Cryptomining attacks in the UAE doubled in 2021 as compared to 2020, according to the Kaspersky Security Network’s latest report.
Launched at GISEC 2022, the report also revealed that the country has witnessed an increase in financial malware attacks on Android by 42 percent in the same period.
The Middle East overall paints a similar picture, wherein cryptomining attacks increased by seven percent and financial malware on Android increased by six percent in 2021 as compared to 2020.
Speaking exclusively to ITP.net, Emad Haffar, Head of Technical Experts for META, Kaspersky, explained, “While cryptominers do not necessarily pose a direct threat to the system that they affect, they cause disruptions such as productivity loss. In addition, the resources they consume in the process can be the gateway for other threats to introduce new vulnerabilities that can be exploited to penetrate enterprise systems. That is probably the main threat behind cryptomining.”
On the bright side, Kaspersky found that all malware attacks in the country saw a decrease by 22 percent, and ransomware attacks have also dropped by 25 percent in 2021 as compared to 2020.
However, while the plummeting numbers are a promising sign, experts are noticing a change in tactics used by cybercriminals targeting the UAE. More complex and targeted cyber-attacks are being devised and launched, suggesting that cybercriminals are focusing more on quality than quantity.
“It’s not uncommon for threat actors to use more than one attack vector to introduce another malware, said Haffar. “Once they have a foothold on the system, they try to maintain that traction to gradually introduce more and more malicious codes so that they can maximise their benefit out of the system. So usually, you would see two groups of malware going together as one group to introduce another.”
Organisations in the UAE and across the region are rapidly embracing technologies like the Internet of Things, artificial intelligence and automation that will allow them to operate and build an “always-on” business. Cryptominers are taking advantage of this to steal computing power by exploiting all applications, servers, and platforms that can support their mining operations.
These kinds of attacks, according to Kaspersky, can result in organisations experiencing IT infrastructure performance lags and high electricity bills. While these effects are not the usual red flags in cybersecurity such as interruption of services, financial losses or file encryption due to a ransomware attack, they could result in significant disruptions over time.
This also calls for caution within the Critical Infrastructure (CI) sectors, which include, oil and gas, utilities, manufacturing, water, smart cities and transportation. During the second half of 2021, Kaspersky reported that almost 40% of all ICS computers were attacked by malicious software at least once. Cyber-attacks on these systems can impact production operations, result in financial losses and affect people’s lives. The goal of such attacks can be both cyber sabotage and cyberespionage.
“There has been a massive uptick of technology and connectivity solutions in the industrial sector. However, while this offers a multitude of benefits, the integration of these technologies has also introduced risks and vulnerabilities that cybercriminals can exploit,” said Haffar.
Despite all this, Haffar noted that there are plenty of measures that organisations can take to protect their environments against cyber threats and Kaspersky can support them in these initiatives.
“One of the things that we’re doing right now is introducing organisations to our cyber immunity approach. In line with this, together with our partners, we have developed IoT gateway devices which are based on Kaspersky operating system that will allow companies to monitor and secure those IoT devices,” he said.
Haffar also explained that Kaspersky has a dedicated team that focused on industrial cybersecurity. “The Kaspersky ICS CERT helps us with generating intelligence, developing solutions and identifying vulnerabilities in today’s ICS systems. We are also working with a lot of organisations in the UAE and across the region to find new ways to protect their industrial and OT environments.”
The Kaspersky report further highlighted that Security Operation Centres (SOC) play a key role in mitigating threats to industrial systems and must be equipped with actionable Threat Intelligence to identify threats and dynamically respond to them.
