Financial Services in the GCC Will Continue to Attract More Attention From Fraudsters
Dmitry Volkov, the CEO of Group-IB, says the region’s rapid digital transformation has made it vulnerable to cyber threats such as phishing, counterfeiting, VIP impersonation, data leaks, and trademark abuse
Can you elaborate on the key findings of Group-IB’s Digital Risks Report for the Middle East and Africa?
The Middle East and Africa (MEA) region is a major player on the world stage, wielding significant influence globally through its economic power, political influence, rich energy resources, and vast technological potential. The Middle East’s economy is valued at $5.2 trillion and the concerted shift to diversify the economy away from commodities and natural resources has introduced an entirely new problem to deal with: digital risks. The region’s rapid digital transformation has made it vulnerable to cyber threats such as phishing, counterfeiting, VIP impersonation, data leaks, and trademark abuse.
Group-IB’s Digital Risk Protection (DRP) team has closely monitored trends across the Middle East and Africa over the past three years (2021-2023). Given the large number of brands that we monitor, we can reliably draw the following conclusions based on the average number of incidents per brand monitored in a given period:
- Phishing incidents increased by 13 times, making it one of the fastest-growing threats.
- Scam incidents doubled over the three years, with scam resources outnumbering phishing resources 76 times in 2022.
- The rate of trademark misuse surged by 16 times, highlighting the rise in brand exploitation by cybercriminals.
- Social media violations saw a two-fold increase and became the largest category in terms of overall numbers among all violations tracked by Digital Risk Protection.
- The number of mobile app violations grew by 2.5 times, reflecting the rise in illegal app stores.
- Violations on messaging platforms also grew by 1.5 times, indicating a steady growth in illicit activity.
The team also observed a dramatic surge in fraudulent web resources targeting the brands it monitors over the past three years. In 2022, the number of phishing resources saw an astounding 950% increase compared to 2021. This alarming trend continued into 2023 when phishing resources grew by an additional 457%. Scam resources followed a similar trend, with a 452% rise between 2021 and 2022. In 2023, scam resources continued to show extremely high figures, though the growth rate slowed to 5% compared to 2022.
Tell us about the security threat landscape in the region.
We see some interesting trends from the data that the DRP platform has gathered, based on hundreds of brands in the MEA region since 2021 and while overall it has shown a consistent rise in violations across various categories, some key trends (listed below), can be categorised into three key themes – “things that have morphed beyond recognition”, “Things that have stood the test of time since 2021” and “Things that have faded into oblivion”.
- Deepfakes: the rise of deepfake technology has led to its use in scams, especially on social media. Cybercriminals create fake videos of celebrities or influencers to lure victims into fraudulent schemes, such as “investment opportunities” or “giveaways”.
- AI’s dual role: Artificial Intelligence (AI) has become a powerful tool for both cybersecurity specialists and cybercriminals. DRP platforms, like the one developed by Group-IB, use AI to detect violations. Conversely, attackers leverage AI to create more convincing and more targeted phishing scams.
- Investment scams using AI: AI is increasingly being marketed in fraudulent schemes as a tool for generating wealth. Scammers promise “AI-powered investment platforms” that guarantee high returns, preying on people’s trust in technology.
- HR scams: Fake job postings have become significantly more common, especially on social media platforms like Facebook. They target job seekers in countries like Egypt, Saudi Arabia, and Algeria. Scammers often abuse brands of well-known companies, including governmental organizations, to steal personal information.
- Smaller businesses as easy targets: Scammers are more and more often focusing on smaller, local brands like driving schools or water delivery companies, which usually lack the cybersecurity defences that larger corporations can afford. Such attacks often involve phishing campaigns as a way of stealing payment information.
- Exploitations of religious holidays and faith: Scammers continue to exploit religious festivals like Ramadan by creating fake promotions or donation pages. For example, scams offering “free high-speed internet” during Ramadan have become a recurring tactic for collecting people’s data.
- Charity scams during political crises: Whether collecting donations for conflict zones or humanitarian crises, scammers exploit public sympathy for personal gain. Such scams often involve the use of cryptocurrency wallets, which provide anonymity and make it harder for law enforcement to trace the fraud.
- Quiz scams: Fraudulent quiz schemes spread quickly on social media and instant messaging platforms. Victims are promised prizes for completing a survey, but in reality, they are redirected to phishing or malware-laden websites.
- Scams related to COVID-19: During the height of the pandemic, there was a surge in scams related to vaccines, including phishing campaigns that abused the names of health organizations and schemes that involved counterfeit vaccine certificates. Nevertheless, such scams have faded along with the pandemic, as vaccine mandates have lessened.
Which sectors are commonly targeted? What attack vectors are being employed? What are threat actors after?
Financial services are seeing rising investment activity carried out by countries part of the Gulf Cooperation Council (GCC) and it will continue attracting more attention from fraudsters. As financial opportunities for businesses, migrants and locals grow, so will fraud attempts as cybercriminals identify lucrative opportunities.
With cryptocurrency becoming more widely accepted across MEA countries, fraudsters will use it more and more often in their operations. The increase will require stronger measures to counter fraud involving cryptocurrency.
Social media platforms will evolve beyond communication tools and become fraud hubs. As these platforms continue to grow, so will their use by cybercriminals to carry out scams to target younger, tech-savvy users in particular.
How have AI, deepfakes and geopolitical tensions altered the cyber threat landscape in the region?
In 2023, the MEA region faced an ongoing wave of cyberattacks of a geopolitical nature launched by diverse and highly skilled groups. Attacks coordinated by groups such as APT42, Oilrig and Hexane (all from MEA) reflect the desire of certain countries in the region to strengthen their influence through espionage. Phishing is the main method used by APTs operating in the region to obtain initial access.
What can businesses do to keep themselves and their customers safe?
A new trend is that scammers increasingly often target smaller, lesser-known businesses that lack the backing of large cybersecurity vendors – the key idea being that profit potential no longer depends on a company’s size. Smaller brands often lack the resources to protect themselves effectively, making them easy prey, hence it is vital for businesses of all sizes to recognize these risks and take proactive measures to protect their operations and customer data from the rising tide of cybercrime.
While new attack vectors continue to emerge, some vectors remain consistently popular – email is one of the top entry points. One essential tool is Group IB’s Business Email Protection, which automatically detects and blocks phishing and scam attempts. With patented retroactive analysis, it neutralizes malicious content even post-delivery while continuously monitoring your organization’s email security.
For threats like domain spoofing, typosquatting, and phishing websites, Group-IB’s Threat Intelligence platform analyzes phishing databases and manages the threat landscape to quickly react and block phishing resources before they cause harm.
What are some of the key technologies developed by Group-IB to prevent and investigate digital crimes?
Digital Risk Protection (DRP) is an encompassing solution that leverages advanced AI, machine learning (ML), and proprietary neural networks to automatically monitor a company’s digital footprint, detect violations, prioritize tasks, and initiate appropriate takedown tactics. The solution offers full-fledged protection against risks that lie beyond the company’s perimeter, including but not limited to phishing, scams, piracy, data leaks, false partnerships, and fake mobile apps by monitoring all possible online resources such as regular websites, social media networks, messengers, advertising networks within social media, search engines, and mobile app stores. After identifying an issue, we immediately take action to mitigate the threat.
DRP uses state-of-the-art technology, including its Graph module, to map violations and connect related incidents. This module helps track and take down entire fraud networks more quickly and effectively. Additionally, the platform offers 24/7 monitoring, scanning millions of online resources, including screenshots, HTML files, redirect chains, and more, to protect your brand and intellectual property. The platform tracks a wide range of digital assets, including domain names, TLS certificates, search engines, the dark web, honeypots, and telemetry from integrated solutions such as Fraud Protection and Managed XDR.