Cyber saboteurs are on the offensive in the Middle East
Karim Sabbagh does not look the kind of person who would want to cause a scene or shock people, but the latest report from DarkMatter, the UAE-based cybersecurity company of which he is chief executive, should certainly cause some concern, not least in Saudi Arabia.
The firm’s second Cyber Security Report makes for grim reading for policymakers and business people in the region. “Breaches (of cybersecurity) in the Middle East are both widespread and and frequently undetected. They also appear to be increasingly state-sponsored,” it said.
The targets are exactly those kinds of industries that are the backbone of the Kingdom’s economy — critical infrastructure like oil and gas, transportation, water and electricity, and finance. DarkMatter examines eight “intrusion sets” — assaults on a country’s economic and industrial infrastructure using identifiable cyber weaponry — and the Kingdom is the only one which appears in each case. Ally and neighbor the UAE is the second most frequently targeted.
Some of these attacks are in the public domain. Saudi Aramco has revealed it was the target of several attempts to disrupt or halt energy production and petrochemicals operations in recent years, while denying that they ever seriously affected its business.
One recurring form of intrusion used against the Saudi oil giant is the Shamoon data-wiping malware, which has featured in several attacks of varying degrees of severity.
Saudi Aramco has revealed it was the target of several attempts to disrupt or halt energy production and petrochemicals operations in recent years.
DarkMatter said that Shamoon was used against Aramco last year, in a well-reported and sophisticated attack via a European oil services company that did business with Saudi Arabia but was itself an unwitting “Trojan horse” into the oil giant.
The perpetrators — who Sabbagh calls “bad actors” — are driven mainly by two motives, though they can overlap and feed each other. The most common is cyber-espionage, in which the hacker seeks to obtain confidential or sensitive information in furtherance of a broader goal, such as theft or blackmail.
The second form of assault can result from the espionage attempt, or can be a focused form of attack itself: Cyber-sabotage. As the name indicates, this is an attempt to corrupt the assets of a target organization with a view to halting essential production. The aim, as of any saboteur, is just to cause damage.
Although cybercrime is a frightening global phenomenon, Saudi Arabia, the UAE and others in the region seem to attract a disproportionate amount of attention from the cyber warriors. For the simple criminals, of course, the reason is the same as why robbers target banks: “That’s where the money is.”
Apart from the availability of vulnerable pools of capital, there is also what DarkMatter calls an “expanded attack surface” in the form of the high levels of Internet and mobile connectivity in the region, among the highest usage in the world. More digital transactions make for greater access and convenience, but at the potential cost of security.
And, of course, countries in the region have a number of state-sponsored enemies who might want to damage their economies. DarkMatter does not shrink from labeling some of the intrusion techniques, notably Shamoon, as having “suspected links with Iran” and other actors hostile to the Kingdom and UAE.
While there is probably little a corporation or an economy can do against determined or prolonged assault by a state-directed hacker, on the argument that “one will always get through,” the good news is that vulnerability can be substantially reduced by some very simple measures.
DarkMatter said that more than 80 percent of its assessments found inadequacies in such obvious areas as outdated software, password weakness, insecure protocols and the use of unsupported software. In a few cases, guest wi-fi systems gave potential hackers access to business critical internal networks.
Imagine how that might play out in the nuclear industry for example, where information technology is increasingly mixed in with operating systems.
These faults are relatively easy to fix, but Sabbagh wants the issue escalated to executive management level with the appointment of CISOs — chief information security officers — and greater co-operation between government bodies and the private sector.
In the end, modern corporations and economies will always be vulnerable because they are run by human beings, with all the fallabilities we have as a species. Investment in the human capital, as well as the counter-cyber technology, is essential.
- Frank Kane is an award-winning business journalist based in Dubai. Twitter: @frankkanedubai