Cyber Attacks Targeted At UAE Increase – Report

There was a significant increase in cyber attacks targeted against the UAE last year, according to a new report.

Symantec’s Internet Security Threat Report (ISTR) found that attacks against the UAE increased from less than one per cent of the global total in 2013 to almost five per cent in 2014.

There was also a slight increase in cyber criminals exploiting online IT vulnerabilities, with the UAE shifting from 53 in 2013 to 48 last year for network attacks and 60 to 50 for web attacks.

Despite this, the country’s ranking in the report improved from 47 in 2013 to 49 in 2014, indicating a lower number of source-based security threats, including malicious code, spam, phishing and bots.

In the top 10 countries analysed in MEA, the UAE also maintained its seventh position.

Symantec found that the finance, insurance and real estate industries (40 per cent) were the top target for spear phishing attackers, who use emails to steal company or personal details.

The smallest companies sized between one and 250 people experienced the bulk of these attacks, at 89 per cent.

In the mobile space, 13 per cent of devices in the UAE experienced an attempted or successful infection of mobile malware last year. The country also ranked 21 for social media scams, and 36 for ransomware threats, involving blocking access to users’ files.

“There is a couple of major trends particularly for the UAE. Email has always been used as a tool for attackers to use, but now we’re seeing attackers are using the mobile and social media platform to conduct their attack,” said Hassam Sidani, regional manager for Gulf, Symantec

“Ransomware is also something that is very very popular here and it has increased significantly by 113 per cent,” he added

Globally Symantec found that cybertattackers were increasingly infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it again them.

“We’re seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network,” said Sidani.

The firm also noted that it took software companies an average of 59 days to create and roll out patches fixing security bugs last year, up from only four days in 2013.

This delay was taken used fully by attackers, who leapt to exploit last year’s Heartbleed exploit – a vulnerability within the OpenSSL cryptographic software library – within four hours.

The firm reported a record 24 total zero-day vulnerabilities discovered in 2014 “leaving an open playing field for attackers to exploit known security gaps before they were patched”.

Spear phishing attacks increased by a total of eight percent last year, with five our of six large companies targeted. Attacks were also more efficient with 20 per cent fewer emails used to successfully reach their targets.

Symantec also observed a 45 per cent rise in crypto-ransomware attacks, where users’ files and pictures are held hostage.