UAE sees 400% increase in share of global targeted cyber-attacks: Symantec

Surge noted, despite improvement in threat-profile rating

Tags: Cyber crimeSymantec CorporationUnited Arab Emirates
  • E-Mail
UAE sees 400% increase in share of global targeted cyber-attacks: Symantec Cyber-villains are using advanced new methods to evade detection and hijack corporate infrastructures with impunity, according to Symantec.
By  Stephen McBride Published  April 14, 2015

Symantec also saw a staggering decline in the responsiveness of software vendors to patch vulnerabilities. In 2013, it took just four days on average, to go live with fixes, but in 2014 that figure became 59 days.

"Attackers took advantage of the delay and, in the case of Heartbleed, leapt to exploit the vulnerability within four hours," Symantec said in a statement. "There were 24 total zero-day vulnerabilities discovered in 2014, leaving an open playing field for attackers to exploit known security gaps before they were patched."

Advanced attackers continued to breach networks with spear-phishing attacks, where a seemingly trustworthy email will entice high-value targets to divulge sensitive information, such as usernames and passwords. Spear-phishing attacks increased 8% in 2014.

"What makes last year particularly interesting is the precision of these attacks, which used 20% fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other Web-based exploits," Symantec observed.

The company also witnessed stolen email accounts from one corporate victim being used to spear-phish more senior executives. Additionally, attackers made use of companies' management tools and procedures to move stolen IP around the corporate network before exfiltration. Some devious attacker even took the step of building custom attack software inside the network of their victims to further disguise their activities.

Unsurprisingly, email attacks continue to increase in number. In the UAE, 13% of mobile devices experienced an attempted or successful infection of mobile malware, according to Symantec.

"Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work," said Sidani. "Last year, 70% of global social media scams were shared manually, as attackers took advantage of people's willingness to trust content shared by their friend. With the use of social media gaining momentum in the Middle East, Symantec's research found the UAE had a global rank of 21 for social media scams and 36 for ransomware threats in 2014. Social media scams can provide cybercriminals with quick cash, while ransomware relies on more lucrative and aggressive attack methodology."

Symantec reported there were 45 times more victims of crypto-ransomware attacks in 2014 than in 2013.

"Instead of pretending to be law enforcement seeking a fine for stolen content, as we've seen with traditional ransomware, the more vicious crypto-ransomware attack style holds a victim's files, photos and other digital content hostage without masking the attacker's intention," the company said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code