring services and for âgoodâ purposes. And ‘ethical’ – but, as it is so often hidden, stealthy, and does not require ongoing consent, can be used to abuse other people or violate their privacy, such as remotely monitoring and eavesdropping on phone calls, SMS messaging, Voice over Internet Protocol (VoIP) applications, GPS / location data, messaging and social media applications; and to steal images and videos from an infected device. It often happens that the stalkerware is installed through physical access to a handset and is most common on Android mobile devices.
Human error management
Likewise, Werno Gevers, cybersecurity specialist at Mimecast, said the pandemic has functioned as a “force multiplier” for existing threats in the UAE, spawning new ones. Regardless of industry or industry location, remote work scenarios with employees switching to their personal devices and not following established best practices, have created new cyber threats. With the evolution towards remote or hybrid working models, and with global supply chains in a state of chaos, most organizations face imbalances between people, technology and processes, leaving vulnerabilities that attackers ruthlessly exploit.
âTo protect themselves, their employees and their customers, organizations need a multi-layered security strategy that protects against attacks inside, inside and outside the organization’s perimeter. , and helps restore critical systems and data quickly in the event of a successful breach, âhe said. . âMore than deploying secure gateways, businesses need to understand that they need to manage human error to mitigate the impact of internal email threats that could disrupt their business. Another key factor that organizations should consider is a strong security awareness training program. With today’s distributed workforce and an abundance of scams circulating, the cost of human error increases. Organizations must therefore take adequate steps to prepare to detect these threats. “