Revealed: Latest MENA cybersecurity attack tools and surfaces

Taking advantage of the recent news that Twitter will soon charge users monthly for premium features, including verification, Tech Crunch reports that rogue cyber actors are already sending phishing emails designed to steal passwords, luring Twitter users into posting their usernames and password on fake website disguised as a Twitter help form.

It’s just the kind of world we live in and last October being cybersecurity awareness month, Economy Middle East sought to bring some of these top security issues to light. Three experts from each Callsign, NETSCOUT, and Keysight Technologies, respectively commented on the latest scams and social engineering schemes, DDoS, and ransomware attacks.

Saeed Ahmad, Managing Director, Middle East, and North Africa, Callsign

Callsign’s Digital Trust Index research recently revealed that only half of MEA consumers are aware of possible online scams and fraud, but almost a third of consumers have experienced them. 

And the scams have just become even more difficult for consumers to identify and protect themselves from. 

The perpetrators of scams target the weakest links in the security system and often this is human beings. Globally we are seeing the rise of sophisticated forms of social engineering used to execute what is known as authorized push payment (APP) fraud. The key word here is authorized – difficult for a bank to identify as a fraud because the consumer is manipulated into making the transaction. 

Authorized fraud relies on impersonation, a legitimate sounding request for money, payment for goods or services, unpaid tax, or even that the victim’s bank account has been compromised and they need to move their money to a safe account. 

Social engineering techniques work by causing victims to panic, stress, or worry and transfer funds from their own bank account into that of the fraudsters. The challenge of social engineering is made more difficult by the growth of real-time payments (RTP), due to the instantaneous and irreversible nature of RTP transactions.

Read more: UAE paid a sizable sum in ransomware over the past 2 years

Banks have tried to tackle the threat of APP, with static fraud warning messages to customers, but these have become ubiquitous and easy to ignore. Fraudsters anticipate static messages and coach users past those warnings. 

What businesses require is a real-time solution to a real-time problem, detecting when a customer is in danger, and intervening to protect them by delivering intelligent, contextual, and timely fraud messages to the consumer or stopping transactions altogether. 

We have the technology today to protect consumers. Machine learning can understand recurring behavioral patterns of users when they make online payments and use that knowledge to detect if the user is acting under coercion. Layering behavioral patterns, threat, and malware detection, and dynamic fraud interventions, ensures genuine users are protected.

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT

A DDoS attack is a malicious attempt to stop a server, service, or network’s normal traffic by flooding the target or its surrounding infrastructure with Internet traffic. New, sophisticated DDoS attack vectors and effective methodologies have allowed cybercriminals to get past cybersecurity defenses, according to NETSCOUT’s most recent threat intelligence report. Attackers carried out more pre-attack reconnaissance in the first half of 2022, tested a new attack method called TP240 PhoneHome, unleashed a wave of TCP (Transmission Control Protocol) flooding attacks, and quickly grew highly effective botnets to wreak havoc on network-connected resources. The use of high-profile DDoS attack campaigns linked to geopolitical unrest by bad actors has also been openly embraced, with implications for the entire world.

Globally, there were 6,019,888 DDoS attacks in the first half of 2022. Several countries also experienced increased or unusual spikes in attacks during this period, including Saudi Arabia (51 percent). Saudi saw 174,789 Attacks in 2022. The top industries under attack in the MENA region include wired and wireless telecommunications carriers, data processing hosting and related services, and scheduled passenger air transportation.  

The unavailability of such services can lead to dissatisfied customers, lost business, and a tarnished reputation. When these apps go down, everything comes to a halt. Supply chains and production may suffer if partners cannot access internal websites. Furthermore, when a DDoS attack is successful, it opens the door for other network attacks. Attacks are likely to continue until stronger DDoS protections are implemented.

As a result, organizations require a cutting-edge and integrated DDoS mitigation strategy to detect and mitigate more complex attacks. Organizations can defend against DDoS attacks by leveraging intelligence and network infrastructure capabilities and cross-network collaboration. 

By increasing network visibility, companies can even benefit from these attacks. An attacker probing a network with a sub-saturating DDoS attack may be planning something more intrusive. If an administrator spots these forays early enough, they can prevent them. 

Rawad Darwich, Regional Sales Manager, GCC, Network Solutions Sales (NSS) at Keysight Technologies

In today’s threat landscape, malicious actors use multiple techniques, often in unison to exploit the vulnerability of enterprises, governments, and critical infrastructure globally, including the Middle East, becoming more digitized. The most common attacks are Denial of Service Attacks (DoS), Botnet attacks, APT attacks, and ransomware.

The number of network entry points has grown to include Internet of Things devices, Wi-Fi-enabled mobile devices, cloud apps, usage applications, and remote offices.  

According to Group-IB, in the Middle East, at least 50 organizations fell prey to ransomware attacks in 2021, an 85% increase compared to 2020. Moreover, the ransom demand averaged $247,000 in 2021, 45% more than in 2020. 

On the detection front, it’s vital to keep your threat detection systems up to date with the most recent signatures and behavioral patterns, as ransomware developers become more adept at obfuscation and evasion. 

You should also be aware that exploitation tactics are evolving, as businesses have improved their ability to create safe backups in order to avoid paying a ransom. Hackers are increasingly threatening the release of sensitive material, which can result in penalties, intellectual property loss, and severe reputational consequences.

There is no silver bullet. A sophisticated set of security controls and regulations is only as powerful as its weakest link. It is therefore vital to be able to detect the weakest link and remove and replace it, or to improve it so that it can operate as expected. 

This comprises both inline security solutions (such as web application firewalls, decryption, and intrusion prevention systems) and packet analysis solutions (such as data loss prevention and indicator of compromise investigative solutions).