Complex Made Simple

Financial attacks and sophisticated fraud schemes claim more unsuspecting UAE victims

As the United Arab Emirates emerges from a long battle with COVID-19, cybercriminals turn their attention to banks and financial institutions

More than half of UAE users (53%) faced banking fraud at least once in the first half of 2020 “Big Game Hunters” use tactics, techniques, procedures and technical infrastructure similar to state-sponsored hacking groups Know and understand the social media accounts your child uses

As the United Arab Emirates emerges from a long battle with COVID-19, cybercriminals turn their attention to banks and financial institutions. 

But also the world at large is witnessing a boom in rogue cyber activity and home invasions as well.  

Cybercrime focus on the UAE

Kaspersky findings show a 42.5% increase in financial attacks in the UAE.

Kaspersky Security Network (KSN)’s latest statistics revealed the UAE had the third-highest significant increase of 42.5% in financial malware during H1 2020, year on year (yoy).  

Financial malware seen across the GCC region has increased by 45% in H1 2020 yoy. 

The highest increase in financial malware was recorded in Oman with a 72% increase followed by Saudi Arabia follows with a 55% increase.

A survey revealed that more than half of UAE users (53%) faced banking fraud at least once in the first half of 2020. In most of the cases (over 85%), the banking fraud occurred via the phone while the calls were received mainly during business hours: Monday to Thursday, from 11 am to 6 pm.

More than half (68%) of people in the UAE realized immediately that scammers were trying to contact them and (32%) grasped that they were being scammed only when they opened the link. Scammers targeted most of these people (87%) through their personal emails.

In 36% of cases, fraudsters mentioned the correct name and surname of the person whom they called and in 25% of cases, they even knew bank card credentials. The most common myths were the need to confirm the data (70%), information about the banking card blocking (77%) and the loan offer (72%). In almost a third of the cases (38%), the criminals were trying to get a code from SMS or card data, and in every third case (32%) they tried to convince a person to transfer money to an allegedly secure account.

“In case of a phone scam it’s better to end the conversation and call the bank’s official number should there be any suspicion,” says Amin Hasbini, Head of Middle East Research Center, Global Research and Analysis Team at Kaspersky.

Kaspersky findings did however show that the UAE has seen a drop of 43% in ransomware attacks and a decrease of 35% in phishing attacks.  

Read: Protecting Mac OS against cyber attacks in the GCC and beyond

Inner workings of global cybercrime 

Thales alerts on the risks linked to cybercrime in its new edition of the “CyberThreat Handbook: Understanding organized cybercrime”. 

With revenues estimated up to $1.5 trillion a year or 1.5 times more annual income than counterfeiting and 2.8 times more than the illegal drugs trade, cybersecurity is one the most dangerous threats today for companies, organizations, and institutions.

Around 60% of these huge revenues come from illegal online markets, 30% from theft of intellectual property and trade secrets and only 0.07% from ransomware though it results in the most damage.

By interacting as a network of cybercrime groups, cybercriminals are able to function increasingly effectively: each group specializes in a particular area, and the different groups collaborate to benefit from each other’s expertise. It is this specialization that makes cybercriminals more effective, allowing them to concentrate on a given type of attack while drawing on know-how from within the network to enhance performance and maximize impact.

These are the “Big Game Hunters”, whose tactics, techniques and procedures (TTPs) and technical infrastructure are similar to certain state-sponsored hacking groups. They attack specific targets, such as political institutions and major companies, using ransomware to demand large sums.

For more information on this, you can download the press kit on the report.

Read: Remote work cyber protection lacking: GCC region under attack

Cybersecurity Tips for the Household CIO of 2020

Jen Miller-Osborn, Deputy Director of Threat Intelligence Unit 42 at Palo Alto Networks wrote that for many parents, the new school year signals re-entry into the role of an in-house teacher and household CIO.

Parents can help protect their children from cybercrime and also preserve their online privacy.

Understand what your child is doing online.

If you’re using a personal device, set up parental controls on your child’s device so they must get permission before downloading anything or making purchases.

Know and understand the social media accounts your child uses. Know who their contacts are and what conversations they’re having. 

Talk to your child about the openness of the internet, the ability for anyone to post anything online and how to recognize misinformation. 

Be aware of suspicious behavior with video conferencing applications.

Explain the importance of strong passwords.

Compare a password to the key to your house. That key protects everything inside and you need to keep it safe; keep it from strangers and even from friends.

Use a virtual background when on camera for distance learning. It can help protect privacy and keep the focus on learning.

Talk to your kids about the dangers of clicking links with too-good-to-be-true offers.  

Set boundaries about what your child can post online, such as no pictures of faces, no easily identifiable locations and no personal information, including full name, contact information, school, etc.

Change your device setting to turn off metadata on camera apps. This helps ensure strangers can’t figure out where you are from the photos posted online.

Always keep your devices current with the latest software updates. They can include security updates needed to keep your family safe.