The thriving economies in the Middle East have caught the attention of cybercriminals, resulting in the rising rates of cybercrimes in the region. Ranging from carefully targeted attacks to opportunistic data breaches, the Middle East region has never before been hit so hard by cyber attacks. Email-borne attacks are expected to hit 60% of the organizations in the UAE.
As threat actors are wholeheartedly exploiting the COVID-related digital adoption to fill their own pockets, the UAE has witnessed a 250% rise in cyber attacks in 2020. Head of the UAE Government Cyber Security Mohamed al-Kuwaiti reported that the UAE was targeted by “huge attacks” after it established formal ties with Israel.
The financial and the healthcare sectors were amongst the most attacked areas. The UAE has created a new National Cyber Security Council for developing laws and policies to reinforce cyber security and protect the country against attacks that could easily affect its government, businesses or society.
As the region’s cybersecurity professionals plan for 2021, the following are the top three cyber threats to focus on:
According to a study conducted by the Ponemon Institute in 2020, $6.53 million is the average loss suffered by per company in the Middle East due to a data breach incident, which is significantly more than the global average incident loss of $3.86 million. Based on the data from Saudi Arabia and UAE based companies, the reported financial impact caused by data breaches has increased 9.4% over the past year.
Threat actors are targeting industries with the possession of the most sensitive customer data for maximum financial gains. Healthcare companies incurred the highest per-record cost due to a data breach, followed by the financial and technology sectors.
Most of the data breaches are executed by obtaining and using a legitimate user’s credentials to commit fraud or theft. According to a study, 59% of data breaches were conducted by malicious actors, 24% were due to system glitches and 17% were caused by human error.
As per a security report, over 2.57 million phishing attacks were detected in 2020 across the entire Middle East region including Egypt, the UAE, Qatar, Saudi Arabia, Kuwait, Oman and Bahrain. With the COVID-19 related subject lines increasing the likelihood of malicious email openings, the Middle East was hit by a wave of phishing attacks in Q2 Of 2020.
Executive impersonation is especially widespread in the Middle East across both emails and social media accounts. Cybercriminals impersonate a company executive to trick lower-level employees into giving up sensitive documents or funds. They may spoof social media accounts or create impersonating websites and mobile applications to convince end users of the legitimacy of the content.
In October 2020, cybercriminals successfully stole login credentials from numerous Arabic-language Netflix users by creating an impersonator website disguised as a Netflix customer support page. The credentials could be sold or used to send fraudulent emails for extracting payment card information to extort additional funds or restore their accounts.
Targeted cyber attacks like ransomware attacks have become quite a widespread problem in the Middle East. These attacks seek to extort sensitive data or large sums from the victims. The year started with two very well-publicized hacking incidents that took place in January 2020.
First, the Twitter account of KUNA, a state-run news agency in Kuwait, was hacked and a false tweet stating that the US forces planned to move out from the Arifjan base within three days was sent out. This tweet is absolutely untrue as the Arifjan base serves as Kuwait’s main US army base and houses thousands of troops.
Secondly, Oman United Insurance Co SAOG, the largest insurance company in Oman, revealed that their data center was hit by a ransomware attack, resulting in the suspension of operations for a day. The company also reported that the attackers had acquired customer data from December 2019 to January 2020s. However, it did not reveal any fallout or financial losses caused by the breach.
In 2020, the Middle East has witnessed the rise and success of some flourishing ransomware gangs like Maze, Sodinokibi, Egregor and Netwalker. For this reason, targeted ransomware attacks have become one of the most severe cybersecurity concerns for Middle Eastern companies.
How to Protect Your Organization Against Cyber Threats?
Cybercriminals keep coming up with highly creative and technically sophisticated attack tactics to scam unwary victims out of money or information. It is essential to take certain precautionary measures to prevent your employees from falling into a well-laid trap and taking the organization down with them. Following are some of the most effective and easiest ways of shielding your organization against various types of cyber threats:
- Generate cybersecurity awareness amongst all the employees. Instruct them to be wary of email addresses, double-check website URLs and avoid opening attachments and links embedded in unsolicited emails. ThreatCop is a comprehensive cybersecurity awareness tool that can help you educate your employees about the risks posed by various kinds of cyber threats and how to avoid them.
- Implement a Phishing Incident Response tool like Threat Alert Button to empower your employees to report suspicious-looking emails immediately.
- Use standard email authentication protocols like DMARC, DKIM and SPF to protect your organization against domain forgery. KDMARC monitors all three of these email authentication protocols to complement the Simple Mail Transfer Protocol (SMTP).
- Take regular backup of your business data and store it securely outside your network to defend your company against ransomware attacks.
- Make sure the latest security updates, antivirus, and software patches are installed in all the systems.
Click the button below to secure your email domain against spoofing for FREE with KDMARC!