Ransomware incidence is on the rise and is quickly becoming the most common cyberattack method on businesses, particularly in the Middle East, cybersecurity experts told Al Arabiya English.
Ashraf Koheil, Director of the Middle East and Africa Business for Group-IB – a cybersecurity firm that specializes in threat intelligence and often works alongside international organizations Interpol and Europol – spoke to Al Arabiya English about the risks facing the region’s cybersecurity landscape and how best to avoid falling victim to cybercriminals.
For the latest headlines, follow our Google News channel online or via the app.
Koheil said that one of the main reasons why Middle East businesses have become targets of more ransomware attacks is because it is booming.
“Our region is booming. If you look at the United Arab Emirates for example, we have Expo 2020 Dubai which has been a huge success, among many other things happening in the region like the amazing number of new startups, companies and megabrands targeting an expansion into the region so it is very likely that this will attract the cybercrime underworld,” he said.
“[The region has] booming economies, too many new businesses and startups being set up, a lot of companies transforming and moving [their services] online and so forth,” he said, adding that user education in some of the region’s industries is still “not at its best” and that “law enforcement lags in terms of being able to collaborate and work overseas with other entities.”
Koheil said the good news was that Group-IB has observed many organizations in the banking, financial services, government and critical infrastructure departments starting to prepare for these kinds of attacks, making it more difficult for attackers to bypass their systems.
The firm found that in the Middle Eastern region at least 50 organizations fell prey to ransomware attacks in 2021. That’s an 85 percent increase compared to 2020 data on 27 companies in the region released on Distributed Link Software. In the current year, the majority of publicly known ransomware attack victims in the Middle East originated from Turkey (20 percent), the UAE (18 percent), Saudi Arabia (18 percent), Israel (10 percent), and Iran (6 six percent).
Group-IB stated that it is aware of at least 71 brands from 36 countries impersonated by affiliate program members. Phishing and scam websites create by affiliate program members most often mimic marketplaces (69.5 percent), delivery services (17.2 percent), and carpooling services (12.8 percent).
In the Middle East alone, cybercriminals exploited 9 brands from Bahrain, Qatar, Oman, Kuwait and the UAE, the firm’s latest threat intelligence report found. Globally, cybercriminals mostly try to exploit the brands of leading telecoms companies, which make up more than 50 percent of the total number of brands exploited, followed by ecommerce and retail.
In a separate interview with Al Arabiya English and on the sidelines of the region’s biggest cybersecurity conference GISEC 2022, US-based cybersecurity firm Attivo Networks’ Vice President for the region Ray Kafity said that ransomware incidence has surged over the past decade, with cybercriminals becoming more sophisticated in their attacks.
“Ransomware 3.0 is here, characterized by double extortion,” said Kafity. “Cybercriminals encrypt files and leak information online to drastically impact the company’s image, profits, stock price, and more. There’s no longer a one-size-fits-all approach to defending against these attacks.”
He added that stopping ransomware attacks “requires a multi-faceted approach,” explaining that these types of attacks usually target businesses and that this is often done through individuals who work for the business.
“Employees should be aware of the tricks criminals employ and follow basic cybersecurity hygiene while accessing the internet on their company or personal devices,” he warned.
Experts weigh in on how to avoid scams, cyberattacks
“Scamming is now an industry,” Koheil said. “[Attackers] try different things to see what works in which region, clients or companies and they keep doing it until the gap is closed. Think of it as mouse and cheese.”
He advised that the best thing a consumer can do to avoid falling victim to cyberattacks and scams is to be vigilant and do their due diligence.
“Scammers hide in everything. The idea here is to just be more alert as a consumer; look at the email, do not open unaddressed emails, beware of giveaways for nothing or when companies approach you to ask for a lot of personal details in an email or phone call.”
“The easiest victims for scammers today are people who just don’t look at details. [Scams often] start at the consumer level. So be alert, vigilant, and careful and verify all the details.”
Phishing and scam affiliate programs, initially focused on Russia and other countries of the Commonwealth of Independent States (CIS countries), recently started their online migration to Europe, America, Asia, and the Middle East, Group-IB said in a recent statement. This is exemplified by Classiscam: an automated scam-as-a-service designed to steal money and payment data.
When it comes to businesses however, Koheil stressed the need to assess their ransomware ability. One way to do that is to partner with a technology vendor to run an assessment in order to identify cybersecurity gaps and in turn, prevent future attacks.
“Organizations should deploy the right solutions that deliver much-needed protection against several types of attacks. Since recent attacks, whether ransomware or others include identity-based elements, they need to deploy solutions such as Identity Detection & Response, which address the gap left behind by the traditional solutions,” Kafity suggested, stressing that identity security – which focuses on credentials, privileges, and the infrastructure that manages them – will emerge as a dominant trend in the cybersecurity sector in “2022 and beyond.”
“Cybersecurity technology has evolved in response to the changing threat landscape, which user behavior has influenced in turn. The most recent example is the proliferation of remote working and the increase in exposed credentials left open to attack, which has increased the frequency of credential-based attacks to gain entry or a foothold into the victim’s network,” he added.
“The strategy has evolved to keep up with the sophisticated cyber attacker, from the traditional approach focused on perimeter security – keeping the malicious entities out – to a more modern system focused on protecting people’s identities, rightsizing their entitlements, and controlling their access to data. With the introduction of Identity Threat Detection and Response solutions, businesses can now gain expanded exposure visibility and detection specific to credential misuse, excess entitlements, privilege escalation, and other common identity-based attack activities.”
Read more:
Russian cybercriminals may be evading Ukraine war sanctions through crypto: Expert
Addressing the risks ahead in the Middle East: Report
Cyber firm: At least 6 US state governments hacked by China