Connect with us

GISEC

GISEC 2021: Many Threats Exploit the Same Vectors When it Comes to Intrusions

Published

4 years ago

on

Jens Monrad, the Head of Mandiant Threat Intelligence for EMEA, at FireEye speaks about the security threat landscape in the region

How has the security threat landscape evolved over the past few months?
The Middle East is an attractive target to cyber threat actors whose motivations can be politically or financially driven. Much like the rest of the world, the threat landscape has been significantly impacted by the increased digitalization in the region which has attracted financially motivated threats with a primary focus on stealing credentials, monetizing unauthorized access, or attempt to extort victims via ransomware schemes. The continued normalization of the UAE-Israel relations could also increase the cyberthreat, especially from countries or activists who disagree.

What sort of security challenges are people facing when working from home and how is your company equipped to handle those challenges?
As the world went to remote and hybrid work models, several cybersecurity challenges fell into the laps of the people who were safeguarding the organisation from cyber threats. With more people working remotely using multiple devices and from multiple networks, the attack surface for hackers has dramatically increased, giving them many more options to exploit. As organisations rushed to introduce or scale up remote access technology, it led to insecure connections such as VPNs.

How has ransomware evolved during the pandemic period and what are you doing to tackle the problem?
Recent ransomware attacks aren’t similar to those before and have resulted in different business consequences, requiring different protections to be put in place. To better confront and mitigate these incidents, Mandiant has adopted the term “multifaceted extortion” to characterize this evolved form of ransomware. The different facets include – ransom for unlocking encrypted data; theft of sensitive data and publishing data to ‘name and shame’ organisations.

After reviewing ransomware engagements supported throughout 2020, Mandiant experts uncovered several actions organizations should prioritize to mitigate the risk of ransomware incidents. These actions would address several common issues observed, including:

  • Large numbers of highly privileged accounts in Active Directory
  • Highly privileged non-computer accounts configured with service principal names (SPNs)
  • Security controls not configured to minimize the exposure and usage of privileged accounts across endpoints
  • Attackers modifying Group Policy Objects (GPOs) for ransomware deployment

Do you believe companies today have accelerated their digital transformation initiatives?
Yes, companies have accelerated their digital transformation initiatives in the Middle East. A Gartner report projects the total IT spend to a total $171 billion in 2021. The analyst attributes rapid digitalisation in the MENA region as a driving factor for the increase in spend and expects organisations to focus their spending on servers, applications, remote working technologies, and infrastructure software this year, in support of their digitalization efforts. Additionally, due to the circumstances of a global pandemic, many organizations fast-forwarded their strategies when it comes to outsourcing and moving to the cloud.

What are the cybersecurity trends for 2021?
In the report, A Global Reset: Cyber Security Predictions 2021, we tackle the following topics: remote work and other impacts of the global pandemic, ransomware, nation-state activity, cloud security, and security validation.

  • Remote Work and Other Impacts of the Global Pandemic: In the near term, the coronavirus will likely continue to have a significant impact on normal business operations, with a focus on supporting remote work, virtual events, and new productivity platforms. In the longer term, technology solutions will step in to facilitate the return to work, school, and other activities, potentially introducing new risks for privacy, personally identifiable information (PII), and protected health information (PHI).
  • Persistence and Growth of Ransomware Usage: Ransomware will continue its rapid growth in 2021 and it’s varieties will increase along with the frequency of attacks. Through post-intrusion reconnaissance and the deep enumeration of networks, threat actors locking up the most relied on and sensitive data and architectures, which leads to much higher ransom amounts.
  • Cloud Security Taking the Limelight: Companies will need to spend time building up awareness of their cloud presence in 2021. Many cloud threats are the same as those encountered on in-house networks. In 2021, cloud hacks are expected to continue to be executed through:
    1) Stolen credentials, typically via phishing
    2) Exploitation of cloud misconfigurations
    3) Vulnerable cloud application hacking

What are the key factors to consider to make sure the digital economies of today are secured?
While we are seen an expanded surface area for cyberattacks due to digitalization and how we rely on connectivity today, many threats exploit the same vectors when it comes to intrusions:
Using social engineering via emails to lure users into installing malware or giving away their credentials.
They are exploiting a vulnerable internet-facing product or technology.

Many cyberattacks are successful because organizations are yet to implement a more robust user control when it comes to credential handling. Enforcing multi-factor authentication, fewer privileges for users, rather than global or local administrative privileges, could minimize the threat and make it harder for an attacker to compromise an infrastructure successfully.

Additionally, lack of insight into the infrastructure means that many organizations still have a significant gap between discovery and recovery. While many might consider investing in additional technology first, understanding the threat landscape, which threats you should be most concerned about, and how they operate, and adjust your internal processes accordingly is more important as it will also highlight where you might have gaps in your security controls.

Related Topics:
Continue Reading

Cyber Security

Positive Technologies Reports 80% of Middle East Cyberattacks Compromise Confidential Data

Published

4 weeks ago

on

May 16, 2025

By

A new study by cybersecurity firm Positive Technologies has shed light on the evolving cyber threat landscape in the Middle East, revealing that a staggering 80% of successful cyberattacks in the region lead to the breach of confidential information. The research, examining the impact of digital transformation, organized cybercrime, and the underground market, highlights the increasing exposure of Middle Eastern nations to sophisticated cyber threats.

The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

Continue Reading

GISEC

ManageEngine @ GISEC Global 2025: AI, Quantum Computing, and Ransomware Form Part of Cybersecurity Outlook for 2025

Published

1 month ago

on

May 12, 2025

By

As AI-powered attacks and quantum computing reshape the cyber threat landscape, organizations must rethink traditional defense strategies. In an exclusive interview, Sujoy Banerjee, Associate Director at ManageEngine, reveals how businesses can prepare for 2025’s most critical threats—from AI-generated phishing scams to quantum-decrypted ransomware (more…)

Continue Reading

GISEC

Positive Technologies @ GISEC Global 2025: Demonstrating Cutting-Edge Cyber Threats and AI Defense Strategies

Published

1 month ago

on

May 12, 2025

By

At GISEC Global 2025, Positive Technologies showcased live demonstrations of sophisticated hacking techniques while emphasising the growing role of AI in both cyber attacks and defense. In an exclusive interview with Security Review, Ilya Leonov, the Regional Director at Positive Technologies revealed insights about the Middle East’s evolving threat landscape, their work with regional governments, and why investing in human expertise remains critical despite advancing technologies (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.