New Mimecast report shows a steady increase in malicious files in GCC

Hind Al Soulia - Riyadh - DUBAI — Mimecast has released a report from its Threat Intelligence Centre titled Arabian Peninsula as a Cyber Innovator and Associated Cyber Risk to Resilience in the Region. Researchers have observed a month on month increase in malicious files detected in the region over the course of 2020.

The report highlights how between March and April — when COVID-19 first began spreading in the region and countries went into lockdown — there was a 93% increase in malicious files detected. There has been a steady increase in malicious files every month since then.

The report provides a detailed overview of threats seen in the region over the course of this year, highlighting some of the technologies and regional dynamics driving increased cyber threats. It draws on data from organizations in Bahrain, KSA, Kuwait, Oman, Qatar, and the UAE.

The report finds that spam remains the most prominent vector across all sectors throughout the region. Malware-centric campaigns have been observed to continue quarter-over-quarter. And as observed in previous threat research by Mimecast, these campaigns are increasingly sophisticated and continue to use a diverse range of malware during the different phases of an attack.

In terms of most targeted verticals in the GCC, between February and August, Mimecast researchers found that the most targeted sectors were professional services; transport, storage and delivery; and retail and wholesale.

The report also highlights how threat actors are recycling tried and tested methodologies. Given the evolution of threats illustrated, the Mimecast Threat Intelligence Centre assesses that the range of threats encountered is likely (≈55% – 75%) to continue to both increase in volume, and become more sophisticated the longer the pandemic remains a subject of significant concern to the global community and as organizations return their respective workforces from remote-working.

“As the world navigates a new normal, opportunistic threat actors continue to use a combination of attack methodologies to target vulnerabilities,” said Jonathan Miles, head of strategic intelligence at Mimecast.

“These findings put the spotlight on the growing threat activity in the region, placing emphasis on a multi-layered approach to security. Organizations need to implement a cyber resilience strategy with due consideration given to protecting an organization at its perimeter, inside the network and beyond the perimeter, by protecting its brand from exploitation.” added Miles.

Additional key highlights in the report include:

• Ransomware is becoming increasingly sophisticated and cybercriminals are concentrating their efforts on developing this attack methodology.

• As a global logistics hub, the region’s Transport, Storage and Delivery sector has endured repeated campaigns of attack and remains a key focus of threat actors.

• Many organizations in the region use Industrial Control Systems (ICS) many of which are running legacy software and hardware, leaving them vulnerable to cyber-attack for either direct campaigns or to be used as pivots for wider cyber-attacks.

• Smart Cities will increase throughout the region over the next decade, creating an increased attack surface of interconnected devices and networks if vulnerabilities are not correctly managed and mitigated.

• An increased reliance on cloud computing, both regionally and globally, will require a defined approach to security responsibility and expectations between service providers and customers. — SG