Complex Made Simple

Cyber threat landscape update by experts far and wide

AMEinfo brings you a compilation of news and views tracked by top players in the field of cybersecurity

Despite training and warnings, users continue to open suspicious emails, both in their business and personal accounts Globally, malware (54%) is the leading source of security attacks, followed by ransomware (48%) and phishing (41%) One company will be attacked every 11 seconds in 2021

AMEinfo brings you a compilation of news and views tracked by top players in the field of cybersecurity.

Identified threats and priorities in the Middle East

The Entrust 2021 Middle East Encryption Trends study by the Ponemon Institute reported that when it comes to what’s driving data encryption data in the Middle East, the top priorities are to protect customer personal information (59% of respondents vs. 54% globally) and intellectual property (57% vs. 49% globally). The fastest-growing drivers are limiting liability from breaches or inadvertent disclosure (47% up from 39% last year) and to comply with external privacy or data security regulations and requirements (39%, up 11% over the past 2 years).

Unfortunately, while encryption is the foundation of data protection, just 1 in 3 (29%) Middle East companies surveyed indicate that they have a consistently applied encryption plan/strategy — well below this year’s global average of 50%. At the same time, the majority (59%) of these organizations report that they have experienced a data breach, the 2nd highest rate worldwide and well ahead of the global average of 44%. 

Craig Sanderson, Vice President of Security Products at Infoblox said that email remains the top threat vector used to attack both government and businesses of all sizes. Email delivers 75 to 90% of malware, he said. 

Despite training and widespread warnings against spam, users continue to open suspicious emails, both in their business and personal accounts. They click on malicious email attachments and URLs, as well as view websites not generally associated with business use. 

 COVID-19 has continued to present threat actors with new opportunities.  

As these attacks ramped up through 2020, Google alone blocked a reported average of 18 million daily malicious COVID-19 messages to Gmail users. Beyond malware and phishing emails, Google also blocked more than 240 million spam messages related to COVID-19. 

This new opportunity saw threat actors successfully impersonating government authorities such as the World Health Organization (WHO).  Other emails impersonated UNICEF and attempted to leverage psychological manipulation by posing as a children’s charity.  

Businesses’ cybersecurity concerns  

Four in five (82%) businesses remain concerned about the security risks of employees working remotely, despite many exploring potential hybrid working models, finds a Thales report. 

Nearly half (47%) report an increase in the volume, severity, and/or scope of cyber-attacks in the last 12 months. 

Of those who have ever experienced a breach, 41% had it happen in the last year, almost double the number (21%) compared to 2019.

Retailers are most at risk, with 61% experiencing a breach or failed an audit in 2020, raising concern for suppliers and consumers alike.

Globally, malware (54%) is the leading source of security attacks, followed by ransomware (48%), and phishing (41%).

Despite the increased risk remote working has posed to enterprises throughout the pandemic, nearly half (46%) of businesses report that their security infrastructure was not prepared to handle the risks caused by COVID-19.  

The latest meat hack attack

The world’s largest meat processing company, JBS, has been hit by a cyber-attack.  

Arthur Dell, Head of Technology, Emerging Region, Veritas Technologies said: “Attacking first the oil sector and then the beef industry, it seems almost as if the ransomware community wants to damage the symbols of Western success.  The danger for businesses is, if it’s not about the money, then paying up isn’t necessarily going to get their data back.

“Fortunately, for JBS, the company has stated that their backups were unaffected and we trust their systems will be up and running again soon.  In the meantime, the global focus will shift to national governments to monitor their responses.  When it comes to keeping citizens warm and fed, whose job is it to protect that infrastructure and, more importantly, how?”

Exclusive: The state of cybersecurity and best strategies to combat cyber attacks

Read: DDoS and Ransomware Attacks Reach Unprecedented Levels in the Middle East- Help AG

The Changing Nature of Ransomware

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT wrote that according to one recent industry report, a company will be attacked every 11 seconds in 2021, and the costs from these ransomware incidents will reach approximately $20 billion. 

A shift to digital mediums and the spur of online activity naturally attracted malicious actors. This translates to a significant uptick in DDoS and cyber-attacks overall, as well as an increase in ransomware and DDoS extortion attacks, according to NETSCOUT’s Threat Intelligence Report earlier this year. 

Fahmy wrote that in the Middle East, cyber-attacks increased by 250% in 2020, and phishing and ransomware were named as some of the most serious concerns for businesses and governments in the region.

“Today’s attackers are highly innovative, using techniques and encryption that are virtually unbreakable. There is often no way to secure an encryption key, except in cases where a government or international governmental law enforcement task force intervenes and seizes the perpetrator’s infrastructure,” Fahmy said.

Many businesses that have been victimized by ransomware face the dilemma of whether to pay the ransom. 

“The urgency to restore business is a strong motivation, but paying the ransom can have many negative consequences. In some cases, a business can be hit with sanctions for supporting a criminal enterprise. And even if companies do pay the ransom, cybercriminals often fail to provide the encryption key to unlock their systems. Once malicious actors have penetrated the system, they can use this back door to hit the business again and demand further ransom,” Fahmy added.

He recommended that one way to stop the ransomware attack from occurring is by detecting and blocking Indicators of Compromise (IoC) on your network to stop the proliferation of malware before a ransomware attack occurs. 

Furthermore, as ransomware often targets enterprise data and holds it “hostage”, businesses should also create backups for sensitive data so that they can always access it, he said.

Miners and crypto victimization

Miners are malicious programs designed to steal cryptocurrency from infected devices. They’re often installed without users’ knowledge and then begin slowly siphoning off various types of crypto coins; in some cases, the miners walk away with millions.  

According to Kaspersky’s Malware Q1 2021 report, from February to March 2021, the number of unique modifications of miners more than quadrupled from 3,815 to 16,934. In total, Kaspersky researchers discovered 23,894 new modifications of miners in Q1 2021.

The number of Kaspersky users that encountered miners on their devices steadily increased as well, from 187,746 in January to 200,045 users in March 2021. In total, 432,171 unique users encountered miners in Q1 2020.

“It does seem that the increase in the value of Bitcoin and other cryptocurrencies has sparked a renewed interest in miners. If the crypto markets remain strong this year, it’s like we’ll continue to see more instances of users encountering miners,” comments Evgeny Lopatin, a security expert at Kaspersky.