As the cyber threat landscape continues to evolve, it is imperative for the government and private sector to pay attention to some of the most significant areas of heightened risk in the cyber environment, according to Booz Allen Hamilton.
The cyber threat landscape in the Middle East is rapidly expanding – with attacks against regional entities and residents increasing in quantity and sophistication. Indeed, a May 2018 survey reported an estimated 41% of Gulf-based enterprises experienced a cyber attack in the previous 12 months – a 46% increase from 2016 numbers.
Severe cyber-attacks are also occurring with increased frequency as hackers find new ways to breach complex firewalls and security systems, despite ongoing government and private sector efforts to accelerate the development of cybersecurity capabilities. In particular, threats to industrial control systems are of growing concern in the region after reports in March suggested hackers nearly triggered an explosion at a petrochemical plant in Saudi Arabia last year.
According to Ziad Nasrallah, Principal at Booz Allen Hamilton MENA, “The evolving cyber threat landscape worldwide and here in the region requires that governments and individuals prioritize taking adequate measures to safeguard themselves from attacks. This requires identifying loopholes hackers can exploit across the entire supply chain. At the same time, governments and organizations must invest in robust cybersecurity measures or risk attacks that could compromise their entire operations.”
Echoing this sentiment, Jay Townsend, Principal at Booz Allen Hamilton MENA, said that “Gulf countries recognize the growing cyber threat to governments and businesses. As more economies throughout the region adopt digital technologies and implement e-services, the threat to personal data security is rising. It is in the national interest for Gulf countries to secure not only networks but also confidential data that hackers can exploit.”
Across the cyber environment, Booz Allen Hamilton has identified seven key areas where Gulf entities may face significant attacks in the future:
Attacking the supply chain through vendors
Supply chain management is integral to the success of any organization. Successful infiltrations of vendor software platforms in large supply chains can lead to simultaneous compromises across countless enterprises. The NotPetya attack, in which attackers compromised the Ukrainian tax software M.E.Doc and sent out poisoned updates that spread through compromised networks and infected endpoints with destructive malware, is the most notable example to-date. The attack caused global disruptions and damage costs reaching an estimated USD $10 billion. While entities in the Gulf were largely spared, many organizations lack visibility into the security of their vendors, leaving them exposed to unknown threats and vulnerabilities.
Targeting industrial control systems
Industrial control systems (ICS) represent an increasingly diverse and extensively connected set of technologies that control and automate significant portions of society, including power grids, oil and gas operations, manufacturing, and more. ICS attacks can be devastating as they could result in operational halts and even physical damage. Indeed, the aforementioned petrochemical plant in Saudi Arabia was reportedly only spared physical damage from the cyber attack due to an error in the hackers’ code.
Attacking third-party software tools
As software development processes mature, software platforms are aiming to provide the best utility for consumers and developers. Many of these platforms are user-friendly and highly customizable, which increases their vulnerability to threat actors looking to spread malicious code through the applications they create. There have already been instances of this – at least two campaigns have distributed malicious code into iOS and Android development libraries and the applications that incorporate them. As software development becomes more sophisticated in the Middle East, the industry should be wary of the risk of hackers compromising third-party software libraries and software development kits.
Exploiting the fledgling cryptocurrency environment
Earlier this year, hackers stole an estimated USD $532.6 million from Tokyo-based cryptocurrency exchange Coincheck, reigniting debates about security and regulatory protection in the emerging market for cryptocurrencies such as Bitcoin. While financial regulators in the UAE are considering regulations for the cryptocurrency industry and developing a framework with industry firms and relevant authorities, the environment – lacking stringent global security protection standards – remains a lucrative target for hackers, especially as the number of cryptocurrencies and exchanges continues to expand.
Breaching large government and industry databases
In an increasingly digital world, databases – often of sensitive personal information – are significant targets for both cyber criminals and state-sponsored hackers. Breaches discovered at the US Office of Personnel Management in 2015 and the credit bureau Equifax in 2017 resulted in the loss of sensitive information on hundreds of millions of people – information that cyber criminals could sell and exploit or that state-sponsored hackers could use to build significant intelligence databases. The recent breach of SingHealth, Singapore’s largest group of healthcare institutions, is a further reminder that all data remains vulnerable to theft and exploitation. With Gulf countries such as Saudi Arabia and the UAE seeking to digitize their economies and entire industrial sectors – evidenced through electronic health records initiatives and more – the growing presence of large databases creates an array of new targets for hackers.
Using ransomware to disrupt economies
The threat of ransomware, a popular cyber criminal tool for several years, is continuing to evolve. Indeed, the threat today encompasses both individuals and economies. At the individual level, ransomware campaigns are still generating substantial revenues for hackers – indeed, in the UAE alone individuals lost an estimated USD $1.1 billion to cyber crime activities in 2017, with a significant portion of these losses due to ransomware attacks. More threatening, however, are scenarios where hackers attack government or industry networks – potentially crippling operations. For example, in the United States this year, the city of Atlanta was hit with the SamSam ransomware, forcing portions of the city to revert to managing business operations on paper. Indeed, some estimates suggest that the average business in the region could face costs of up to USD $1 million per incident from ransomware attacks targeting their networks. Throughout the Gulf, the rollout of major e-government programs and automated systems – such as e-gates at Abu Dhabi and Dubai airports – creates potentially significant vulnerabilities for similar attacks to cause major disruptions.
Targeting high-profile events
Lastly, large events draw not only large crowds, but also the attention of hackers. The two biggest events of 2018 to-date – the Winter Olympics in South Korea and the World Cup in Russia – both witnessed a significant volume of cyber attacks: an attack at the Olympics caused disruptions at the opening ceremony while Russia claimed to face 25 million cyber attacks during the course of the World Cup. Similarly, the upcoming Expo 2020 in Dubai could potentially draw similar levels of attention – to both the Expo itself and the UAE broadly – from hackers.