Barry Cook, Privacy & Group Data Protection Officer, VFS Global, elaborates on the need to address cybercrime in the MENA region.
The coronavirus pandemic triggered a wave of digital transformation with companies across the globe bring their businesses online. While this has opened new opportunities for businesses, the pace or transformation has resulted in an increase in cybercrimes as attackers continue to take advantage of our greater reliance on the virtual world. Now that organizations are planning and implementing their recovery strategies, there is one form of business that has exploded – the creation and use of malicious software. Users across the world have fallen victim to cyber-criminals. The most common attack being that of “Ransomware”. While Ransomware is nothing new, the ways in which it is being used and spread is.
The change from in-person meetings to online video-conferencing calls was exploited by cybercriminals to launch ransomware attacks by crashing video calls and baiting users with malicious domains proponing to be the video-conference company. Of course, the links on the fake domains download malware. A significant new cyber-tactic that has emerged is ‘double extortion’.
A technique in which cybercriminals, who are frequently part of a collective, extort additional money by threatening to leak sensitive data that was extracted prior to encrypting the systems. The cybercriminals were merciless, attacking health care systems, hospitals, national infrastructure, as well as their “traditional” targets of companies and individuals. No target is considered to be “off limits”.
The Middle East region is facing a “cyber pandemic” with Covid-19 related attacks skyrocketing in 2020. Cybersecurity firm Trend Micro revealed that it had prevented over 56 million attacks in the Gulf during the first half of the year. 8.8 million of these attacks, around 15%, were COVID-19 related.
Mohamed al-Kuwaiti, head of UAE Government Cyber Security, told a CNBC-moderated panel at the Gulf Information Security Expo and Conference in Dubai last year, that the UAE has seen an “at least 250% increase” in cyberattacks in 2020 as the pandemic forced organizations around the world to reconsider how and where they work, and hackers and malicious actors took advantage of increased digital adoption.
Talking about the types of cyberattacks, phishing and ransomware are becoming more sophisticated and increasing in frequency. A phishing attack occurs when a cybercriminal masquerades as a legitimate person or business to extract sensitive information from a victim voluntarily. Any event that can exploit fear, confusion, or any high emotion to get potential victims to click on links or open attachments is used. Malevolent phishing is posted as health advice, pandemic updates or even appeals for help from well-known organizations.
Ransomware occurs when a hacker blocks access to a victim’s files, then demands payment to restore access. New research by TrendMicro, says critical public infrastructure and government IT systems were becoming a primary focus for hackers globally, with ransomware being their preferred weapon of choice.
The pandemic itself created new challenges to digital privacy. Governments and organizations employed digital contact tracing in an attempt to contain outbreaks. This presented a new challenge for privacy professionals. Can we have effective contact tracing while maintaining personal privacy? With the number of contract training schemes that were scrapped or extensively redesigned then it would be safe to assume the answer to that question is “probably no”.
Your Device Needs Vaccination Too
The vaccine that can help protect your devices is patch updates. These patch updates contain fixes for known exploits and vulnerabilities on the device they are updating.
It is recommended by manufacturers that patch updates should be set to automatic in order to automatically update and protect your devices. Similar to how the COVID -19 vaccination does not guarantee a 100% protection, device vaccination also goes only so far, but it does not mean you should not attempt to protect your devices.
Additionally, the most effective step is to be prudent while using your devices and not blindly clicking on the “OK” button or link when random pop-ups appear on the screen. Being attentive and mindful has been proven to avert most attacks and prevent you from becoming part of the chain of compromise. This is the digital equivalent to washing your hands and wearing a mask!
For organizations, cybersecurity is even more important as most employees today are connected from homes using their home Wi-Fi networks that may have weaker protocols. This not only makes devices directly vulnerable, but also exposes them to hacks on other personal devices connected on the same network, such as mobile phones, digital assistants, smart appliances, gaming machines etc. pre-empting, preparing, and spreading awareness will go a long way in reducing risk.
While staying home and being virtually connected does help keep one in staying physically safe from COVID-19, it can increases the chances of becoming a cybercrime victim. So, break the chain and protect your personal devices to avoid getting hit by a virus of a different kind.