Over ten million Distributed Denial of Service (DDoS) attacks were recorded globally in 2020, including a 183% increase in the UAE alone, while ransomware attacks are on the rise, with the government, private, oil and gas, telecom and healthcare sectors particularly affected, according to the State of the Market Report 2021 by Help AG, the cybersecurity arm of Etisalat Digital.
The first of its kind to focus exclusively on digital security in the Middle East region, Help AG’s State of the Market Report 2021 delivers cybersecurity intelligence across a range of parameters, including the top threats over the course of 2020, the region’s biggest vulnerabilities, the kinds of attacks and attack vectors which are a cause for concern, the anatomy of some high-profile breaches, security investment patterns of organizations in the region, and where the market is headed in terms of technologies and evolution.
For the first time in history, the number of DDoS attacks recorded exceeded 10 million in 2020, showing a dramatic increase of almost 1.6 million over the 2019 count of 8.5 million. The UAE alone witnessed a 183% increase in DDoS attacks targeting government and private sector customers. The attacks are also increasing in scale, with the largest one observed in the UAE measured at 254.3 Gbps. This increase has made DDoS attacks by far the most prolific form of cybersecurity threats faced by organizations today. The government, private, oil and gas, telecom and healthcare sectors faced a particularly harsh onslaught, with repeated attacks targeting specific customers using varying attack patterns in particular segments over the course of 2020.
Ransomware attacks have also been on the rise, largely thanks to their high rates of success, which can be attributed to their relative simplicity and their significant, immediate impact on an affected business, as well as the fact that many organizations still end up paying the ransom, thus encouraging the threat actors to continue utilizing this attack method. In 2020, Help AG identified a common tactic employed by multiple threat actors, using DDoS attacks as a mechanism to distract security monitoring and response teams, before executing the ransomware attack. Help AG also identified a ransomware threat group leveraging built-in features of Windows 10 to initiate attacks.
The year 2020 saw a significant rise in the number of vulnerabilities discovered as compared to the previous year, with a total of 18,353 identified as per the NIST National Vulnerability Database (NVD), and a particular increase in critical and high severity vulnerabilities. Vulnerabilities that required no user interaction to exploit also increased. Government agencies were the most affected, followed by banking and finance, manufacturing, healthcare, education, and technology, with a significant rise in industrial control system (ICS) vulnerabilities.
2020 was the year of VPN attacks — no surprises here considering the move to a new normal that came with a distributed workforce globally. There was a major incident or new vulnerability identified in almost every single month of the year, highlighting the increasing need for Zero Trust Network Access (ZTNA) to become an industry standard for cybersecurity.
Part of the report breaks down in detail one of the most notable, high-profile cybersecurity breaches which Help AG’s incident response team were called in to tackle. The threat was related to the China-linked threat actor Emissary Panda (APT27, Lucky Mouse), a noted cybercriminal organization linked to a number of widespread attacks.
The report shares a detailed overview of “Lessons Learned” from cyber-attacks which resulted in a compromise of an organization’s systems or assets, and the measures taken to respond to the attacks, which include an Incident Response Plan, Backups, Patching, and the protection of the organization’s Active Directory.
Help AG has identified a number of areas which saw significant investment over the course of 2020. Security infrastructure such as next-gen firewall platforms, application protection solutions and DNS security solutions saw major investment, as did secure remote access systems including VPN, SASE, Proxy, email security, and insider threat monitoring, which collectively enjoyed a 300+% growth YoY. In addition, organizations invested heavily in managed cyber defense and strengthening the Security Operations Centre triad, specifically in areas that included SIEM solutions, network detection and response solutions, endpoint protection/detection and response solutions, and vulnerability management.
Over the past year, Security Access Service Edge (SASE) and Secure Cloud Enablement have both seen increased uptake by organizations across all industry verticals. Looking ahead to the next 12 months, the report predicts that these technologies will see continued focus, alongside several other areas, including secure SD-WAN, email, application and endpoint security, micro-segmentation, Managed Security Services (MSS), and SMB security.
“Public and private sectors across the world are facing unprecedented levels of digital threats which are only increasing year-on-year,” said Stephan Berner, Chief Executive Officer at Help AG. “Help AG’s State of the Market Report was created to be the ultimate guidebook for cybersecurity in the Middle East. Through the report, Help AG seeks to work closely with our clients and our partners to spread awareness and stay ahead of emerging threats, thus elevating cybersecurity for the entire region.”
Nicolai Solling, Chief Technology Officer at Help AG added: “Cybersecurity is not a one-man show. It takes collaboration amongst all responsible actors in the government and private sectors to improve the region’s digital security landscape. Through our State of the Market Report and our collaboration with the media, we are presenting to the market unparalleled intelligence into the state of cybersecurity in the Middle East.”