Hackers and cybercriminals have their eyes on the Middle East as a series of attacks against oil and gas companies accelerates and in growing intensity, a report from the cybersecurity firm Dark Matter reveals.
The report said that the Middle East, especially the United Arab Emirates, has seen growing numbers of cyber attack and vulnerability exploits in the months leading to March this year. Mainly, those illegal operations have targeted oil and gas corporations, telecommunications, governments, and other critical infrastructure, said Dark Matter, who recorded those attacks between October 2018 and March 2019.
“Oil and Gas, in particular, a pillar of the UAE’s economy that is of strategic importance to the world, face the greatest risks,” the report said. Almost half of the attacks in the Middle East have targeted the oil and gas industry, according to DarkMatter, which cited findings from a Siemens and Ponemon Institute report.
With high smartphone adaptation rate and being one of the most digitally connected territories in the Gulf region, the report said that the UAE is a convenient target. “Every government … (will) Have to protect the sovereignty of their data and communications. You should not take this for granted,” DarkMatter Chief Executive Karim Sabbagh said.
Espionage and sabotage motivated the attacks
The researchers concluded that the primary motivation for these attacks are cyber espionage and sabotage, and the hackers are mainly using spear phishing campaigns to wreak havoc to their victims. Spear phishing is the practice of sending seemingly legitimate emails to target accounts to fool them into giving up sensitive information such as encryption keys, passwords, financial data, and personal information.
One such attack, which came to light on January 9, was carried out using malicious Microsoft Excel documents containing politically charged content in Arabic, according to the report.
“The campaign was aimed at the government, the transport industry and educational institutions in the Middle East, using lure documents containing malicious code to extract information from its targets. The group continues to deliver politically motivated content while developing new techniques to enrich its expanding playbook,” said the report.
Another cyber-espionage attack in March was carried out by a group “believed to be sponsored by the Iranian government,” said the report. The victims include a telecommunication company in Turkey and have carried diplomatic missions within Iran, where it “sought to harvest personal data about individuals of interest.”
“The recent development shows a greater interest in stealing personal data, in contrast with other Iranian groups that traditionally target government and commercial information,” they added.
Cyberattacks around the world
A few months ago, Microsoft revealed that a series of cyberattacks against European countries and business has links to Russian hackers. Strontium, a Russian government agency-linked group, known as Fancy Bear, has targeted more than 100 accounts of employees based across European countries such as Belgium, France, Germany, Poland, Romania, and Serbia.
A series of cyber attacks targeted German Council on Foreign Relations, the Aspen Institutes in Europe, the German Marshall Fund and other organizations involved in democracy research, electoral integrity, and public policy by the Russian-linked cybercriminals. The workers who are affected by the attack are also in regular contact with government officials. It is believed that the attack is an effort to stir panic and influence the results of the upcoming elections in the European Union parliament.
“The attacks occurred between September and December 2018,” said Tom Burt, Microsoft’s corporate vice president of Customer Security & Trust. “We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks.”
Meanwhile, almost half of Australians have been victims of the “biggest cyberattack in Australian history” in the past few months. Out of the 25.4 million people that are currently living in Australia, around 10 million of them have been victims of the said single attack.
The reports were confirmed by the Office of the Australian Information Commissioner (OAIC) in its latest quarterly data breach report. While the OAIC did not expound on the said attack and has kept mum on what kind of data was compromised, they said that the breach was disclosed to their office under the Notifiable Data Breaches (NDB) scheme between January 1, 2019, and March 31, 2019, and reported it in its Quarterly Statistics Report.