As technology development and deployment continues throughout the Middle East and North Africa (MENA) region, cyber threats are also evolving, moving beyond attacks such as phishing, denial-of-service, and credential compromise to encompass new threats that are challenging companies and organizations. To combat these threats, entities need to shift cybersecurity approaches away from simply focusing on security compliance to developing a holistic culture of proactive security across the broader enterprise, according to Booz Allen Hamilton.
The 2019 MENA Cyber Threat Outlook Report highlights key threat trends that organizations in the region need to be aware of to help prevent cybersecurity incidents, avoid reputational damage and financial losses stemming from breaches, and stay security-conscious in an ever-shifting threat environment. Ziad Nasrallah, Principal at Booz Allen Hamilton, said: “The region’s cyber defenders increasingly must anticipate and plan for cyber attacks resulting from emerging technologies such as artificial intelligence. Understanding industry best practices and internal mitigation strategies is invaluable to combating cyber attacks. This includes proactive planning, integrating intelligence-driven threat detection, securing networks and databases, and conducting regular vulnerability scans.”
Jay Townsend, Principal at Booz Allen Hamilton, added: “Even small cyber incidents can cause major economic and reputational damage. MENA organizations should consider more advanced defense measures, including moving away from traditional security operations center constructs, and instead, investing in a Cyber Fusion Center (CFC). The CFC model is threat-focused, driven by a real-time threat intelligence process that informs detection and hunting activities and facilitates rapid tactical coordination. Rather than be completely reliant on tools, CFCs leverage cutting-edge technologies to further strengthen the human element through the automation and orchestration of cybersecurity processes. Moreover, it fosters a culture of collaboration, continuous testing, and learning across teams both inside and outside the Center.”
Booz Allen Hamilton outlines the following cyber threat trends and recommendations for proactive defense:
Stay a step ahead in the AI game
Artificial Intelligence (AI) technology is increasingly deployed by threat actors in cyber operations, such as using AI-augmented malware to evade antivirus detection software or automate brute force attacks. However, one of the most prevalent emerging AI-driven cyber threats is the use of videos, dubbed “deepfakes,” that exploit AI systems to create believable, but fake, videos depicting individuals saying or doing things that never occurred.
These videos can be used to spread false and misleading information, discredit or damage the reputation of brands and organizations, and more. As cybersecurity and IT teams are the first points-of-contact for suspicious content, teams must monitor the threat environment and be trained to proactively identify and escalate threats in partnership with enterprise risk management teams. Additionally, it is crucial for organizations to engage leadership in trainings to practice managing reputational risks associated with fallout from attacks of this nature.
Be aware of ecommerce risks
As Booz Allen and others have often observed, mobile apps, digital payments, and ecommerce platforms are expanding rapidly in the MENA region. In parallel, cybercriminal organizations are constantly looking for new ways to monetize the theft of sensitive information belonging to private sector companies and customers. In April 2018, Careem, a popular regional ride-hailing service, announced that unknown threat actors accessed customer data, which affected an estimated 14 million users.
The successful attack is just the latest in a growing list of cyber attacks that demonstrates not only cybercriminals’ sophistication but also a growing interest in targeting and breaching organizations in the MENA region. It is important to ensure that databases are properly secured and encrypted, with regular vulnerability and compliance scanning, and properly configured intrusion prevention and detection technology to protect payment management systems and data repositories.
Invest in strengthening critical infrastructure
Attacks against critical national infrastructure (CNI) entities are attractive to state-sponsored attackers because of the physical, social, and economic damage they can cause. Additionally, industry tradecraft secrets and intellectual capital held by companies operating in CNI sectors are lucrative targets for both state-sponsored actors and cybercriminals.
Hackers have targeted oil and gas facilities in the region, most notably in the Triton and Shamoon attacks, while cyber espionage incidents are also increasing – evidenced by cyber breaches at dams and water facilities in the United States. Implementing secure architectures with multi-level segmentation for information and operational technology systems (IT and OT) alongside Network Security Monitoring can improve defenses as threat actors enhance their attack capabilities.
In the Triton attack, malware targeted Safety Instrumented Systems at one of the largest oil and gas firms in the MENA region, allowing attackers to load malicious code onto infected systems. Monitoring could have provided early attack detection and well-defined architectures would have limited attackers’ ability to move throughout the company’s infrastructure.
Prepare for increasing disinformation on social media
The widespread and growing popularity of social media applications in the region is creating a fertile environment for disinformation. Both state-sponsored and cybercriminal entities are refining and deploying tactics, techniques, and procedures to manipulate public opinion, influence decision-making processes, and damage companies. These attacks range from orchestrating targeted breaches followed by public data leaks to employing troll armies to push disinformation on social media.
While media narratives about the threat have focused heavily on Russia’s use of disinformation, countries and groups around the world are rapidly developing similar tools that can easily be turned against companies and other entities. People, organizations, and governments must remain acutely attuned to the reputational damage and financial consequences of such attacks – as well as the speed with which such incidents can spread beyond control.
Be vigilant of the risks associated with IoT
As the Internet-of-Things (IoT) environment expands due to increasing device connectivity and deployment, the growing IoT attack surface means threats both exploiting and targeting the sector are escalating in parallel. Weaknesses in wireless routers, such as weak passwords and lax security controls makes routers a prime entry point into IT infrastructure that threat actors can exploit to infect IoT device networks. Openings in IoT networks vulnerable to cyber intrusions include smart televisions, internet-connected cameras, printers, kitchen appliances, and electronic home assistant devices, among others.
Such attacks have already been used to establish botnets – indeed in 2018, the Andromeda botnet used social media to spread malware to more than a million new devices per month throughout the Middle East and Europe. Guarding against IoT-focused attacks requires strong password policies, strict adherence to security practices such as updating software and implementing patches, and regular vulnerability and compliance scans of enterprise networks.