Local threat actors add new dimension to cybercrime
Native hackers make up for what they lack in technical skills with greater knowledge of local culture
An emergent class of home-grown threat actors pose new risks to regional organisations, security experts contend.
Though not as technically shrewd as their counterparts in Asia and Eastern Europe, The regional hackers are more dangerous, based on their knowledge and understanding local cultural and organisational landscape.
Typically, a phishing campaign originating from foreign countries, will be very generic and usually in English while targeting a largely Arabic-speaking populace, notes Ghareeb Saad, senior security researcher, Global Research & Analysis Team, Kaspersky Lab. That negates its effectiveness. But when attackers are able to customise the message to local topics targets are familiar with, the likelihood of opening that unfamiliar link rises. The native hackers also understand where to find exactly what they are looking for, for instance which entity in the region is important and what information they can get it from it, Saad notes.
Citing Kaspersky Lab research, Saad notes META countries are emerging as major sources of malware, with Turkey ranking 28th globally in 2016 while Algeria emerges as one of the major new hacking hotspots globally.
Further, the barrier to entry for attacks has gone down considerably due to the rise of online marketplaces for malware. Exploits markets are thriving in the dark web with exploits running for as much as 1.5 million dollars for iOS while other platforms’ sell for considerable less.
A good example of this is the emergence of ransomware-as-a-service. For ransomware, you need a certain level of hacking sophistry and in possession of the right infrastructure. The as-a-service model overcomes this barrier, with regional cybercriminals now able to rent exploit kits for relatively modest financial and technical resources. This means the region is due to experience a rise in such attacks in the region, warns Saad.
Hand in hand with this is the fact that ransomware attacks are emerging as targeted attacks, doing away with nondescript phishing attacks of the past, Saad notes.
In response, Kaspersky Lab, and other partners, have launched the “No More Ransomware” project, with the goal of helping victims of ransomware retrieve their encrypted data without having to pay the criminals.
Kaspersky Lab has contributed with decryption tools available for free on the No More Ransomware website for victims to decrypt files encrypted by some of the many notorious ransomware purveyors.
However, Saad says prevention will be better than a cure any time. “Backup files, update applications and avoid opening unknown and suspicious links.”
Shamoon which crippled IT systems at Saudi targets brought to light wiping and wiping malware, where attackers are concerned with destruction as opposed to a financial motive. Since the malware also tends to be file less, it eliminates traces of a threat actor’s presence on the network, further complicating analysis of the attack.
Last year saw evidence of the danger posed by unprotected IoT devices.
The Mirai malware created botnets out of millions of connected home devices to initiate one of the biggest DDoS attack ever. Regional countries such as KSA and Morocco were among top Mirai targets.
As in most malware these days, DDoS attack kits are now available in underground marketplace for cheap, notes Saad.
Mobile malware is also rising. A lot of corporate data resides in mobiles, as well as precious personal data. Not surprisingly, Android is the most targeted mobile platform with 98% of attacks, Kaspersky Lab research shows.
GCC countries are developing very quickly economically and technologically. Governments and cities in the GCC are competing on the use of new technology from e-government to online financial services etc. From a security perspective, however, the more you increase technology adoption and investment, the more attractive it becomes to cybercriminals. “With online banking and e-commerce becoming trendy, online banking intrusions are bound to increase,” Saad observes.
Recent reports point to malware that was specifically written for a specific bank in the Middle East. “This means the one who created this malware was specifically targeting customers of this bank. This is a crucial development when you start to see this type of focus from criminals in the region,” says Saad.
Messaging from the security community is important, says Saad. “The message that we need to develop secure platforms on which to build applications needs be explained.” Unfortunately, most vendors are competing on who will bring a product faster to market-as the case of connected cars- with security issues pushed to the back burner.
It would be the height of folly to imagine a single solution that would protect an entire environment in this day and age.
Kaspersky Lab has realised this and responded by creating specific tools for specific situations, says Saad. “We saw an increase in banking intrusion so we created Kaspersky Fraud prevention specific to the financial industry as well as Kaspersky Safe Money to protect personal online transactions from scammers. When cyber espionage and targeted attacks increased, we created a new product called the Kaspersky Anti-Targeted Attack platform.”
Organisations are spending significantly on security solutions. However, it’s not just about spending money- it’s about having a real understanding of the risk, who is targeting who and what would be the impact, says Saad. “We have a large threat intelligence team trying to provide understanding to CIOs what they require as an entity, who is targeting them, their technique and motivations.”