Cyber Attacks from Terrorists ‘just a matter of time’
In Q-1 of Y 2016 alone, there were 2.2-B cyber attacks globally
Rapidly evolving threats from cyber criminals and terrorist groups including ransomware and cryptoware could result in major attacks on critical infrastructure and industrial systems in the Middle East, according to prominent technology security firm Kaspersky Lab.
During a conference in Baku, Azerbaijan, the company’s leading technologists from across the globe gathered to warn governments, corporations and individuals that disaster was just around the corner if secure measures were not put in place.
“The most scary attack is cryptoware, which deletes your files and encrypts them without you knowing and then you are asked to pay a fine in Bitcoin to get your information back; the criminals even set up a call centre to tell you how to pay,” said senior researcher Ghareeb Saad.
The average ransom companies paid to recover data was said to be $551,000 and it was estimated that White Hat security researchers discover 310,000 new computer viruses every day.
The 2010 Stuxnet attack on Iran’s nuclear facilities was well known. But senior security researcher Mohammad Amin Hasbini insisted many smaller scale but critical attacks were going unreported by the media – often because organisations did not want the bad publicity involved in revealing a breach.
In December last year for example, Ukraine’s power grid was shutdown by hackers and 250,000 people lost their electricity supply for 6 hours.
Just in March and April of Y 2016, there were attacks on a United States dam, a Korean public transport system, a French hydroelectric system and a Swiss public water system with 2.5 million customers. Major disaster was averted only by chance rather than design.
“We got lucky and nobody is aware of these attacks,” said Mr. Hasbini.
“These things are happening all of the time but you do not see stories about them in the media. With smart cities, everything becomes reachable; an attack could do real damage.”
Mr. Hasbini revealed that 295 industrial attacks in the US were reported in Y 2015, with many more going unreported.
In Q-1 of Y 2016 alone, there were 2.2-B cyber attacks globally according to Kaspersky researchers, with 50% of individual Internet users facing some sort of hack. The number of attempted breaches was particularly high in Egypt, Turkey and Qatar, while Lebanon was said to be the most secure country in the Middle East.
In fact, the number of ransomware attacks in the Middle East rose 15% Y-Y to 150,000 in Q-1 of Y of 2016. Most infections still came via e-Mails, social networks, websites, routers and USB sticks.
Individuals and organisations are urged to keep their chosen browsers, software and operating systems up to date.
Best practice also included using an anti-virus program, adopting strong passwords, enabling the ‘system watcher’ on devices and rejecting the urge to open e-Mail attachments from unknown and untrusted sources.
Some 17% of attacks happened on an Android device, 61% through browsers, 11% through Java, 4% via Microsoft Office and 3%through Adobe Reader.
So far, terrorist groups have not engaged in major cyber attacks on the GCC. But a number of Kaspersky staff said that this scenario is inevitable.
“It is just a matter of time,” said Mr. Hasbini.
“The weak link is the lack of awareness both from governments and the contractors they use for public utilities. These are new threats though and everybody is still learning. The attacks are not digital, they are in the physical world and could actually stop people from being able to live their lives; 10 years ago we did not have these threats, now there is some new threat every single day.”
Gaming and banking systems were also under constant attack from hackers, it was revealed, because “wherever there is money online, you will find cyber criminals,” said Mr. Saad. However, most serious of all was the threat to critical infrastructure and public utilities, many of which could be accessed remotely by hackers using a simple login and password.
“Unfortunately, we live in a world where everything is smart, and not everything is secure,” said senior security researcher Yury Namestnikov.
Technology positioning manager Denis Legezo added: “Everything that is online is searchable and vulnerable.”
Meanwhile, solutions business lead Matvey Voytov insists, “Most attacks target money or things that are worth money. But some cyber criminals are looking for intelligence and information. Others might be companies wanting to disrupt competitors or to push an ideological cause.”
Kaspersky has 400-M individual users of its product and 270,000 corporate clients across 200 countries. The firm’s CEO Eugene Kaspersky claims he is on a “mission to save the world from cyber criminals.”
By Dean Carroll
Paul Ebeling, Editor