Certainly, the cyber threat landscape is deteriorating by the minute, and learning about new attacks and the best way to keep your company safe is vital. For instance, AI-powered attack methods, such as voice cloning and deepfakes, maximize hackers’ success rates in phishing and social engineering incidents. Worse still, the increased access to generative AI products like ChatGPT further democratizes cybercrime. Understanding AI-powered attacks will help you keep up with cybercriminals’ innovation pace and secure your systems and data. Hackers use AI to increase their winning rates. As AI innovation advances, threat actors have realized they can use the technology for different attacks to increase their success rates and maximize profits. Some of the ways hackers use AI-powered attacks include the following: 1. Voice cloning Hackers leverage AI in vishing (voice phishing) attacks to dupe unsuspecting users and employees into believing they are speaking with legitimate callers. Sometimes, threat actors use these AI-powered calls with other tactics, such as business email compromise attacks. For instance, they can call victims to give them a heads-up about an email (in this case, a phishing email) they are about to receive. This strategy increases the hacker’s success rate since gullible users will not identify the email as harmful. 2. Deepfake technologies Besides voice manipulation, hackers have weaponized AI by altering video material to conduct plausible social engineering attacks. Deepfakes misuse has eroded trust in body cameras, surveillance footage, and other video and audio evidence. Additionally, these AI-powered attacks have increased cases of cyberbullying, stock manipulation, and blackmailing and worsened political instability. 3. AI-powered phishing emails Hackers can use generative AI, such as the ChatGPT tool, to craft convincing phishing emails that bypass conventional spam filters. With publicly available and free generative AI solutions, cybercriminals and malicious insiders will generate convincing emails and code with little technical expertise. Zias Nasr from Acronis notes that AI and machine learning used by cybercriminals to create phishing emails and malware reduce barriers to entering the cybercrime space and increase attack frequency. Previously, attackers have been limited in their ability to send phishing emails to victims in the UAE since many of them don’t write in Arabic. “However, with generative AI models, attackers can generate well-written, seemingly trustworthy phishing emails and messages in various languages at the click of a button,” states cybersecurity expert Safwan Akram. Translating phishing text into different languages localizes the attacks and increases trust levels. ChatGPT’s classic large language model (LLM) is versatile enough to create realistic phishing emails. A recent cyber threats analyst report states that these AI tools can generate hundreds of slightly different messages, making traditional static detection difficult. 4. Scaling attacks with minimum efforts Apart from generating different phishing emails rapidly, AI can even respond to potential questions and email responses from unsuspecting victims, greatly reducing the attack time and effort. Generative AI tools can generate scripts for sending and responding to emails while recognizing the topics that work well and the ones to avoid. 5. AI-powered malware AI innovations make malware creation easier for cybercriminals. Threat actors can use AI to create sophisticated polymorphic malware that can metamorphosize (change the design and code; the malware rewrites itself after infection) to evade conventional security mechanisms. The process that initially took hours to complete now takes a few minutes with generative AI tools. 6. Discovering vulnerabilities Generative AI models can understand and identify flaws in program code. In this case, threat actors can paste software’s source code into AI-powered solutions to detect vulnerabilities such as SQL injection, buffer overflow, missing authentication, and unrestricted uploads. Next, the AI chatbot can create corresponding exploits and obfuscate the attack methods. Staying ahead of AI-Powered Attacks 1. AI-Powered cyber defense Just like with emerging cyber threats, security experts should adopt advanced technical and administrative solutions to keep up with criminals’ innovations. For instance, security teams can use AI-powered tools for threat intelligence and cyber risk assessments. 2. Defense-in-Depth model Organizations using cloud environments should invest in multiple security layers and a zero-trust model based on enhancing access controls. 3. Patch management and WAF You should use updated tools to assess and detect vulnerabilities in software and other solutions in your IT environment. Common security measures such as patch management and web application firewall filtering can detect and protect your assets from emerging vulnerabilities. 4. Cybersecurity awareness training Additionally, organizations should continuously create awareness about new AI-powered attacks. Users need to know how to detect red flags in emails, such as typos and malicious links. Businesses in the UAE should also equip employees with smart support solutions to detect and respond to attacks. Technology is advancing at breakneck speed in the UAE, with many industries and processes going online, from retail to banking to oil and energy production. Also, AI adoption is on the rise. As AI gradually permeates our everyday lives, cybercriminals are not hesitant to take advantage of this technological innovation. While security teams use AI for defensive purposes and threat intelligence, it is undisputable the technology has complicated the cybersecurity landscape. Therefore, security teams should consider deploying AI-powered defense mechanisms in addition to standard defense-in-depth controls and awareness training.
The Changing Nature of Cyber-Attacks Due to the Rise in Cryptocurrencies
The United Arab Emirates (UAE) is well established as a global hub for technology and innovation, with a rapidly growing interest in blockchain and cryptocurrency technology. However, being an ever-evolving business hub and the rising popularity of cryptocurrencies, there comes a different shift, like cyber-attacks targeting institutions, businesses, and individuals. As the UAE embraces digital currencies, it encounters a parallel rise in cyber threats propagated by malicious actors. Consequently, while reaping the benefits of decentralized and digitized transactions, the nation must remain vigilant against evolving threats from cybercriminals. The decentralized nature of cryptocurrencies, attributed to their lack of centralized control, poses a unique challenge. Cryptocurrencies are different because they lack a central authority controlling them. If someone steals the secret code you use to access your cryptocurrency, you cannot get your money back. Unlike traditional financial systems, where recourse mechanisms are often available, the inherent design of cryptocurrencies places the onus squarely on the investor’s shoulders. The cryptographic code – the private key that provides access to one’s holding – is very important. If hackers get this key, there’s no avenue for recovery virtually. It makes investing in cryptocurrencies riskier than normal things like bonds or stocks. Apart from theft of codes, cryptocurrencies provide anonymity that promotes a way for hackers to demand ransom payments in ransomware attacks. Now you understand the pressing need for bolstering cyber security measures in the UAE. The Blockchain Strategy in UAE Cryptocurrencies present a double-edged proposition in the UAE, offering advantages such as expanded financial access, heightened privacy, and decentralized transactions. Notably, the UAE government has proactively embraced the integration of cryptocurrencies and blockchain technology in different sectors like logistics, real estate, and finance, launched by His Highness Sheikh Hamdan. An example of this commitment is the Dubai Blockchain Strategy, a collaboration between the Dubai Future Foundation and the Digital Dubai Office. The Dubai Blockchain strategy was launched to provide impactful, efficient, secure, and seamless city experiences to achieve technological leadership and digital innovation. With its aim to use the potential of blockchain technology, the strategy is set to generate substantial economic opportunities in different city sectors. The strategy perfectly aligns with Digital Dubai’s mission to establish the city as a technology hub in a smart economy, encouraging global and entrepreneurship competitiveness. The successful execution of the strategy will position the UAE among the first blockchain governments globally. Crypto Currency- Driven Cyber Threats Cryptocurrencies have led to the rise of ransomware attacks by allowing the transfer of illicit funds directly to crypto wallets. Apart from providing the recipient’s anonymity, such wallets make recovery efforts difficult. With cryptocurrencies, hackers can move millions of dollars in ransom across national boundaries in seconds and without a trace. Ransomware attacks continue to be a huge threat in the UAE. According to a global study, 77 percent of organizations in the UAE, such as healthcare institutions, critical infrastructure, and even small businesses, suffered at least one ransomware attack in the past years. However, at the beginning of 2023, ransomware attacks have reduced significantly by 70%. Additionally, cybercriminals often impersonate legitimate cryptocurrency exchanges, wallets, or initial coin offerings (ICOs) to trick users into disclosing confidential information such as login credentials and private keys. To thwart such threats, education and awareness campaigns are pivotal. The idea of quick profits from cryptocurrencies makes individuals more susceptible to scams. A victim in Sharjah lost over 1 million dirhams to a crypto scam after a cybercriminal befriended her on WhatsApp. The hacker tricked the victim into investing $12,000 in a crypto trading platform. After making some returns, the victim forked an additional $200,000, only to discover later that she was trading in a fake crypto platform designed to mislead investors into believing they were making real reaturns. Ways to Protect UAE’s Digital Future The rise of cryptocurrencies and the new wave of cyber-attacks needs a multifaceted approach to cyber security. To safeguard the digital landscape, some of the strategies to employ include: 1. Training and Education With the advent of blockchain and cryptocurrencies, everyone is on the line. Individuals have their wallets, and as mentioned earlier, due to the nature of cryptocurrencies, once your code is stolen, there’s no way to recover. Therefore, there’s a need to raise awareness among the country as a whole and not just businesses, organizations, and government entities. The UAE has increased the ability to buy real-world assets with crypto-assets. Surprisingly, even allowed for small transactions like buying a meal. This move is huge; individuals must know what it means before taking these steps. 2. User Empowerment There is a need to train on common cyber threats, best practices, and how to identify potential scams to ensure attacks are prevented. Individuals should be taught basic ways to avoid scams, like not sharing personal information or entertaining anonymous messages and calls. Additionally, it is advisable to use exchange platforms regulated by UAE financial regulators by checking with bodies such as the Abu Dhabi Global Market (ADGM) and Dubai Financial Service Authority (DFSA). Also, with the increased cyber-crimes, the Digital Assets Crime Section of Dubai police was formed to deal with crypto issues. Individuals are urged to always do their due diligence by Tarek Mohammed, the head of the Dubai Assets Crime Section at the Dubai Police. Each user is responsible for staying informed and enabling two-factor authentication. 3. Cybersecurity Investment Both private and public sectors ought to allocate resources to foster cyber security infrastructure like incident response plans, regular security audits, and detection systems. The dangerous thing about crypto transactions is that it’s online, and their anonymous nature can lead to fraud. In fact, in 2021, victims of fraud lost up to 80 Million AED from crypto scam cases. 4. Information Sharing and Collaboration An established framework for sharing threat intelligence among cyber security experts, businesses, and government agencies is key to countering emerging cyber threats effectively. UAE regulators need to continue to emphasize collaboration and information sharing. Emphasis on guidance on best practices, especially ADGM and DFSA, by
Continued Increase of Ransomware in the UAE
A thriving business can face significant harm from a ransomware attack, and businesses in the UAE are highly susceptible to ransomware dangers. So, what is ransomware? It is a malicious program that uses encryption to seize and control a company’s or an individual’s data. When ransomware encrypts your data, you or your organization cannot reach files, databases, or applications. The growing threat of ransomware attacks often leads businesses to pay substantial amounts of money to cyber criminals to reduce the attack’s impact. Apart from paying the ransom, these attacks can cause considerable damage and result in significant financial troubles for companies. Netskope’s solutions engineer, Steve Foster, notes that ransomware in the UAE will continue increasing in 2023 and beyond. “In the coming year, we will likely see more groups performing more devastating attacks, more affiliates being involved in these attacks, newer payloads and tools being used, and newer techniques like collaborating directly with malicious insiders,” he said during an interview with Arabian Business. Ransomware attacks target UAE businesses daily. According to a 2021 report, UAE businesses have paid over 5.1 million UAE dirhams (or $1.4 million) as ransom fees to regain system access after ransomware attacks in the past two years. Additionally, 42% of these enterprises were forced to halt their activities following a ransomware attack. Dr. Mohammed Al Kuwaiti, head of cybersecurity at the Government of the UAE, pointed out a recent case in which a ransomware attack targeted a financial institution. The attackers demanded a ransom of $2 million. However, the institution chose not to comply with the demand, aligning with advice against engaging with such attackers. Dr. Al Kuwaiti also emphasized a recent occurrence involving a UAE-based bank. Fortunately, the bank’s strong security measures successfully prevented the attack. While some organizations can prevent ransomware attacks successfully, the threat has grown in 2023. Ransomware groups pose a significant worldwide threat, expanding their influence into the Middle East. Their deeds have observed an astonishing 77% increase in activity in the first quarter of 2023 compared to a similar period in 2022. According to insights from the Group-IB report, nations within the Persian Gulf area have been particularly singled out. Among these, the UAE comprised 33%, followed by Saudi Arabia at 29% and Kuwait at 21%. However, Kaspersky Security Network reported ransomware attacks decreased in Q2 2023. Kaspersky noted that ransomware incidents in the UAE decreased by 9.5%. Although ransomware might be increasing in certain regions while experiencing a decrease in others, the common trend is the growing complexity and precise focus that the ransomware attackers exhibit. Cybercriminals are currently aiming at a diverse range of organizations, including healthcare and educational institutions, service providers, and industrial enterprises. Recent ransomware attacks on UAE organizations 1. UAE Invest Bank refuses to pay $3 million ransom UAE Invest Bank, a notable financial institution, boasts a significant group of users, particularly Internet banking users. In 2015, a hacker managed to breach the bank’s system, accessing SQL databases, transaction records, and customer details, which included credit card information, purchase sums, and validation codes. The hacker demanded a ransom of $3 million in bitcoins. However, the bank chose not to meet the demand, causing the hacker to publicize the stolen data through a Twitter account. Luckily, there were no financial losses incurred due to this event. 2. Moorfields Eye Hospital falls victim to ransomware group Moorfields Eye Hospital, located in Dubai, faced a cyberattack perpetrated by the AvosLocker ransomware group in 2021. The ransomware group acquired a substantial amount of data in the attack, totaling 60GB. The data encompassed duplicates of ID cards, insurance claims, financial papers, call records from the hospital, internal messages, and more. The breach was likely facilitated through malicious emails or ads containing the malware. The attackers proceeded to encrypt the stolen information, but there was no information on the demanded ransom amount. Despite the security breach, the hospital maintained its operational services without interruption. At the same time, they initiated communication with the affected users and launched an investigative initiative to tackle the breach. 3. Dharma ransomware causes chaos across the UAE companies. A contracting company based in Dubai faced a significant setback when a hacker blocked their access to their computer systems. The ransomware incident affected all organizations contracting the company for various IT systems. The hacker had unleashed the well-known crypto virus named Dharma, which led to the encryption of all their files. The Dharma ransomware is infamous for its worldwide spread and consequences. However, it’s important to note that the decryption process for Dharma (.cezar family) is complex. The hacker demanded a $300 ransom in bitcoins to unlock the affected machines, but the company refused to pay, fearing that the encrypted files would not be restored. What does the increasing ransomware mean for UAE organizations? The increasing occurrence of ransomware attacks in the UAE is causing significant worries for organizations nationwide. As ransomware attacks persistently grow in frequency and complexity, businesses must brace for potential disruptions of core operations, loss of crucial information, financial losses, and damage to their reputation. Furthermore, the exposure of sensitive data may lead to regulatory fines and breaches of data privacy rules. Therefore, UAE organizations must implement strong cybersecurity measures to counter these risks and effectively maintain a robust security posture. Defending against ransomware 1. Prioritize consistent data backups. Defending against ransomware necessitates a multifaceted strategy. Firstly, organizations must prioritize consistent data backups and store them in a secure, isolated environment. Maintaining current backups allows for data restoration in the event of an attack without giving in to the attackers’ demands. 2. Cybersecurity training and awareness. In addition, UAE organizations must prioritize training and awareness for all employees. Educating staff about phishing emails, harmful attachments, and dubious links can considerably decrease the likelihood of ransomware infiltrations that result from human error. 3. Implement robust email security controls. Another security control involves implementing robust email filtering and security solutions as a proven measure that intercepts and blocks such dangers before they reach employees’