FireEye announced an overview of the threat landscape in the EMEA region for the first half of 2016 in its latest Advanced Threat Report for Europe and the Middle East. Based on findings from the FireEye Dynamic Threat Intelligence cloud between January and June 2016, 96% of global organisations were unknowingly breached as threat actors of all kinds increasingly evade traditional security products. The report explores how nation, state-based threat actors and cyber criminals conduct espionage and target organisations in the EMEA region.
Organisations in Saudi Arabia, Qatar and the UAE were among the most exposed to advanced targeted threats in the Middle East. FireEye observed actors specialising in money laundering targeting prepaid online and mobile payment systems. These systems can be used to purchase a wide variety of goods and services, making them useful for laundering and monetisation activities. It is also possible that actors are looking to steal the balances of accounts with these systems.
19% of organisations observed during this period in Saudi Arabia were exposed to at least one targeted attack. This figure was 14% and 11% for Qatar and the UAE respectively. 28% of government organisations observed during this period were exposed to at least one targeted attack.
China-based espionage actors targeted a variety of industries in the Middle East. Their motivations included obtaining data related to political, military, and economic issues affecting Southeast Asia. In the past, threat actors such as China-based APT22, APT27, and APT30 have targeted organisations in the Middle East.
Substantial espionage activity was detected from Iran-based threat actors. Iranian activity included targeting key industries such as aviation, finance, government, technology, and telecommunications in countries including Saudi Arabia, the UAE, Bahrain and Oman.
Energy, government and the financial services sectors were the most targeted verticals in the Middle East during the first half of 2016. Specific targets included oil production facilities and industrial control systems, foreign and defence ministries, retail banks, investment banks and sovereign wealth funds.
Ransomware is an increasingly common threat to organisations in the region and a favoured tool in extortion campaigns. Compared to 2015, the first half of 2016 saw a major spike in ransomware activity. As prevention technology improves, ransomware creators and cybercriminal groups quickly move to new variants.
Much like the second half of 2015, the usage of macro malware to deliver malicious payloads continued to increase. Certain Microsoft Office documents, such as Word or Excel files, contain malicious code, called macros, and are distributed online, usually masquerading as harmless emails. Once these infected documents are opened by an unsuspecting user, the macros automatically infect the computer in question.
“FireEye is on the frontlines of the most pressing cyber attacks in the region and it is crystal clear the cyber domain is the new front for supremacy,” said Mohammed Abukhater, Regional Director for the Middle East and North Africa at FireEye.
“The strategic and economic importance of the region’s oil reserves, as well as contentious geopolitics, has made the Middle East a ripe target for both regional and external groups. These threat actors use cyber attacks as a low cost and low risk substitute for conventional means of inflicting damage on rival states and organisations. While some Gulf states have made substantial efforts to enhance their cyber security, further investments are needed to shift the balance of power away from the attackers.”