Middle East faced wave of cybersecurity threats since start of pandemic

1 / 2
The region has always been a hotbed for such attacks due to geopolitical factors. (File/Shutterstock)
2 / 2
Fatemah Alharbi, Cybersecurity researcher and consultant. (Supplied)
Short Url
Updated 24 October 2021

Middle East faced wave of cybersecurity threats since start of pandemic

  • The researchers issued 49 threat intelligence reports due to investigations associated with cyberattacks on the UAE
  • In the VMWare report, a survey of 252 Saudis showed 84 percent of them said that cyberattacks had increased due to working from home

RIYADH: Since the start of the pandemic, a wave of advanced threat campaigns targeting the Middle East have been discovered by Kaspersky, a global cybersecurity firm.

An APT is an attack campaign in which intruders establish an illicit, long-term presence on a network to mine highly sensitive data. The targets, which are carefully chosen and researched, typically include large enterprises or government networks.

The region has always been a hotbed for such attacks due to geopolitical factors.

Kaspersky researchers, keeping a close eye on the region for APTs, worked on 68 investigative reports related to 29 cyber gangs actively targeting the Middle East since the start of the pandemic.

The researchers issued 49 threat intelligence reports due to investigations associated with cyberattacks on the UAE, which endured the highest number of reports for all Middle Eastern countries.

The second highest was Saudi Arabia with 39 reports, followed by Egypt with 30. Kuwait and Oman had 21 each, while Jordan had 20. Iraq, Qatar and Bahrain had fewer than 20 reports each.

APT attacks primarily targeted government agencies, followed by diplomatic institutions, the education sector, and telecommunication institutions. Other targeted sectors included finance, IT, healthcare, legal, military, and defense.

Some of the APT groups investigated were Oilrig, WIRTE, Lazarus, and Sofacy.

Fatemah Alharbi, a cybersecurity expert and assistant professor at Taibah University, told Arab News: “PowerShell-based malware are utilized by advanced cyberattacks targeting critical infrastructures in Saudi Arabia.”

She said these cybercriminals were sending phishing emails that contained malicious Microsoft Office files impersonating legitimate entities.

To pass the firewall and the email protection techniques, she explained, these rigged files were protected by passwords and compressed as zip files.

“This approach facilitates the mission of these cybercriminals to take full control of the file system and to compromise every single file there. This means they would be able to control the operating system, applications, and data. Assuming the attack is detected, an in-depth analysis and investigation on the file system is highly recommended as a quick response to recover the system and stop the attack.”

Referring to a report by Bitdefender, a cybersecurity technology company, Alharbi said: “Researchers shed light on a well-known APT cyber espionage campaign that targets mainly critical infrastructures in Saudi Arabia.This threat group is called Chafer APT (also known as APT39 or Remix Kitten). The report shows that these cybercriminals rely on social engineering to compromise victims in Saudi Arabia.

“Technically, the attack tricked victims to run a remote administration tool located in the downloads folder, similar to the RAT components used against Turkey and Kuwait back in 2014 and 2018, respectively.”

Despite these threats, Alharbi said the Kingdom’s cybersecurity resources had proven their ability to face such dangers.

“Saudi Arabia is ranked No.1 in the MENA region and Asia and No.2 globally according to the Global Cybersecurity Index issued by the UN’s specialized agency in information and communications technology, the International Telecommunication Union in 2021.”

This indexing evaluates countries periodically based on five main axes: Legal, technical, regulatory, capacity-building, and cooperation. The Kingdom scored advanced points in all of these axes, she said.

Amin Hasbini, head of the global research and analysis team for the Middle East, Turkey, and Africa at Kaspersky, said: “Our cybersecurity experts have always been at the forefront of detecting and reporting the latest APT threats. Our reports are the product of their visibility into the cybersecurity landscape and promptly identify what poses a threat.

“We use these insights to, of course, alert the concerned organizations on time and provide them with the protection as well as intelligence needed against both known and unknown threats. As companies move towards digitization, especially due to the pandemic, it is more important now than ever before to know about the threats that are constantly evolving.”

According to a recent report from Kaspersky and VMWare, working remotely during the pandemic made Saudi employees vulnerable to cyberattacks.

In the VMWare report, a survey of 252 Saudis showed 84 percent of them said that cyberattacks had increased due to working from home.

Alharbi talked about methods to protect users from social engineering threats. “Recently, we see a rise in the number of cyberattacks that are based on social engineering. According to a recent report by PurpleSec, 98 percent of cyberattacks rely on social engineering. Cyber criminals prefer to use social engineering techniques that can expose a victim’s natural inclination to trust easily compared to implementing malwares or any other tools to hack systems.

“For that, organizations must strengthen and diversify their cybersecurity awareness tactics, such as publishing cybersecurity awareness content, in-class training, videos, simulations and tests,” she said.

Related


Iran ready to swap prisoners, urges US to free jailed Iranians

Updated 57 min 59 sec ago

Iran ready to swap prisoners, urges US to free jailed Iranians

  • Iran called on President Joe Biden’s administration to “act instead of performing theatrical shows”

DUBAI: Iran is ready to swap prisoners with the United States, its foreign ministry spokesman was quoted as saying on Wednesday, calling on President Joe Biden’s administration to “act instead of performing theatrical shows.”
Tehran has sought the release of over a dozen Iranians in the United States, including seven Iranian-American dual nationals, two Iranians with permanent US residency and four Iranian citizens with no legal status in the United States.
“We are ready to swap prisoners with Washington ... The US must release jailed Iranian citizens without any conditions,” the semi-official Fars news agency quoted foreign ministry spokesman Nasser Kanaani as saying.
On Tuesday, US Secretary of State Antony Blinken tweeted that Siamak Namazi had now spent 2,500 days “wrongfully detained” in Iran and Washington was determined to secure the freedom of all Americans held by its Middle East adversary.
Kanaani spoke as Tehran and Washington sought to revive a 2015 nuclear pact after lengthy negotiations. The European Union and United States said on Tuesday they were studying Iran’s response to what the EU has called its “final” proposal to save the deal, after Tehran called on Washington to show flexibility.


Syria denies holding US journalist Tice captive

Updated 17 August 2022

Syria denies holding US journalist Tice captive

  • US is certain Tice is being held by the government of President Bashar Assad

DAMASCUS: The Syrian government on Wednesday denied holding American nationals captive, including journalist Austin Tice who was abducted a decade ago in Damascus.
It issued a statement in response to US President Jo Biden saying last week that he knows “with certainty” that Tice “has been held by the Syrian regime,” and calling on Damascus to help bring him home.
The foreign ministry denied the accusation in a statement carried by the official SANA news agency.
“The Syrian Arab Republic denies that it has kidnapped or forcibly disappeared any American citizen who entered its territory or resided in areas under its authority,” the statement said.
It said it would only accept “official dialogue or communication with the American administration if the talks are public and premised on a respect for Syria’s sovereignty, independence and territorial integrity.”
Tice was a freelance photojournalist working for Agence France-Presse, McClatchy News, The Washington Post, CBS and other news organizations when he disappeared after being detained at a checkpoint near Damascus on August 14, 2012.
Thirty-one years old at the time he went missing, Tice appeared blindfolded in the custody of an unidentified group of armed men in a video a month later, but there has been little news of him since.
Biden’s statement came on the tenth anniversary of Tice’s disappearance.
“There is no higher priority in my administration than the recovery and return of Americans held hostage or wrongfully detained abroad,” Biden said.
The previous administration under Donald Trump sent a White House official on a rare mission to Damascus in 2020, aiming to seek Tice’s freedom.
But that mission yielded no visible results.
In 2018, US authorities announced a $1 million reward for information that would lead to the journalist’s recovery.


Germany and Israel condemn Palestinian president’s Holocaust remarks

Updated 17 August 2022

Germany and Israel condemn Palestinian president’s Holocaust remarks

  • Palestinian President Mahmoud Abbas accused Israel of committing ‘50 Holocausts’
  • His comment followed months of tension and a brief conflict this month during which 49 people were killed in Gaza

BERLIN/JERUSALEM: German Chancellor Olaf Scholz voiced disgust on Wednesday at remarks by Palestinian President Mahmoud Abbas that the German leader said diminished the importance of the Holocaust, while Israel accused Abbas of telling a “monstrous lie.”
“For us Germans in particular, any relativization of the singularity of the Holocaust is intolerable and unacceptable,” Scholz tweeted on Wednesday. “I am disgusted by the outrageous remarks made by Palestinian President Mahmoud Abbas.”
During a visit to Berlin on Tuesday, Abbas accused Israel of committing “50 Holocausts” in response to a question about the upcoming 50th anniversary of the attack on the Israeli team at the Munich Olympics by Palestinian militants.
Israeli Prime Minister Yair Lapid also condemned the comments as a “disgrace.”
“Mahmoud Abbas accusing Israel of having committed ‘50 Holocausts’ while standing on German soil is not only a moral disgrace, but a monstrous lie,” Lapid said on Twitter.
“History will never forgive him.”
Six million Jews were killed in Nazi Germany’s Holocaust.
Standing alongside Scholz, Abbas referred to a series of historical incidents in which Palestinians were killed by Israelis in the 1948 war that accompanied the creation of the state of Israel and in the years following.
“From 1947 to the present day, Israel has committed 50 massacres in Palestinian villages and cities, in Deir Yassin, Tantura, Kafr Qasim and many others, 50 massacres, 50 Holocausts,” said Abbas.
The official Palestinian news agency Wafa did not include the Holocaust comments in its report of the meeting with Scholz, and the Palestinian foreign ministry said Lapid’s comments were intended to divert attention from Israel’s “crimes.”
In a statement, the ministry said “the occupying power is not satisfied with committing these crimes on a daily and continuous basis, but also does not tolerate and rejects any talk or statements that remind the Israelis and the international community of the many crimes committed by Israel.”
Abbas’ comment followed months of tension and a brief conflict this month during which 49 people were killed in Gaza after Israel carried out a series of air strikes in response to what it said was an imminent threat from the militant Islamic Jihad group, which fired over 1,000 rockets in response.
Dozens of Palestinians have also been killed in clashes with Israeli security forces in the occupied West Bank, while there have been a number of attacks on Israelis, including an incident on Sunday when eight people were wounded on a bus carrying Jewish worshippers in Jerusalem.
Palestinians seek statehood in territories captured by Israel in the 1967 Middle East war. Negotiations have been frozen since 2014.


25 dead in airstrikes, shelling in north Syria

Updated 17 August 2022

25 dead in airstrikes, shelling in north Syria

  • Turkish attacks target Assad forces and Kurdish fighters in border town

JEDDAH: At least 25 people were killed in northern Syria on Tuesday after Turkey launched airstrikes and an artillery bombardment targeting Assad regime forces and Kurdish fighters near the border town of Kobane.

The Turkish shelling began overnight, when artillery salvoes hit the town and around its edges. It continued throughout the day, and at least one child was killed.
Kurdish YPG militia fighters from the Syrian Democratic Forces responded with a mortar attack on a Turkish military border post in Sanliurfa province that killed one soldier and injured four.
After the mortar attack, Turkish forces conducted retaliatory fire against targets in the Kobane area. “According to initial information in the region, 13 terrorists were neutralized. Operations in the region are continuing,” the Defense Ministry in Ankara said.

FASTFACT

Kurdish YPG militia fighters responded with a mortar attack on a Turkish military border post in Sanliurfa province that killed one soldier and injured four.

Dilvin, a shopkeeper in Kobane, said chaos broke out in the town when the shelling intensified on Tuesday. “People started running everywhere, cars everywhere, people asking about their friends and their family. Then the sounds started to build, the sounds were everywhere,” she said.
“There was so much screaming. So much fear. Now everyone is locked up at home.”
Later on Tuesday, 11 people died in Turkish airstrikes on a Syria border post run by Assad regime forces. It was not clear if the dead were Syrian government troops or Kurdish fighters.
Syrian regime forces have deployed in areas controlled by the SDF near the border with Turkey as part of agreements intended to stem cross-border offensives by Ankara targeting Kurdish forces it views as terrorists.
Turkey has launched a series of attacks since 2016 targeting Kurdish forces and Daesh, but they have rarely resulted in the deaths of Syrian regime fighters.
If regime forces are confirmed to be among those killed on Tuesday, the attack would be one of the largest escalations since Ankara and Damascus traded attacks in 2020 following a Syrian regime strike that killed 33 Turkish soldiers in the northwestern province of Idlib.
Turkey has stepped up its attacks in Kurdish-controlled areas of Syria since July, when President Recep Tayyip Erdogan failed to obtain a green light from regional allies Iran and Russia for a fresh offensive into northern Syria.
Turkey has been hostile to Syrian leader Bashar Assad, and backed rebels calling for his removal. But last week Foreign Minister Mevlut Cavusoglu enraged the Syrian opposition by calling for reconciliation between the regime and the rebels.

Related


Tunisians firmly backed new constitution: final results

Updated 16 August 2022

Tunisians firmly backed new constitution: final results

  • The charter was approved by just over 2.6 million people, the board's president Farouk Bouasker told reporters
  • The referendum came a year to the day after Saied sacked the government and froze parliament in what rivals have branded a coup

TUNIS: The final results of a controversial referendum granting unchecked powers to the office of Tunisia’s President Kais Saied showed 94.6 percent of votes in favor, the electoral authority said Tuesday.
Voters overwhelmingly approved the new constitution, the electoral board said, officially announcing definitive results from the July 25 poll.
The charter was approved by just over 2.6 million people, the board’s president Farouk Bouasker told reporters.
Turnout was considered very low at 30.5 percent.
The referendum came a year to the day after Saied sacked the government and froze parliament in what rivals have branded a coup.
Despite the low turnout, Saied’s move against a system that emerged after the 2011 overthrow of dictator Zine El Abidine Ben Ali was welcomed by many Tunisians.
Many people were fed up with high inflation and unemployment, political turmoil and a system they felt had brought little improvement to their lives.
However, opposition politicians and human rights groups have warned of a return to dictatorship under the new constitution.
“The constitution comes into force with the announcement of the final results, its promulgation by the president and its publication in the official journal,” Bouasker said on Tuesday.
He said the fact that appeals against the referendum process had been rejected “confirmed the integrity and transparency of ISIE,” the North African country’s electoral commission.
Bouasker said ISIE had been subjected to “an unprecedented wave of allegations by certain political parties and civil society groups.”
The new text puts the president in command of the army, allows him to appoint a government without parliamentary approval and makes it virtually impossible to remove him from office.
He can also present draft laws to parliament, which will be obliged to give them priority.
A second chamber is created within parliament to represent the regions and counterbalance the assembly itself.
Tunisia is mired in crisis with growth of just three percent, nearly 40 percent of young people jobless and four million people out of a population of nearly 12 million in poverty.
For weeks the heavily indebted country has been negotiating a new loan with the International Monetary Fund, hoping to obtain $4 billion, and also the chance to open other avenues of foreign aid, mainly European.

Related