MENA firms menaced by deepfakes, IoT-based attacks
Published: 08:04 PM,Apr 08,2019 | EDITED : 02:05 AM,May 04,2024
Be aware of ecommerce risks As Booz Allen and others have often observed, mobile apps, digital payments, and ecommerce platforms are expanding rapidly in the MENA region. In parallel, cybercriminal organisations are constantly looking for new ways to monetise the theft of sensitive information belonging to private sector companies and customers. In April 2018, Careem, a popular regional ride-hailing service, announced that unknown threat actors accessed customer data, which affected an estimated 14 million users. The successful attack is just the latest in a growing list of cyberattacks that demonstrates not only cybercriminals’ sophistication but also a growing interest in targeting and breaching organisations in the MENA region. It is important to ensure that databases are properly secured and encrypted, with regular vulnerability and compliance scanning, and properly configured intrusion prevention and detection technology to protect payment management systems and data repositories.
Invest in strengthening critical infrastructure Attacks against critical national infrastructure (CNI) entities are attractive to state-sponsored attackers because of the physical, social, and economic damage they can cause. Additionally, industry tradecraft secrets and intellectual capital held by companies operating in CNI sectors are lucrative targets for both state-sponsored actors and cybercriminals. Hackers have targeted oil and gas facilities in the region, most notably in the Triton and Shamoon attacks, while cyber espionage incidents are also increasing — evidenced by cyber breaches at dams and water facilities in the United States. Implementing secure architectures with multi-level segmentation for information and operational technology systems (IT and OT) alongside Network Security Monitoring can improve defenses as threat actors enhance their attack capabilities. In the Triton attack, malware targeted Safety Instrumented Systems at one of the largest oil and gas firms in the MENA region, allowing attackers to load malicious code onto infected systems. Monitoring could have provided early attack detection and well-defined architectures would have limited attackers’ ability to move throughout the company’s infrastructure.
Prepare for increasing disinformation on social media The widespread and growing popularity of social media applications in the region is creating a fertile environment for disinformation. Both state-sponsored and cybercriminal entities are refining and deploying tactics, techniques, and procedures to manipulate public opinion, influence decision-making processes, and damage companies. These attacks range from orchestrating targeted breaches followed by public data leaks to employing troll armies to push disinformation on social media. While media narratives about the threat have focused heavily on Russia’s use of disinformation, countries and groups around the world are rapidly developing similar tools that can easily be turned against companies and other entities.
Be vigilant of the risks associated with IoT As the Internet-of-Things (IoT) environment expands due to increasing device connectivity and deployment, the growing IoT attack surface means threats both exploiting and targeting the sector are escalating in parallel. Weaknesses in wireless routers, such as weak passwords and lax security controls makes routers a prime entry point into IT infrastructure that threat actors can exploit to infect IoT device networks. Openings in IoT networks vulnerable to cyber intrusions include smart televisions, Internet-connected cameras, printers, kitchen appliances, and electronic home assistant devices, among others. Such attacks have already been used to establish botnets — indeed in 2018, the Andromeda botnet used social media to spread malware to more than a million new devices per month throughout the Middle East and Europe. Guarding against IoT-focused attacks requires strong password policies, strict adherence to security practices such as updating software and implementing patches, and regular vulnerability and compliance scans of enterprise networks.