Top security threats of 2013

This year has seen a surge in hacktivist attacks on political targets and governments due to regional instability

Tags: Booz Allen HamiltonFortinet IncorporationGartner IncorporationManageEngineSecureWorks Inc (www.secureworks.com/)
  • E-Mail
Top security threats of 2013
By  Georgina Enzer Published  November 12, 2013

This year has seen a surge in hacktivist attacks on political targets and governments due to regional instability, but both regionally and globally security firms are seeing the beginning of some worrying trends, including government-sponsored spying, watering hole attacks, and zero day threats. We look at attacks this year and threat trends into 2014.

Terry Thompson
Banking sector under attack

The Ministry of the Interior in the UAE published a report in January that talked about cyber attacks during the past year, and most frequently targeted was the country’s banking sector. They said 35% of reported attacks targeted the financial industry, especially ATMs and internet banking applications and the remaining 65% in the UAE targeted government services, telecoms services and educational institutions, so while you can’t really point to a Armageddon-like cyber attack or anything equivalent to Saudi Aramco, the cumulative effect of all these smaller attacks is very significant and so the Ministry of the Interior estimated the total cost of all those attacks at about $630m, just in the last year.

In November last year a Saudi newspaper published a report on the Saudi Electric company being hit by a cyber attack and according to the newspaper article the attack resembled the Shamoon virus. There was also one in Kuwait, that was recently published, where a gang that had been trading in Kuwaiti residency cards had breached the central data base at the Kuwaiti Ministry of Social Affairs and Labour and that allowed them to get insider information to forge ID cards and other types of fraudulent transactions. This is very consistent with what we are seeing in those attacks that we can’t talk about, and that is that government and commercial institutions are equally being attacked for various reasons using the same tools and techniques, sometimes by the same hacktivist groups and criminals. The good news is that in the region the awareness and the publicity are increasing. So whereas a year ago when we started having these discussions, in some of the GCC countries there was very little information about any kind of cyber threat or cyber attack and when you ask people about it they would say it is someone else’s problem. After Aramco that all changed so the discussion is very different now.

Trends

I think I would divide trends into two major areas. First of all small businesses are being used more and more as targets for ‘watering hole’ attacks. The attacker will put malware in a legitimate business’ website and people who come to use that website unwittingly become infected with malware. There is a growing trend towards using these malware in small business platforms as a vector. Secondly, in the first six months of this year we saw a dramatic increase in spoofed accounts, account take-overs and payment fraud.

The tools that are used in these attacks have been these Trojans and other exploits that reuse usernames and passwords from third party sites that have been previously breached and so the threat is really to the businesses and individuals and they combine in those ways. I think there is definitely room for improvement in cyber security regulations and policies in the UAE. But equally important, users need education and awareness training. We have recently seen the deputy president of the UAE issue a mandate that all Dubai e-government services will be moving to mobile platforms, so people are going to become more and more accustomed to using their mobile devices for more services. I think increased regulation and better processes and procedures go hand in hand with better awareness training and education of the general user population.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code