Since the Dubai Financial Services Authority (DFSA) launched the DFSA Cyber Threat Intelligence Platform (TIP) in January, over 130 DFSA Authorised Firms and DIFC registered companies have joined the platform. The platform has provided members with information and technical indicators on a multitude of cyber threats, with an average of 160 new threats per week.
Since launching, TIP has collected information on threat actors targeting the MENA region, especially the United Arab Emirates (UAE). The most prominent threats affecting the finance sector fall into three primary categories. The categories include: (1) the direct targeting of banking customers in order to obtain credit card data and banking credentials; (2) ransomware attacks; and, (3) the targeting of the finance sector by cybercriminal syndicates.
The DFSA has observed an increase in attacks leveraging known and new malware and a soaring number of newly registered malicious domains referencing COVID-19 since March. At the same time, many financial institutions were forced to rapidly implement remote working practices at an unprecedented scale. Consequently, there was an increase in attacks targeting remote access and teleworking infrastructure in the hope of exploiting hastily deployed systems.
Phishing attacks through email, SMS, and other messaging applications remain a common attack vector targeting financial institutions and their customers. Detailed technical information on recent cyber threats that can affect firms operating in the DIFC and around the world can be found on TIP.
Waleed Saeed Al Awadhi, Chief Operating Officer of the DFSA, said: “We strongly encourage firms to cooperate and share information about cyber threats. Cyber security is a shared responsibility, which we believe can best be addressed through public-private partnerships. We understand that our involvement with firms and other regulatory and professional associations is essential for building cyber security awareness among our stakeholders. We take, and will continue to take, a proactive approach to sharing knowledge, educating stakeholders and supporting companies in building their cyber resilience in line with the National Cybersecurity Strategy.”
In the context of cybersecurity, people tend be any organisation’s weakest link and cybercriminals design their campaigns using a variety of social engineering techniques. IT departments may implement a range of technical controls and systems to reduce the risk of a successful cyberattack. However, these alone may not be effective without sufficient employee cyber awareness. Therefore, education to increase the cyber awareness is one of the most important methods to reduce the risk of falling victim to a cyberattack.
The DFSA launched TIP on 21 January 2020. It is the first financial services regulator-led cyber threat intelligence platform in the region, delivered in collaboration with leading government entities the Dubai Electronic Security Centre (DESC), the National Computer Emergency Response Team for the UAE (aeCERT) and the Computer Incident Response Center Luxembourg (CIRCL). The independent cybersecurity specialist firm, Help AG, was appointed to manage and operate the platform and cybersecurity experts Kaspersky, Palo Alto Networks, and Recorded Future were engaged to contribute to TIP. The platform is available at no cost to all DFSA authorised and DIFC registered companies. DFSA authorised firms can register for TIP via the DFSA ePortal and DIFC registered companies can register through the DIFC ePortal.
As part of the DFSA’s broader efforts to elevate cybersecurity maturity within the DIFC, the DFSA hosted the “DFSA Cyber Threat Intelligence Platform Workshop” for TIP members in April. Help AG conducted the session and provided an overview of threat intelligence, demonstrated how to use and contribute to TIP, and showcased integration methods for advanced users. The DFSA intends to host more of these workshops as well as roundtable discussions. All DIFC companies are encouraged to register with TIP to ensure they receive timely threat information and to join in the fight against cybercrime.