RIYADH: Since the start of the pandemic, a wave of advanced threat campaigns targeting the Middle East have been discovered by Kaspersky, a global cybersecurity firm.
An APT is an attack campaign in which intruders establish an illicit, long-term presence on a network to mine highly sensitive data. The targets, which are carefully chosen and researched, typically include large enterprises or government networks.
The region has always been a hotbed for such attacks due to geopolitical factors.
Kaspersky researchers, keeping a close eye on the region for APTs, worked on 68 investigative reports related to 29 cyber gangs actively targeting the Middle East since the start of the pandemic.
The researchers issued 49 threat intelligence reports due to investigations associated with cyberattacks on the UAE, which endured the highest number of reports for all Middle Eastern countries.
The second highest was Saudi Arabia with 39 reports, followed by Egypt with 30. Kuwait and Oman had 21 each, while Jordan had 20. Iraq, Qatar and Bahrain had fewer than 20 reports each.
APT attacks primarily targeted government agencies, followed by diplomatic institutions, the education sector, and telecommunication institutions. Other targeted sectors included finance, IT, healthcare, legal, military, and defense.
Some of the APT groups investigated were Oilrig, WIRTE, Lazarus, and Sofacy.
Fatemah Alharbi, a cybersecurity expert and assistant professor at Taibah University, told Arab News: “PowerShell-based malware are utilized by advanced cyberattacks targeting critical infrastructures in Saudi Arabia.”
She said these cybercriminals were sending phishing emails that contained malicious Microsoft Office files impersonating legitimate entities.
To pass the firewall and the email protection techniques, she explained, these rigged files were protected by passwords and compressed as zip files.
“This approach facilitates the mission of these cybercriminals to take full control of the file system and to compromise every single file there. This means they would be able to control the operating system, applications, and data. Assuming the attack is detected, an in-depth analysis and investigation on the file system is highly recommended as a quick response to recover the system and stop the attack.”
Referring to a report by Bitdefender, a cybersecurity technology company, Alharbi said: “Researchers shed light on a well-known APT cyber espionage campaign that targets mainly critical infrastructures in Saudi Arabia.This threat group is called Chafer APT (also known as APT39 or Remix Kitten). The report shows that these cybercriminals rely on social engineering to compromise victims in Saudi Arabia.
“Technically, the attack tricked victims to run a remote administration tool located in the downloads folder, similar to the RAT components used against Turkey and Kuwait back in 2014 and 2018, respectively.”
Despite these threats, Alharbi said the Kingdom’s cybersecurity resources had proven their ability to face such dangers.
“Saudi Arabia is ranked No.1 in the MENA region and Asia and No.2 globally according to the Global Cybersecurity Index issued by the UN’s specialized agency in information and communications technology, the International Telecommunication Union in 2021.”
This indexing evaluates countries periodically based on five main axes: Legal, technical, regulatory, capacity-building, and cooperation. The Kingdom scored advanced points in all of these axes, she said.
Amin Hasbini, head of the global research and analysis team for the Middle East, Turkey, and Africa at Kaspersky, said: “Our cybersecurity experts have always been at the forefront of detecting and reporting the latest APT threats. Our reports are the product of their visibility into the cybersecurity landscape and promptly identify what poses a threat.
“We use these insights to, of course, alert the concerned organizations on time and provide them with the protection as well as intelligence needed against both known and unknown threats. As companies move towards digitization, especially due to the pandemic, it is more important now than ever before to know about the threats that are constantly evolving.”
According to a recent report from Kaspersky and VMWare, working remotely during the pandemic made Saudi employees vulnerable to cyberattacks.
In the VMWare report, a survey of 252 Saudis showed 84 percent of them said that cyberattacks had increased due to working from home.
Alharbi talked about methods to protect users from social engineering threats. “Recently, we see a rise in the number of cyberattacks that are based on social engineering. According to a recent report by PurpleSec, 98 percent of cyberattacks rely on social engineering. Cyber criminals prefer to use social engineering techniques that can expose a victim’s natural inclination to trust easily compared to implementing malwares or any other tools to hack systems.
“For that, organizations must strengthen and diversify their cybersecurity awareness tactics, such as publishing cybersecurity awareness content, in-class training, videos, simulations and tests,” she said.