February 03, 2017
Possibility of bad guys using drones in a restricted area to steal information
Cyber security industry faces new types of threats every year as criminals are increasingly focusing on using the intersection of the physical and digital world to their advantage as people conduct more of their lives online.
Cyber security experts said that ransomware is a lucrative and safe method of making money for criminals and that was the main highlight of 2016. These types of attacks have reached a new high, Hussam Sidani, regional manager for Symantec Gulf, told Gulf News.
“We have seen average ransomware attack at around Dh2,500. The UAE was ranked the fourth most impacted country in the Middle East and Africa region in 2015 when it came to ransomware attacks and 34th globally,” he said.
Ransomware is software that infects a smartphone or computer and prevents users from accessing their data unless the user pays a ransom.
“We have seen ransomware attacks on normal users, health care companies and enterprises in the Gulf. Last year, we have seen more targeted attacks,” said Gareeb Saad, senior security researcher at Kaspersky Lab.
He said that the problem with ransomware is the critical damage it brings, because if a victim is not properly protected by a cyber security solution and has no back up, there are high changes that all the encrypted data will be non-restorable, even if the ransom is paid.
Ransomware attacks in the Middle East rose 15 per cent to 160,000 in the first quarter of 2016. Most came from emails, websites, USB sticks, routers and social networks. About 17 per cent of attacks occur on Android devices, 11 per cent through Java, 61 per cent from browsers, 4 per cent from Microsoft Office and 3 per cent from Adobe Reader.
In 2015, Symantec saw an average of 28 attacks per day and 10,279 total attacks on UAE-based organisations. “We have seen the attacks in the UAE grow more than 44 per cent. The ransomware attacks are happening not only on laptops and servers but also on smartphones,” Sidani said.
In 2017, he said that Symantec anticipates three big things to happen. First is the internet of things devices. There is a huge security gaps in IoT devices and have seen major attacks using IoT devices to bring the internet down. After massive denial-of-service attacks in October, known as Mirai, against internet-infrastructure provider Dyn in the US caused its domain services to become unreachable and resulted in intermittent service outages for its clients.
Mirai, the botnet that subverted thousands of poorly secured IoT devices and set them to work on denial of service attacks (DDoS). Mirai used compromised internet of Things systems and generates traffic directly from those nodes. What makes Mirai truly exceptional is its use of IoT devices and several capabilities that aren’t often seen in botnets.
The IoT is the coming wave and the biggest in the internet era. Right now, IoT manufactures are setting the devices without the right security platform.
According to Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report, the largest DDoS attack reported last year was 800Gbps, a 60 per cent increase over 2015’s largest attack of 500Gbps.
Not only are DDoS attacks getting larger, but they are also becoming more frequent and complex. This increased scale and complexity has led more businesses to deploy purpose-built DDoS protection solutions, implement best practice hybrid defences and increase time for incident response practice — all positive developments in an otherwise gloomy threat environment.
Across the board, in every industry, there has been an increase in the use of purpose-built DDoS protection solutions and best practice methods.
Saudi and Kuwait are in the top 10 countries being targeted by DDoS attacks greater than 10Gbps.
Service provider customers remain the number one target of DDoS attacks, followed by service and network infrastructure. The number of very large attacks monitored by Atlas Group continued to grow rapidly last year, with more than double the number of attacks over 100Gbps tracked in 2016 compared to 2015. In 2016, Atlas tracked 558 attacks over 100Gbps versus 223 in 2015, and 87 attacks over 200Gbps versus 16 in 2015.
“Given the consistently changing security landscape, it’s important to take a moment and determine where the security industry needs to focus their attention as we move forward,” Sidani said.
“We’ll continue to see a shift toward the modern workplace as businesses allow employees to introduce new technologies such as wearables, virtual reality and IoT connected devices onto the network while supporting a rapidly dispersed workforce made possible by cloud applications and solutions,” he said.
He said that enterprises will need to shift their focus from safeguarding endpoint devices toward protecting users and information across all applications and services.
Second is the cloud infrastructure.
Sidani said that the enterprise network will expand and become increasingly undefined and diffuse. With the workforce more mobile than ever, the need to primarily protect an on-premise network will become increasingly short sighted.
“The need for firewalls to defend a singular network becomes unnecessary if it is connected to the cloud. All enterprises will start to move towards WiFi and cloud-based services, rather than investing in expensive and unnecessary network solutions,” he said.
Saad said that the cloud infrastructure and services is becoming a very lucrative target for attackers and ransomware is expected to grow this year.
Sidani said the cloud is not protected by firewalls or more traditional security measures, so there will be a shift in where enterprises need to defend their data. Cloud attacks could result in multimillion dollar damages and loss of critical data, so the need to defend it will become even more crucial.
Third are the drones.
“We are going to see attackers going to use drones to hold equipment that will intercept information and traffic. The attackers can send drones in a restricted area and steal information on a global level,” Sidani said.
This could be seen in 2017, but is more likely to occur further down the road. By 2025, Sidani expects to see “dronejacking,” which will intercept drone signals and redirect drones for the attacker’s benefit. “Given this possibility, we can also expect to see anti-drone hacking technology being developed to control these devices’ GPS and other important systems,” he said.
One of the major factors he sees is that attackers are becoming more organised and funded. They [attackers] are operating like normal businesses with working hours and taking holidays in order to increase the efficiency of their attacks against enterprises and consumers.
He said that there is a dangerous possibility that rogue nation states could align with organised crime for their personal gain, such as what we saw in the SWIFT attacks. This could result in down time for countries’ political, military or financial systems.
Kaspersky Lab expects to see more security features for internet of things devices after the Mirai attack and governments are more careful of terrorist groups attacking the critical infrastructure by improving the security of control systems.
“Attackers will focus more on the end users as it is easy to gain money from them or steal information rather than organisations,” Saad said.
Connected cars on hackers’ radar
It is only a matter of time when automobile hacks are going to happen on a large scale as cars have started to have connected capabilities.
According to research firm Gartner, there will be 220 million connected cars on the road in 2020 globally.
Hussam Sidani, regional manager for Symantec Gulf, said that connected cars will be taken for ransom and various businesses in the UAE have already announced its plans to launch connected cars in the country.
He said this could include cars being held for ransom, self-driving cars being hacked to obtain their location for hijacking, unauthorised surveillance and intelligence gathering, or other automobile-focused threats. This will also lead to a question of liability between the software vendor and automobile manufacturer, which will have long-term implications on the future of connected cars.