Connect with us

GISEC

GISEC 2022: Tenable to Discuss the Ever-Evolving Security Threat Landscape

Published

on

Maher Jadallah, the Senior Director for the Middle East and North Africa at Tenable, says discovering and prioritising vulnerabilities in a cloud environment is only half the battle

Are you participating in GISEC 2022?
Yes, we will be exhibiting at the Gulf Information Security Expo & Conference (GISEC), taking place at the Dubai World Trade Center from 21 – 23 March 2022. Our stand is B45.

What is your theme of participation at the event?
Cloud adoption has exploded, particularly to accommodate a hybrid workforce. However, discovering and prioritising vulnerabilities in a cloud environment is only half the battle. Organisations need to shift left with cloud security to find and remediate vulnerabilities before they reach production.

When we look at how attacks play out, in the vast majority of cases, bad actors typically go after the low hanging fruit in networks — known but unpatched vulnerabilities. Having exploited a vulnerability to gain a toe-hold into the organisation, attackers will pivot focus to Active Directory and the identity infrastructure to escalate privileges and move laterally, with an aim to target further vulnerabilities, install malware and exfiltrate data.

At GISEC, our focus will be helping organisations understand these security risks to their business.

What is the general agenda / planned list of activities at the event?
Tenable’s senior leaders and cybersecurity experts will be available to meet and discuss the current cyber threat landscape, including the common Active Directory misconfigurations organisations need to address to reduce their risk, with demonstrations of Tenable’s security solutions.

In addition, Bernard Montel – Tenable’s Technical Director and Security Strategist, will be presenting a session discussing how ransomware attacks against critical infrastructures, and in particular in the healthcare sector, are on the rise. He will cover how to identify attack paths targeting Active Directory, by focusing, as an example, on the Healthcare sector among the Critical Infrastructures. We will also understand how to insert Active Directory monitoring and protection into a global Risk Based Vulnerability Management program.

What according to you are the challenges faced by CISOs and Cybersecurity experts today?
Successful cyber breaches typically start by exploiting a known vulnerability followed by attacks on Active Directory to escalate privileges, move laterally, install malware and exfiltrate data affecting IT systems and operational technology.

Unfortunately, most organisations struggle with Active Directory security due to misconfigurations piling up as domains increase in complexity, leaving security teams unable to find and fix flaws before they become business-impacting issues.

Will you be running any offline/online engagements alongside the event?
Over the three days we will be running a number of educational sessions from the booth, including a full overview of our platform. Tenable’s powerful combination of risk-based vulnerability management and Active Directory security solutions help prevent threat actors from getting a toe-hold in the corporate environment, stopping attacks before they can begin.

Cyber Security

Positive Technologies Reports 80% of Middle East Cyberattacks Compromise Confidential Data

Published

on

A new study by cybersecurity firm Positive Technologies has shed light on the evolving cyber threat landscape in the Middle East, revealing that a staggering 80% of successful cyberattacks in the region lead to the breach of confidential information. The research, examining the impact of digital transformation, organized cybercrime, and the underground market, highlights the increasing exposure of Middle Eastern nations to sophisticated cyber threats.

The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

Continue Reading

GISEC

ManageEngine @ GISEC Global 2025: AI, Quantum Computing, and Ransomware Form Part of Cybersecurity Outlook for 2025

Published

on

As AI-powered attacks and quantum computing reshape the cyber threat landscape, organizations must rethink traditional defense strategies. In an exclusive interview, Sujoy Banerjee, Associate Director at ManageEngine, reveals how businesses can prepare for 2025’s most critical threats—from AI-generated phishing scams to quantum-decrypted ransomware (more…)

Continue Reading

GISEC

Positive Technologies @ GISEC Global 2025: Demonstrating Cutting-Edge Cyber Threats and AI Defense Strategies

Published

on

At GISEC Global 2025, Positive Technologies showcased live demonstrations of sophisticated hacking techniques while emphasising the growing role of AI in both cyber attacks and defense. In an exclusive interview with Security Review, Ilya Leonov, the Regional Director at Positive Technologies revealed insights about the Middle East’s evolving threat landscape, their work with regional governments, and why investing in human expertise remains critical despite advancing technologies (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.