BOSTON, US: Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. They reported ransom demands of up to $5 million.
The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually.” Deputy National Security Adviser Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.
Biden suggested Saturday the US would respond if it was determined that the Kremlin is at all involved.
The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the US deems a national security threat.
A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.
The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.
CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”
Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70 percent were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.
Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing US offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Voccola,
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he’d seen $5 million and $500,000 demands by REVil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.
Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the data-scrambling malware. The criminals then threaten to dump the stolen data online unless paid. It was not immediately clear if this attack involved data theft, however. The infection mechanism suggests it did not.
“Stealing data typically takes time and effort from the attacker, which likely isn’t feasible in an attack scenario like this where there are so many small and mid-sized victim organizations,” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay.”
Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.
“The level of sophistication here was extraordinary,” he said.
When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.
It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 US dental practices were crippled in a separate attack.
One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.
The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.
Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. US officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.
Scale, details of massive Kaseya ransomware attack emerge
https://arab.news/bjqyr
Scale, details of massive Kaseya ransomware attack emerge
- An affiliate of the notorious REvil gang infected thousands of victims in at least 17 countries on Friday, cybersecurity researchers say
- Ransomware criminals break into networks and sow malware that cripples networks on activation. Victims get a decoder key when they pay up
Saudi banks’ funding profile changing on rising mortgage demand: S&P Global
RIYADH: Saudi banks are expected to pursue alternative funding strategies to deal with the rapid expansion in lending, fueled by the demand for new mortgages, according to S&P Global.
In its latest report, the credit-rating agency stated that the funding profiles of financial institutions in the Kingdom are set to undergo changes, primarily driven by a state-backed initiative to boost home ownership.
According to the analysis, mortgage financing represented 23.5 percent of Saudi banks’ total credit allocation at the end of 2023, compared to 12.8 percent in 2019.
“The ongoing financing needs of the Vision 2030 economic initiative and relatively sluggish deposits growth, is likely to incentivize banks to seek alternative sources of funding, including external funding,” said S&P Global.
The report also predicted that this pursuit of external funding could potentially impact the credit quality of Saudi Arabia’s banking sector.
According to the US-based rating agency, lending growth among Saudi banks has outpaced deposits, with the loan-to-deposit ratio exceeding 100 percent in 2022, up from 86 percent at the end of 2019.
S&P Global expects this trend to persist, particularly with corporate lending playing a more significant role in growth over the next few years. “We consider Saudi banks are likely to turn to alternative funding strategies to fund that expansion,” the report said.
HIGHLIGHTS
100%
According to the US-based rating agency, lending growth among Saudi banks has outpaced deposits, with the loan-to-deposit ratio exceeding 100 percent in 2022, up from 86 percent at the end of 2019.
It added: “We consider, however, that the risk created by the maturity mismatch is mitigated by the relative stability of Saudi deposits.” The agency also predicted that Saudi banks’ foreign liabilities will continue to increase, rising from about $19.2 billion at the end of 2023 to meet the funding requirements of strong lending growth, particularly amidst lower deposit expansion.
The report highlighted that Saudi banks have already tapped international capital markets, and the credit rating agency expects this trend to continue for the next three to five years.
According to S&P Global, the Saudi banking system could transition from a net external asset position of SR42.9 billion, or 1.6 percent of lending, at the end of 2023 to a net external debt position within a few years.
In April, S&P Global, in another report, stated that banks in the Kingdom are anticipated to experience robust credit growth ranging between 8 to 9 percent in 2024.
The agency noted that this credit expansion will be propelled by corporate lending, fueled by increased economic activities driven by the Vision 2030 program.
Moreover, the report added that the Saudi government and its related entities are expected to inject deposits into the banking system, thereby supporting the credit growth of financial institutions in the Kingdom.
NEOM, Saudi Red Sea Authority sign MoU to develop marine tourism regulations
- The MoU’s goal is to enhance research, deliver innovation, and improve the visitor experience for tourists
- The agreement reflects SRSA’s commitment to attracting investment in coastal tourism activities
NEOM: The Saudi Red Sea Authority and NEOM signed a memorandum of understanding on Friday to cooperate on developing legislation, regulations, and technology in marine tourism, reported the Saudi Press Agency.
The MoU’s goal is to enhance research, deliver innovation, and improve the visitor experience for tourists in Saudi Arabia’s existing, emerging, and future Red Sea coastal destinations.
SRSA Acting CEO Mohammed Al-Nasser and NEOM’s CEO Nadhmi Al-Nasr signed the partnership, which they hope will promote an exchange of expertise and enable the implementation of joint initiatives.
The agreement also reflects SRSA’s commitment to attracting investment in coastal tourism activities.
The partnership will further assist small and medium enterprises in the sector through administrative, technical, and advisory support.
Via this agreement, SRSA aims to integrate with relevant public, private, and third-sector entities to achieve one of the goals of Saudi Vision 2030, which is to develop coastal tourism as a valuable sector of the Kingdom’s economy.
World food prices up in April for second month: UN agency
PARIS: The UN food agency’s world price index rose for a second consecutive month in April as higher meat prices and small increases in vegetable oils and cereals outweighed declines in sugar and dairy products.
The Food and Agriculture Organization’s price index, which tracks the most globally traded food commodities, averaged 119.1 points in April, up from a revised 118.8 points for March, the agency said on Friday.
The FAO’s April reading was nonetheless 7.4 percent below the level a year earlier.
The indicator hit a three-year low in February as food prices continued to move back from a record peak in March 2022 at the start of Russia’s invasion of Ukraine.
In April, meat showed the strongest gain in prices, rising 1.6 percent from the prior month.
The FAO’s cereal index inched up to end a three-month decline, supported by stronger export prices for maize. Vegetable oil prices also ticked higher, extending previous gains to reach a 13-month high due to strength in sunflower and rapeseed oil.
The sugar index dropped sharply, shedding 4.4 percent from March to stand 14.7 percent below its year-earlier level amid improving global supply prospects.
Dairy prices edged down, ending a run of six consecutive monthly gains.
In separate cereal supply and demand data, the FAO nudged up its estimate of world cereal production in 2023/24 to 2.846 billion metric tonnes from 2.841 billion projected last month, up 1.2 percent from the previous year, notably due to updated figures for Myanmar and Pakistan.
For upcoming crops, the agency lowered its forecast for 2024 global wheat output to 791 million tonnes from 796 million last month, reflecting a larger drop in wheat planting in the EU than previously expected.
The revised 2024 wheat output outlook was nonetheless about 0.5 percent above the previous year’s level.
Material sector dominates TASI trading in first quarter of 2024
RIYADH: The materials sector led trading on Saudi Arabia’s Tadawul All Share Index, accounting for approximately SR87 billion ($23.2 billion) or 15.11 percent of the market, according to TASI’s 2024 first-quarter report.
SABIC, the largest component of this sector, boasted a market capitalization of SR234.9 billion, with trading value reaching nearly SR7 billion.
The banking sector trailed with transactions valued at SR71.22 billion, comprising 12.37 percent of the market. Al-Rajhi Bank took the lead in market capitalization within the sector and secured the second spot in trade value totaling SR23.62 billion.
In a February report by Bloomberg, Al-Rajhi Bank, seen as an indicator of Saudi Arabia’s growth strategies, exceeded the performance of JPMorgan Chase & Co., exhibiting nearly a 270 percent surge in shares since the initiation of Vision 2030. It has outpaced both local and global competitors, including state-supported banks, emerging as the largest bank in the Middle East and Africa, boasting a market cap of around $95 billion.
According to Morgan Stanley analysts led by Nida Iqbal, as reported by Bloomberg, “We see it as a long-term winner in the Saudi bank sector… While Al-Rajhi is best placed for a rate-cutting cycle, we believe current valuation levels reflect this.”
Gulf central banks, including Saudi Arabia’s, frequently align their policies with those of the Federal Reserve to maintain their currency pegs to the dollar. According to Bloomberg Intelligence senior analyst Edmond Christou, a reduction in Fed rates could potentially bolster Al-Rajhi Bank’s profitability and expansion, as it will encourage gathering cheap deposits while enabling it to issue debt at more attractive levels.
In this period, the energy sector secured the third position in terms of value traded, reaching SR55.4 billion. Saudi Aramco topped the list with a market capitalization of SR7.47 trillion and registered the highest value among companies traded on the index, totaling SR28.82 billion.
In March of this year, Aramco announced a net income of $121.3 billion for its full-year 2023 financial results, marking the second-highest in its history. Aramco credited these results to its operational flexibility, reliability, and cost-effective production base, underscoring its dedication to delivering value to shareholders.
Tadawul’s quarterly report also indicated that the transportation sector recorded the fourth-highest value traded at SR39.25 billion, equivalent to 6.82 percent of the market. Among the top performers in this sector was cargo firm SAL Saudi Logistics Services, ranking third in value traded on the TASI during this period, following Aramco and Al-Rajhi Bank, with a total value of SR22.74 billion.
SAL debuted on the main market of the Saudi Exchange in November last year. With aspirations to manage 4.5 million tonnes of air cargo by 2030, Saudi Arabia is empowering its logistics sector from a supportive role to a pivotal driver of economic growth.
SAL, in which the Saudi government holds a 49 percent stake through the Saudi Arabian Airlines Corp., experienced a 30 percent surge in its share price during its initial public offering, raising $678 million and becoming Saudi Arabia’s second-largest IPO of the year.
In a January report by Forbes, SAL’s CEO and Managing Director Faisal Al-Beddah emphasized the company’s potential to shape the future of logistics in Saudi Arabia and beyond. He stated: “Logistics is the backbone of any economy. Now we are ready. We have the rotation, we have the infrastructure, we have the regulations, and most importantly, we have the mindset and the technology for Saudi Arabia to be the leading connecting logistics hub in the region.”
The top gainer during this period in terms of price appreciation was MBC Group, with a quarter-to-date percentage change of 127.6 percent, according to Tadawul.
Saudi Arabia’s MBC Group, a media conglomerate, debuted as the first new listing on TASI in 2024. Its trading began on Jan. 8. The company raised SR831 million through its initial public offering.
Saudi Steel Pipes Co. in the materials sector was the second highest gainer, with price appreciating by 88.15 percent.
Etihad Atheeb Telecommunication Co. had a QTD price percentage change of 81.91 percent making it the third-highest gainer on the exchange during this period.
TASI concluded the first quarter of 2024 with a 3.6 percent increase, climbing by 435 points to reach 12,402 points.
Saudi startups raised $3.3bn in last 10 years, says report
- MAGNiTT report shows fintech emerged as the most funded sector in Kingdom
RIYADH: Startups in Saudi Arabia saw massive growth during the last decade raking in $3.3 billion in venture capital funding, according to a report issued by MAGNiTT.
The data platform, in its “10 Years Saudi Arabia Founders Report” sponsored by Saudi Venture Capital Co., provides an in-depth analysis of the backgrounds, experiences, and expertise of founders.
“MAGNiTT initially published a report on founders in the MENA VC ecosystem in 2018, focusing on uncovering the DNA of successful entrepreneurs in the region. Today, in partnership with the Saudi Venture Capital Co., we present a comprehensive report on the founders of the top 200 funded startups in the Kingdom over the last ten years,” said Philip Bahoshy, CEO and founder of the platform.
“By shedding light on founders’ experiences in the Saudi ecosystem, we aim to dispel myths around founders, empower aspiring entrepreneurs looking to establish their ventures in the Kingdom, guide government decision-makers in shaping policies conducive to innovation, and provide invaluable intelligence to investors seeking opportunities in the region,” he added.
SVC CEO Nabeel Koshak emphasized the remarkable growth and dynamism in the Saudi startup landscape.
FASTFACTS
Forty-four percent of these startups were launched by teams with two founding members, who together secured 53 percent of the total funds.
Startups founded by a single individual accounted for 30 percent of the funded startups but only captured 15 percent of the funding in the last decade.
Thirty-six percent of the 400 founders analyzed had at least 10 years of work experience before launching their respective startups.
Fifty-nine percent of founders had technical education backgrounds, highlighting science, technology, engineering, and mathematics.
Thirty-nine percent of founders held degrees in business, contrasting with the global average of 19 percent, according to an Endeavor Insight study.
“The Kingdom’s strategic initiatives, driven by the Saudi Vision 2030, have laid a solid foundation for innovation, entrepreneurship, and investment. As a result, we have seen a surge in startup activity, with a growing number of ambitious founders seizing opportunities and driving innovation across various sectors,” he said.
“The goal of the report is to provide policymakers, government officials, and investors with insights and data to inform strategic decisions and policies to further nurture the startup ecosystem for the next 10 years,” Koshak added.
A decade of funding
Compiling data from the 200 Saudi-based startups, which collectively raised a total of $3.3 billion from 2014 to 2023, the report highlighted that 44 percent of these startups were launched by teams with two founding members, who together secured 53 percent of the total funds.
He further stated that with the significant support for innovation, the Kingdom is set to witness the emergence of more unicorns.
In contrast, startups founded by a single individual accounted for 30 percent of the funded startups but only captured 15 percent of the funding in the last decade.
Notably, 36 percent of the 400 founders analyzed had at least 10 years of work experience before launching their respective startups.
The report also indicated a trend toward entrepreneurship among less experienced founders, with 66 percent being first-time startup founders and only 30 percent with previous regional startup experience.
It revealed a significant gender disparity in the VC landscape within Saudi Arabia, with male founders comprising 94 percent of the total 400 individuals, while female founders accounted for only 6 percent.
This gender gap is considerably wider than the global norms, where, according to research by Startup Genome conducted between 2016 and 2022, the average proportion of female founders in an ecosystem was 15 percent.
Additionally, only 7 percent of solo founders were female, and there were no recorded startups with two or more female founders only.
However, as the number of founders per startup increased, so did gender diversity, albeit slightly. In startups with three founders, 18 percent were of mixed gender, while in startups with four or more founders, the figure was 12 percent.
Furthermore, 91 percent of male-only founded startups claimed 98 percent of total funding. Conversely, 3 percent of female-only founded startups accounted for 0.4 percent of the total funding.
Founders' education
The report further delved into the education qualification of founders revealing that 55 percent in the Kingdom had attained at least a bachelor’s degree.
In terms of technical development, 59 percent of founders had technical education backgrounds, highlighting science, technology, engineering, and mathematics.
Thirty-nine percent of founders held degrees in business, contrasting with the global average of 19 percent, according to an Endeavor Insight study.
Over half of the 400 founders obtained their degrees internationally, while 22 percent held both international and local degrees.
King Saud University, King Fahd University of Petroleum and Minerals, and King AbdulAziz University were among the most common institutions for startup founders.
Seven of the top 10 universities of Saudi founders that raised funding were public institutions.
The top international schools of Saudi founders had Stanford and Harvard among the top choices, mirroring global trends.
Professional experience
Despite fintech being the most funded sector, only 7 percent of founders had experience in finance, and 18 percent in banking, which is lower compared to the 48 percent with backgrounds in information technology.
Additionally, even fewer founders, only 12 percent, had experience in e-commerce, despite this industry accounting for the highest share of deals, 20 percent, closed by the top 200 Saudi startups.
The report also revealed that 36 percent of the founders in Saudi Arabia are skilled professionals with over 10 years of experience before starting their businesses.
Notably, Saudi Aramco was the most common previous employer among the funded founders, with 7 percent having worked there before launching their startups.
Furthermore, McKinsey and Microsoft were among the top 10 companies where the 400 founders covered in this report had previously been employed.
The majority of these founders held significant leadership roles, with 31 percent having served as a founder, co-founder, or board member. Only 4 percent originated from entry-level positions.
The report also pointed out: “While Saudi Arabia has witnessed several serial entrepreneurs, 66 percent of founders in the last decade were first-time founders,” indicating a vibrant and growing entrepreneurial ecosystem.
