Complex Made Simple

Detection decreases MENA cyberattacks but IT budgets to increase

Cybercriminals are gearing up for a busy and disruptive 2021 despite a spike in detection and IT expenditures

The Middle East and North Africa (MENA) has roughly halved the number of COVID-19-related cyber-attacks Attackers have found that by imitating their victims, down to their home environment, they can bypass hurdles Aligning IT budgets with changing security priorities’, cybersecurity remains a priority for investment among businesses

The Middle East and North Africa (MENA) has roughly halved the number of COVID-19-related cyber-attacks from 272,201 in Q2 2020 to  125,219 in Q3 2020, according to new research from Trend Micro Incorporated, a leader in cloud security.

During Q3 2020, the 14 countries of the MENA region experienced a total of 125,219 COVID-19 related cyber-attacks, including 101,188 email spam attacks, 23,696 malicious URL hits, and 335 malware detections, according to Trend Micro’s Smart Protection Network.

MENA’s COVID-19 attacks were down by 54%, with a 29% decrease in email spam attacks, an 82% decrease in malicious URL hits, but a 4.5-fold increase in malware detections.

The UAE faced 27,715 COVID-19 related cyber-attacks in Q3 2020, a staggering 80% from 135,307 attacks in Q2 2020. In comparison, Saudi Arabia faced 3,257 COVID-19 related cyber-attacks in Q3 2020, an impressive 45% decrease from the 5,954 cyber-attacks in Q2 2020.

There is a shift in social engineering tactics where instead of using COVID-19 information to trick users, criminals used coronavirus-related school updates and job listings. For example, many schools required more information about students’ health as part of their safety protocols for combating the virus.

Headers used in phishing emails have also changed. Instead of using COVID-19 as the subject, malicious actors are using titles related to job opportunities to trick users into opening spam mail.

Read: Financial attacks and sophisticated fraud schemes claim more unsuspecting UAE victims

A busy cyber 2021

Cybercriminals are gearing up for a busy and disruptive 2021. Jarrod Overson, Director of Engineering for Shape Security at F5 said fraudsters’ toolsets have evolved over the past five years, while the current generation of defenses is showing its age. 

Attackers have found that by imitating their victims, down to their home environment, they can bypass hurdles like multi-factor authentication and risk-based rate limiting. 

3D-printed fingerprints and faces that can pass biometric authenticators, for example, won’t require a high-quality scan of a victim. 

5 bad excuses for not updating firmware

Sergej Epp, chief security officer, Central Europe, at Palo Alto Networks says hardware security vulnerabilities are real, and they are showing up more frequently. Forrester Research notes that 63% of organizations said they experienced at least one data breach in the past year due to hardware or firmware security vulnerabilities. These are openings that hackers, rogue nation-states and other cyber-attackers are just waiting to exploit. 

Watch out for these 5 excuses that executives give about potential attacks.

Excuse #1: Don’t worry, our firmware is secure.  

Firmware vulnerabilities can be located in just about any system or device component. Unfortunately, most organizations do not have in place regular patching practices to clean up firmware, hard drives, or other components, even after the wake-up call of Spectre and Meltdown vulnerabilities that afflicted most computers worldwide.  

Security researchers believe that the total number of Common Vulnerabilities and Exposures (CVEs) is 7.5 times greater than what was documented just three years ago.  

Excuse #2: Firmware attacks are science fiction.  

Firmware attacks are real, documented and dangerous. Since we have learned about some high-profile attacks from Edward Snowden and the Shadow Brokers, firmware attacks have increased from a wider range of bad actors.  

Excuse #3: They can’t get in. Hackers need physical access to our hardware and firmware

It’s true that physical tampering is the most widely known type of firmware security attack. But we’ve all left our notebooks in our hotel room, even momentarily, while we go to the fitness center or grab something to eat. Hotel employees have been bribed to install a backdoor on a system left in a hotel room.  

Another threat vector are supply chain attacks, where firmware can be manipulated either by the manufacturer or during the system delivery process. Without proper due diligence or patching process, such firmware implants could remain for decades in your data center without anybody noticing.

Hackers could also use remotely hacked applications or systems to exploit the firmware for more persistent surveillance or sabotage purposes.  

Excuse #4: My supply chain process checks for security.

Most organizations have supply chain processes that check for truthfulness, incident response, software vulnerability management and more. But organizations rarely implement checks to verify the integrity of firmware or hardware at various points in the supply chain. Consequently, attackers who are able to sneak into the supply chain processes get an easy play to maintain hidden backdoors under the surface of the cybersecurity team’s visibility.  The recent case of a hacker trying to recruit a Tesla employee with $1 million to install malware is a good example of this trend.

Excuse #5: I’ll get to firmware security after I take care of the basics.

We all have to prioritize, so it’s tempting to put firmware security on the back burner until seemingly bigger issues such as cloud migration of patching programs are resolved. 

With more research being published (and shared by bad guys), attackers have stepped up their efforts to exploit firmware vulnerabilities.  

Read: Attacks on remote desktop protocols grew by 177% in the UAE, reaching 15.6 million in 2020

IT budgets

According to the new Kaspersky report ‘Investment adjustment: aligning IT budgets with changing security priorities,’ cybersecurity remains a priority for investment among businesses. 

Its share of IT spending has grown from 23% in 2019 to 26% in 2020 for SMBs, and from 26% to 29% for enterprises. 

71% of organizations also expect their cybersecurity budget to grow further in the next three years.  

External conditions and events can influence IT priorities for businesses. As a result of the COVID-19 lockdown, organizations have had to adjust plans to meet changing business needs – from emergency digitalization to cost optimization.  

The share of IT budget dedicated to IT security continues to grow year-on-year, even though the overall IT budget has fallen from $1.2 million in 2019 to $1.1 mn in 2020 among SMBs, and from $74 mn to $54.3 mn for enterprises.  

IT security budget as a share of overall IT budget