DarkMatter Group, the region’s first and only fully integrated digital and cyber transformation firm, today released the first semi-annual Cyber Security Report for 2019 revealing that critical infrastructure sectors, including Oil & Gas, Financial, Utilities and Transportation, are in the firing line from a growing incidence of cyberattacks across the UAE and wider Middle East.
The report analyzes threats and trends observed by DarkMatter between October 2018 and March 2019 providing a snapshot of the cybersecurity environment in the UAE and the wider region.
The Middle East breaches are both widespread, frequently undetected, and increasingly appear to be state-sponsored. Cybercriminals are aiming their weapons where it hurts the most at critical infrastructure, with potentially devastating effects on the security of nations and their citizens. The report found that the most significant threats to regional critical infrastructure organizations came from eight malicious threat actors and campaigns, motivated by espionage and then sabotage. Spear phishing was found to be the principal method of attack to gain access to targets.
Q1 2019 highlights
75% of intrusion sets documented in DarkMatter’s review were motivated by cyberespionage actions, such as stealing remote access credentials and personal information.
75% of observed UAE domains are hosted outside the country, placing sensitive data at high risk.
91% of organizations assessed by DarkMatter had outdated software and were missing critical security patches; 83% used unsupported software.
91% of assessed organizations were vulnerable due to weak or default passwords.
87% of assessed organizations used insecure network protocols.
“Cybersecurity breaches in the region pose a genuine risk to critical sectors as cybercriminals harness new technologies to launch sophisticated and targeted attacks,” said Karim Sabbagh, CEO of DarkMatter Group.
“The intent of the attacks we’re observing is to undermine the progressive social, economic, and digital agendas in the Middle East. Organizations in the region have a short window of time to transform their cybersecurity posture and demonstrate stronger resilience in the face of escalating and increasingly sophisticated cybersecurity threats.”
Key Economic Pillars at Risk
The report focuses on the global significance of targeted attacks on the UAE’s critical infrastructure sectors. Of these, the Oil and Gas sector faces the greatest vulnerability to cybersecurity breaches. In the Middle East, an estimated 75% of regional oil and gas companies have had their security in their operational technology compromised. The commercial and strategic importance of this industry to the region makes it an attractive target for geopolitical or economic rivals.
The Financial, Transportation, and Water & Electricity sectors also face widespread risk from advanced cyberattacks.
DarkMatter’s analysis identified intrusion sets such as Bitter, Molerats, MuddyWater, Chafer, DarkHydrus, Shamoon 3, OilRig, and DNSpionage, which are actively deployed in the region with the objective to disrupt critical infrastructure sectors. Shamoon 3 in particular has been deployed with the intent to sabotage major organizations.
Advanced Digital Ecosystem Vulnerable to Attacks
The UAE has the second-highest smartphone adoption rate globally and is one of the world’s most digitally interconnected societies. This digital ecosystem offers an expanded surface for cyberattacks. DarkMatter observed numerous incidents across the region where critical infrastructure was compromised through technology-connected assets. Most of the attacks leveraged outdated and unsupported software, and weak passwords resulting in unauthorized remote access.
“DarkMatter’s analysis indicates that public-facing assets in the UAE will continue to be targeted by global threat actors. Organizations must prioritize an improved security posture with continuous monitoring and patching of cyber threats to protect their assets and those of stakeholders,” Sabbagh added.
The report concludes with a list of organizational and technical cybersecurity practices for businesses and governments to implement to improve their security posture.
“In this digital battlefield, while organizations believe they have most of the security management controls in place to mitigate cybersecurity risks, the reality is that technical control and capabilities to address the cybersecurity challenge are markedly lagging behind. So there’s a considerable risk that if an attack happens, it may well be successful. The C-Suites must and can readily take steps to effectively manage holistically their security posture in order to be better prepared against escalating malicious attacks,” concluded Sabbagh.
A copy of the report can be found here.
About DarkMatter Group
Headquartered in the UAE, DarkMatter Group is the region’s first and only fully integrated digital and cyber transformation firm. Our mission is to be the leading provider of smart and safe digital transformation to our stakeholders; with innovation and research being at the core of our advancement and practices.
DarkMatter Group enables businesses and governments to harness and maximize the benefits of the digital world safely and effectively through five main divisions:
DarkMatter Cyber Defense provides an ‘always on’ cybersecurity transformation for businesses and governments so that they can safely perform their mission in the face of accelerating cyber risks.
DarkMatter Secure Solutions offers ultra-secure unified communications solutions that allow businesses and governments to protect their business operations and data, giving them control and peace of mind.
DarkMatter Government Solutions is the practice dedicated to helping governments strengthen their defense and security posture to mitigate risks.
DigitalX1 supports business and governments in digitally and smartly transforming their ways-of-working to achieve unprecedented levels of operational efficiency and effectiveness.
DigitalE1 is the education practice that enables businesses and governments in advancing the digital and cybersecurity dexterity of their human capital.
DarkMatter Group provides bespoke solutions for a selection of vital sectors including defense and intelligence, civil government, financial services, transportation, energy, and telecommunications.
For further details, visit www.darkmatter.ae