UAE sees 400% increase in share of global targeted cyber-attacks: Symantec
Surge noted, despite improvement in threat-profile rating
The UAE's share in the world total of advanced, targeted cyber-attacks has increased 400%, despite an improvement in the country's threat-profile rating, according to cyber security company Symantec.
In Symantec's analysis of countries' Internet security threat profiles, the UAE's 2014 world rank stood at 49, compared with 47 in 2013. While the change reflects a lower number of source-based security threats, including malicious code, spam, phishing hosts and bots, the number of targeted attacks against UAE entities increased during this period from less than 1% of the global total in 2013 to almost 5% in 2014.
Cyber-villains are using advanced new methods to evade detection and hijack corporate infrastructures with impunity, according to Symantec. In volume 20 of its Internet Security Threat Report (ISTR), the company warned of a "tactical shift" among the cyber-attack community.
"Attackers don't need to break down the door to a company's network when the keys are readily available," said Hassam Sidani, regional manager, Gulf, Symantec. "We're seeing attackers trick companies into infecting themselves by Trojanising software updates to common programs and patiently waiting for their targets to download them, giving attackers unfettered access to the corporate network."
The UAE's ranking for network attacks deteriorated, from 53 in 2013 to 48 in 2014, and Web attacks also worsened, from 60 to 50. When compared to the threat profiles of the top 10 countries analysed in the Middle East and Africa, the UAE remained unchanged from 2013 with a ranking of 7.
Similar to 2013, the top industry in the UAE for spear phishing campaigns was finance, insurance and real estate, where 40% of all incoming emails were targeted attacks. The smallest organisations with workforces under 250, experienced the highest volumes, at almost 89%.
Continues on next page>>
Symantec also saw a staggering decline in the responsiveness of software vendors to patch vulnerabilities. In 2013, it took just four days on average, to go live with fixes, but in 2014 that figure became 59 days.
"Attackers took advantage of the delay and, in the case of Heartbleed, leapt to exploit the vulnerability within four hours," Symantec said in a statement. "There were 24 total zero-day vulnerabilities discovered in 2014, leaving an open playing field for attackers to exploit known security gaps before they were patched."
Advanced attackers continued to breach networks with spear-phishing attacks, where a seemingly trustworthy email will entice high-value targets to divulge sensitive information, such as usernames and passwords. Spear-phishing attacks increased 8% in 2014.
"What makes last year particularly interesting is the precision of these attacks, which used 20% fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other Web-based exploits," Symantec observed.
The company also witnessed stolen email accounts from one corporate victim being used to spear-phish more senior executives. Additionally, attackers made use of companies' management tools and procedures to move stolen IP around the corporate network before exfiltration. Some devious attacker even took the step of building custom attack software inside the network of their victims to further disguise their activities.
Unsurprisingly, email attacks continue to increase in number. In the UAE, 13% of mobile devices experienced an attempted or successful infection of mobile malware, according to Symantec.
"Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work," said Sidani. "Last year, 70% of global social media scams were shared manually, as attackers took advantage of people's willingness to trust content shared by their friend. With the use of social media gaining momentum in the Middle East, Symantec's research found the UAE had a global rank of 21 for social media scams and 36 for ransomware threats in 2014. Social media scams can provide cybercriminals with quick cash, while ransomware relies on more lucrative and aggressive attack methodology."
Symantec reported there were 45 times more victims of crypto-ransomware attacks in 2014 than in 2013.
"Instead of pretending to be law enforcement seeking a fine for stolen content, as we've seen with traditional ransomware, the more vicious crypto-ransomware attack style holds a victim's files, photos and other digital content hostage without masking the attacker's intention," the company said.