Cybersecurity firm FireEye has published a new report detailing the latest threats in Europe, Middle East and Africa (Emea) for the first half of 2016.
Findings from the FireEye Dynamic Threat Intelligence cloud between January and June show that 96 per cent of global organisations were unknowingly breached as threat actors of all kinds increasingly evaded traditional security products. The report explores how nation-state based threat actors and cybercriminals conduct espionage and target organisations in Emea.
Key Middle East findings
• Organisations in Saudi Arabia, Qatar and the UAE were among the most exposed to advanced targeted threats in the Middle East. Of particular concern was the practice of money laundering targeting prepaid online and mobile payment systems. These systems can be used to purchase a wide variety of goods and services, making them useful for laundering and monetisation activities. It’s also possible that actors are looking to steal the balances of accounts with these systems.
• 11 per cent of organisations observed during this period in the UAE were exposed to at least one targeted attack. This figure was 19 per cent and 14 per cent for Saudi Arabia and Qatar respectively.
• 28 per cent of government organisations observed during this period were exposed to at least one targeted attack.
• China-based espionage actors targeted a variety of industries in the Middle East. Their motivations included obtaining data related to political, military and economic issues affecting Southeast Asia. In the past, threat actors such as China-based APT22, APT27, and APT30 have targeted organisations in the Middle East.
• Substantial espionage activity was detected from Iran-based threat actors. Iranian activity included targeting key industries such as aviation, finance, government, technology and telecommunications in countries including the UAE, Saudi Arabia, Bahrain and Oman.
• The energy, government and the financial services sectors were the most heavily targeted in the Middle East during the first half of 2016. Specific targets included oil production facilities and industrial control systems (energy); foreign and defence ministries (government); and retail banks, investment banks and sovereign wealth funds (financial services).
• Ransomware is an increasingly common threat to organisations in the region and a favoured tool in extortion campaigns. Compared to 2015, the first half of 2016 saw a major spike in ransomware activity. As prevention technology improves, ransomware creators and cybercriminal groups quickly move to new variants.
• Much like the second half of 2015, the usage of macro malware to deliver malicious payloads continued to increase. Certain Microsoft Office documents, such as Word or Excel files, contain malicious code, called macros, and are distributed online, usually masquerading as harmless emails. Once these infected documents are opened by an unsuspecting user, the macros automatically infect the computer in question.
“The strategic and economic importance of the region’s oil reserves, as well as contentious geopolitics, have made the Middle East a ripe target for both regional and external groups,” says Mohammad Abu Khater, Regional Director for the Middle East and North Africa at FireEye. “These threat actors use cyberattacks as a low-cost and low-risk substitute for conventional means of inflicting damage on rival states and organisations. While some Gulf states have made substantial efforts to enhance their cyber security, further investments are needed to shift the balance of power away from the attackers.”