Connect with us

Market Research

Check Point Research Says Third Quarter of 2022 Reveals Increase in Cyberattacks

Published

on

This year has been largely dominated by the Russia-Ukraine war, with major concerns about its impact on the global threat level. Just three days after the invasion of Ukraine, on February 27th, Check Point Research (CPR) noted a 196% increase in cyber-attacks on Ukraine’s government-military sector and a 4% increase in cyber-attacks per organization in Russia.

It is not only war-related cyber activity that has seen a sharp rise over the last few months. It seems that hackers and attack groups have gained momentum and confidence, luring and attacking what seems to be endless targets around the globe. Check Point Research (CPR) reports that the third quarter of 2022 saw an average of 1,130 weekly attacks per organization globally, a 28% increase compared to Q3 2021, whereas the UAE observed an average of 996 weekly attacks per organization in Q3 2022 with the largest individual growth of a 151% increase YoY.

While there has been an increase this year, it has plateaued when compared to the sharp rise seen in 2021. This could be an indication of how enterprises and governments are addressing the risks by increasing investment in their cybersecurity strategies and putting a greater focus on finding and detaining hackers.

In a report published back in August 2022, CPR noted that the Education sector was experiencing more than double weekly attacks, compared to other industries. We have seen this trend continue, with the Education/Research sector facing an average of 2,148 attacks per organization every week in the third quarter this year, an increase of 18% compared to the third quarter last year.

Academic institutions have become a popular feeding ground for cybercriminals following the rapid digitisation they undertook in response to the COVID-19 pandemic. Many were ill-prepared for the unexpected shift to online learning, which created ample opportunity for hackers to infiltrate networks through any means necessary. Schools and universities also have the unique challenge of dealing with children or young adults, many of which use their own devices, work from shared locations, and often connect to public WiFi without thinking of the security implications.

The second most attacked industry was Government/Military, with 1,564 average weekly attacks, marking a 20% increase from the same period last year. The Healthcare sector saw the largest change compared to last year, with 1,426 average attacks per week – a significant increase of 60% YoY.

“In Check Point’s ‘Cyber Attack Trends: 2022 Mid-Year Report, our researchers pointed to ransomware as the number one threat to organizations, stepping up to nation-state actor levels. Overall, the number of ransomware attacks has fallen worldwide by 8% compared with the third quarter of 2021. This could be due to a shift towards alternative attack methods such as botnets and hacktivism. However, ransomware continues to garner the most public attention and cause the greatest disruption,” the company said.

The Healthcare sector was the most targeted industry in terms of ransomware in the third quarter of 2022, with one in 42 organizations impacted by ransomware, a 5% increase YoY. The second sector was ISP/MSP, where one in 43 organizations was impacted, a decrease of 25% YoY. This was followed by the Finance/Banking industry, where one out of every 49 organizations was affected by ransomware, indicating a 17% increase in the past year.

Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East said, “Cyber threat actors continue to focus their efforts on targeting hospitals, largely because of intense pressure for these organizations to respond fast. A cyber attack on a hospital can lead to potentially catastrophic consequences, such as delayed surgeries, hold-ups in patient care, and rescheduled doctor appointments. In fact, our latest threat intelligence report shows that Healthcare is the most impacted industry in the UAE with 2178 weekly attacks per organization in the last 6 months. Even if an attack doesn’t shut a hospital down, it can knock some or all digital systems offline, cutting doctors’ and nurses’ access to digital information like patient records and recommendations for care. Hospital organizations should keep their programs up-to-date, only download items from known sources, and constantly back up their data. As we begin to close out the year and enter the holidays, hospitals should stay on high alert, as ransomware gangs love to strike during this period as staff begins to take time off.”

There are several best practices and actions a company can take to minimize their exposure to the next attack or breach. Prevention is possible:

  • Phishing emails are one of the most popular ways to spread ransom malware. By tricking a user into clicking on a link or opening a malicious attachment, cybercriminals can gain access to the employee’s computer and begin the process of installing and executing the ransomware program on it. Frequent cybersecurity awareness training is crucial to protecting the organization against ransomware. This training should instruct employees to do the following:
    • Do not click on malicious links
    • Never open unexpected or untrusted attachments
    • Avoid revealing personal or sensitive data to phishers
    • Verify software legitimacy before downloading it
    • Never plug an unknown USB into their computer
    • Use a VPN when connecting via untrusted or public Wi-Fi
  • Keeping computers and servers up-to-date and applying security patches, especially those labelled as critical, can help to limit an organization’s vulnerability to ransomware attacks.
  • Keep your software updated. Ransomware attackers sometimes find an entry point within your apps and software, noting vulnerabilities and capitalizing on them. Fortunately, some developers are actively searching for new vulnerabilities and patching them out. If you want to make use of these patches, you need to have a patch management strategy in place—and you need to make sure all your team members are constantly up to date with the latest versions.
  • For some businesses, it may be beneficial to employ the help of tools that fortify endpoint resilience and secure remote users.
  • Anti-ransomware technology allows you to detect signs of ransomware and uncover running mutations of known and unknown malware families by using behavioural analysis and generic rules.
  • Modern email filtering solutions can protect against malware and other malicious payloads in email messages. Solutions can detect emails that contain malicious links, attachments, spam content, and language that could suggest a phishing attack. Email security solutions automatically block and quarantine suspicious emails and use sandboxing technology to “detonate” emails to check if they contain malicious code.
  • Traditional cybersecurity vendors often claim that attacks will happen, and there is no way to avoid them, and therefore the only thing left to do is to invest in technologies that detect the attack once it has already breached the network and mitigate the damage as soon as possible. This is not true. Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place, most attacks, even the most advanced ones, can be prevented without disrupting the normal business flow.

Market Research

AI to Power Over Half of Cyberattack Techniques Soon, Says Positive Technologies

Published

on

Positive Technologies has released an in-depth report examining the potential use of artificial intelligence in cyberattacks. According to the report, AI could eventually be used by attackers across all tactics outlined in the MITRE ATT&CK matrix and in 59% of its techniques. Researchers note that previously, AI was used by cybercriminals in only 5% of all the MITRE ATT&CK techniques, while in another 17%, its use was proven feasible. However, with the rapid proliferation of legal AI tools, these numbers are expected to surge. Experts highlight that within a year of ChatGPT-4’s release, the number of phishing attacks increased by 1,265%, and they predict AI will continue to enhance the capabilities of cybercriminals.

Analysts believe that, amidst the rapid development of such technologies, developers of language models don’t do enough to protect LLMs from being misused by hackers generating malicious texts, code, or instructions. This oversight could contribute to a surge in cybercrime. For example, hackers are already using AI to write scripts and verify code when developing malicious software. Moreover, LLMs enable novice cybercriminals, who lack advanced skills or resources, to accelerate the preparation and simplify the execution of attacks. This, in turn, contributes to the rise in AI-driven incidents. For instance, a cybercriminal can use AI to double-check for overlooked details in their attack plan or to explore alternative methods for executing specific steps.

Experts point to other factors driving the increased use of AI in cyberattacks. Among them is the weak cybersecurity infrastructure in developing countries, where even imperfect tools can be used effectively with the support of AI. Additionally, the ongoing arms race between attackers and defenders is pushing cybercriminals to use AI.

Roman Reznikov, Information Security Research Analyst at Positive Technologies, commented, “The advanced capabilities of AI in cyberattacks are no reason to panic. Instead, we must remain realistic, study emerging technologies, and focus on building result-driven cybersecurity strategies. The most logical way to counter AI-driven attacks is by leveraging even more efficient AI-powered defence tools, which can address the shortage of specialists by automating many processes. In response to the growing activity of cybercriminals, we developed the MaxPatrol O2 autopilot, designed to automatically detect and block attacker actions within the infrastructure before they can inflict irreparable damage on an organization.”

Experts note that cybercriminals are already using AI to automatically generate malicious code snippets, phishing messages, and deepfakes, as well as to automate various stages of cyberattacks, including botnet administration. However, only experienced hackers currently have the skills to develop and create new AI-driven tools to automate and scale cyberattacks. Analysts predict that specialized modules will emerge in the near future to address specific tasks in well-known attack scenarios. Over time, these AI-driven tools and modules will likely merge into clusters, thereby automating attack stages and eventually covering most of them. If cybercriminals succeed in fully automating attacks on a specific target, the next logical step could be enabling AI to autonomously search for new targets.

To ensure personal and corporate cybersecurity, Positive Technologies recommends following general security rules, prioritizing vulnerability management, and participating in bug bounty programs. Experts warn that the use of machine learning to automate vulnerability exploitation will enable cybercriminals to target organizations more quickly and frequently. Promptly addressing any detected flaws is crucial, particularly when publicly available exploits exist.

To stay ahead of cybercriminals, vendors are increasingly integrating machine learning technologies into their products. For instance, MaxPatrol SIEM uses its Behavioral Anomaly Detection (BAD) component to assign risk scores to cybersecurity events and detect targeted cyberattacks, including those exploiting zero-day vulnerabilities. Similarly, the PT Application Firewall uses AI for the precise detection of shell upload attacks. MaxPatrol VM leverages AI for intelligent asset information searches and the creation of popular queries. PT NAD employs AI to generate custom profiling rules and detect applications within encrypted traffic. Finally, PT Sandbox uses AI for the advanced detection of unknown and anomalous malware.

Continue Reading

Cyber Security

Rising Cyber Threats Target UAE’s Financial Sector and Critical Infrastructure in 2025

Published

on

The UAE has seen a sharp rise in cyber threats in 2024, particularly ransomware attacks, with 34 reported incidents between January and November, up from 27 in all of 2023, according to Acronis Threat Research Unit data. This increase reflects the nation’s prominence globally, making it a prime target for cybercriminals aiming to exploit vulnerabilities in finance, telecommunications, government, and critical infrastructure sectors. Additionally, as per the same report, Malware detections have also surged by 65.3%, jumping from 16.05% in 2023 to 26.52% in 2024.

Cybercriminals are increasingly using advanced malware and encryption techniques to attack financial institutions, targeting banks and financial services, and seeking to extort companies or sell stolen data on the dark web. With the cost of data breaches in the Middle East averaging $8.7 million, financial organizations in the UAE are under growing pressure to fortify their cybersecurity measures to protect sensitive data and avoid significant financial and reputational damage.

UAE’s critical infrastructure sectors, including energy, oil, and gas, are also facing heightened risks. Experts predict that cyberattacks on industrial control systems (ICS) and operational technology (OT) could severely disrupt production and lead to major financial losses. “The growing use of smart city technologies and the expansion of IoT in the UAE are increasing the digital attack surface,” said Ziad Nasr, General Manager of Acronis Middle East. “As more devices and systems become interconnected, cybercriminals have greater opportunities to exploit vulnerabilities, potentially essential services.”

The UAE’s strategic geopolitical position further elevates its vulnerability to cyber threats, particularly from nation-state actors. Advanced Persistent Threats (APTs), often targeting government and defence sectors, are expected to intensify in 2025. These groups deploy advanced tactics, such as spear-phishing, to breach critical systems. Furthermore, the UAE’s strategic geopolitical position makes it a prime target for nation-state actors deploying Advanced Persistent Threats (APTs). These groups often target government and defence sectors, using sophisticated tactics such as spear-phishing to infiltrate critical systems.

In comparison to its regional peers, the UAE leads the Middle East in reported cyber incidents. For example, Saudi Arabia recorded 11 ransomware attacks in 2024, Lebanon saw an increase from 2 to 7, Oman from 3 to 4, and Jordan experienced a decline from 3 to 1. This positions the UAE as the most affected in the region, facing a higher volume and more complex cyber threats than its neighbours.

Phishing attacks are expected to evolve in 2025, with the integration of AI and deepfake technology enabling attackers to convincingly impersonate executives. This will create significant risks through Business Email Compromise (BEC) schemes and other social engineering tactics. To combat these rising threats, Acronis urges organizations to adopt advanced cybersecurity solutions and strengthen their defences. This will be crucial for safeguarding the nation’s economic stability and boosting its resilience against the growing tide of cyber risks.

While the UAE may not rank among the top nations globally for cyberattack volume, its position as a regional target is clear. The sophistication and increasing frequency of attacks, augmented by AI, challenge the nation’s cybersecurity infrastructure. As the UAE moves toward becoming an ‘AI nation’, it faces both new opportunities and risks, making it essential to adopt comprehensive cybersecurity strategies and foster greater cooperation across sectors to mitigate evolving threats.

Continue Reading

Cyber Security

Retailers Bolster Email Security in the Middle East

Published

on

As the holiday and shopping season approaches, leading cybersecurity and compliance company Proofpoint has released research that shows that the top Middle East retailers are steadily improving their email security measures, better-protecting customers from the potential risk of email fraud. These findings are based on a Domain-based Message Authentication, Reporting, and Conformance (DMARC) adoption analysis of the top retailers in the Middle East. DMARC is an email authentication protocol designed to protect domain names from misuse by cybercriminals. It authenticates the sender’s identity before allowing a message to reach its destination. DMARC offers three levels of protection: monitoring, quarantine, and rejection, with rejection being the safest way to prevent suspicious messages from reaching the inbox.

The analysis reveals that a vast majority of Middle East retailers (90%) have published a DMARC record, and 8 out of the top 20 (40%) have the strictest and recommended DMARC policy (‘reject’) in place. This is a slight improvement from last year – where findings suggested that only 30% had implemented the DMARC policy at the ‘reject’ level and were proactively blocking fraudulent emails from reaching consumers. According to a study by IMARC, the Middle East retail market size is projected to grow by 4.21% from 2024-2032, driven by a surge in population and evolving consumer preference for online shopping. Through the high traffic of retail activity, attackers are now using new tactics to exploit their human targets.

Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint, said, “Middle East retailers realize the risks millions of consumers face daily when they shop online. Our research shows that phishing, ransomware, and business email compromise remain among the top attack vectors plaguing organizations across all industries. Amid a surge in e-commerce in the region, deploying authentication protocols, such as DMARC, will be critical to support the growth and security posture of the retail sector.”

Email remains the number one threat vector, and phishing emails can lead to unsafe websites that gather personal data, such as credentials and credit card data. Therefore, it is always best to go directly to the source of the advertised deal by typing a known website address directly into a browser. For special offer codes, Proofpoint recommends entering them at the checkout to see if they are legitimate. It also recommends using a password manager to make the online experience seamless, whilst staying safe and using a multi-factor authentication for an added layer of security.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.