Have hackers started attacking more often and with mode damaging consequences?
Two recent reports by internet security firms indicate that the number of attempted cyberattacks against key businesses and infrastructures across the world is on the rise.
Along with the world's rich andf famous, UAE dramatic growth in recent years has unfortunately attracted the attention of spammers too looking for a fast buck. The country has emerged as the eighth most targeted country globally and the first in the Middle East and Africa for spear-phishing, a recent report by online security firm Symantec has revealed.
Symantec's Internet Security Threat Report, (ISTR) reveals that the Internet Security Threat Profile across the UAE in 2015 has gone up in world ranking from 49 in 2014 to 41 in 2015.
There has been a renewed attack using spam mail with more than 50 per cent of all emails in the UAE emerging as spam and 1 in every 199 mails containing some sort of malware.
The country has risen 20 places in global spam threat rankings.
UAE was the fourth highest in the Middle East affected by ransomware.
Ransomware has also grown beyond Windows-based personal computers to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit. The UAE witnessed a 44 per cent year-on-year increase in the number of ransomware attacks.
According to Symantec, hackers have even gained professionalism and have developed and started following best practices within their sphere of work and mastering more sophisticated breaches.
Last year saw several instances of more aggressive crypto-ransomware attacks which encrypts all of a victim’s digital content and holds it hostage until a ransom is paid.
“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Hassam Sidani, Regional Manager for Gulf, Symantec.
Within the UAE, finance, insurance and real estate sectors were the most affected by targeted attacks last year. Close to three quarters of all attacks were directed towards companies belonging to the abovementioned categories.
According to Symantec, businesses in the UAE were affected by 2.7 per cent of global targeted attacks. Another pattern that has been identified is that SME organisations in the UAE are more vulnerable to attacks and are targeted repeatedly (64.2 per cent) for spear-phishing attacks.
“These organisations may be targeted as they have less robust security parameters, and can be used to gain access to its partner ecosystem, which may comprise of larger and more lucrative companies,” the Symantec report said.
According to it, the increase indicates a higher global percentage of source-based security threats, including malicious code, spam, phishing hosts, web and network attacks, and bots from the country.
While Symantec's report was for 2015, a more recent analysis by Kaspersky Lab showed the total number of cyber-incidents detected by its products across Middle East during the first quarter of 2016 was 15 per cent more compared to the same period of 2015.
Kaspersky Security Network statistics for January-March 2016 also indicated that in the Middle East, Turkey and Africa (Meta region) an average of 45 per cent of users had security incidents related to local networks and removable media, and 15 per cent of users faced web-related threats.
Experts at the agency are also of the opinion that connected devices in smart cities can be subjected to attack by hackers.
According to them security issues of connected devices – from home appliance to industrial systems such as those in smart cities are very much real. It gave examples of industrial facilities affected by cyberthreats, including the recent BlackEnergy attack on the power grid and the attack on a Swiss water treatment facility.
The Internet of Things that connect various equipment and systems - thanks to the sensors - when hacked into can result not just in manipulation of data and the resulting consequence of decision making, but also cause a temporary shutdown.
According to Gartner, while 2015 saw an estimated 1.1 billion connected things by smart cities, the number is expected to increase to 9.7 billion by 2020.
Presenting a research exploring security issues in smart city transport infrastructure, Kaspersky noted that a field research was made into the specific type of road sensors that gather information about city traffic flow, and found that data gathered and processed by these sensors can be compromised.
With various public services such as the water network, power grid, street lighting, waste management, traffic control, public transportation, and security systems and even private homes linked to the overall gamut of smart city, an attack on the system, especially a multilayered system with various departments and heads can be hard to resolve.