Cybercriminal attacks in the UAE and the Middle East are widespread, frequently undetected, and often state-sponsored, experts said, calling for improved vigilance across the landscape.

According to DarkMatter Group's first semi-annual Cyber Security Report for 2019, the oil & gas, financial, utilities, and transportation sectors are in the firing line from a growing incidence of cyberattacks across the UAE and wider Middle East. Cybercriminals are increasingly turning their attention where it hurts the most at critical infrastructure, with potentially devastating effects on the security of nations and their citizens. The report found that the most significant threats to regional critical infrastructure organisations came from eight malicious threat actors and campaigns, motivated by espionage and then sabotage. Spear phishing was found to be the principal method of attack to gain access to targets.

"Cybersecurity breaches in the region pose a genuine risk to critical sectors as cybercriminals harness new technologies to launch sophisticated and targeted attacks," said Karim Sabbagh, CEO of DarkMatter Group. "The intent of the attacks we're observing is to undermine the progressive social, economic, and digital agendas in the Middle East. Organisations in the region have a short window of time to transform their cyber security posture and demonstrate stronger resilience in the face of escalating and increasingly sophisticated cyber security threats."

The report found that 75 per cent of intrusion sets documented in DarkMatter's review were motivated by cyberespionage actions, such as stealing remote access credentials and personal information. In addition, 75 per cent of observed UAE domains are hosted outside the country, placing sensitive data at high risk. More worryingly, 91 per cent of organisations assessed by DarkMatter had outdated software and were missing critical security patches; while 83 per cent used unsupported software. It was also found that 91 per cent of assessed organisations were vulnerable due to weak or default passwords; and that 87 per cent of assessed organisations used insecure network protocols.

A study by IBM Security showed that companies who can respond quickly and efficiently to contain a cyber-attack within 30 days save over $1 million on the total cost of a data breach on average.

"Responding to a cybersecurity incident in a planned and coordinated manner can be complicated and requires specialised expertise. Therefore, having a cyber security plan in place is no longer an option," said Tamer Aboualy, partner, IBM Security Services, Middle East and Africa. "Cybersecurity attacks can be damaging financially and to the reputation of a businesses. Therefore, it is important that organisations deploy a cybersecurity incident response plan as it increases the likelihood of preventing incidents and reduces the time to detect, contain and respond to an attack."

Kaspersky Lab also noted that spam and phishing are among the most effective attack vectors, often used to easily lure victims into handing over bank card details or paying for a product or service that doesn't exist. Researchers detected several cases of phishing attacks between late April and late May, disguised as popular websites for booking rental accommodation such as Airbnb.

"In this digital battlefield, while organisations believe they have most of the security management controls in place to mitigate cyber security risks, the reality is that technical control and capabilities to address the cyber security challenge are markedly lagging behind. So there's a considerable risk that if an attack happens, it may well be successful. The C-Suites must and can readily take steps to effectively manage holistically their security posture in order to be better prepared against escalating malicious attacks," said Sabbagh.

Copyright © 2019 Khaleej Times. All Rights Reserved. Provided by SyndiGate Media Inc. (Syndigate.info).

Disclaimer: The content of this article is syndicated or provided to this website from an external third party provider. We are not responsible for, and do not control, such external websites, entities, applications or media publishers. The body of the text is provided on an “as is” and “as available” basis and has not been edited in any way. Neither we nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this article. Read our full disclaimer policy here.