Breaches are widespread, go frequently undetected and are increasingly executed by state-sponsored actors, DarkMatter says DarkMatter, a fast-growing cybersecurity firm in the UAE with high-profile government contracts, warns that the financial and oil and gas sectors in the Middle East, as well as utilities and transportation infrastructure, is coming under frequent cyber attacks.
These breaches are widespread, go frequently undetected and are increasingly executed by state-sponsored actors who are targeting the economic and social stability of the regional economies, the Abu Dhabi-based cybersecurity firm said in a new report released on Monday.
“The commercial and strategic magnitude makes [critical infrastructure] industries attractive targets, with potentially devastating effects on the security of nations and their citizens,” Karim Sabbagh, chief executive of DarkMatter Group, told The National in an interview.
DarkMatter analysed threats and trends it observed between October 2018 and March 2019, but did not disclose the names and number of firms that were analysed, citing security reasons.
The energy industry in particular is critical to Middle East economies, with the GCC counting $835 billion (Dh3 trillion) in active oil and gas construction projects, DarkMatter noted. Three-quarters of regional oil and gas companies have experienced some form of cyber security breach, according to the security firm.
Last December Shamoon 3, a data-wiping malware, was deployed to target the oil and gas sector, and hit Saudi Arabia’s Aramco. But instead of directly attacking Aramco, it went after Saipem, a technology vendor of Aramco that counts the Saudi major as one of its biggest customers, Mr Sabbagh said.
The firm estimates that cyber crimes will cost the private and public sectors $6 trillion in the next two years globally, in what Mr Sabbagh called “the largest transfer of economic wealth in the history of mankind”. But he warned of a “huge gap” in cyber security investment to prevent such attacks, which will amount to a total of only $1tn between 2017 and 2021.
DarkMatter said the current efforts to mitigate risk are insufficient and there is a considerable risk that if a cyber attack occurs, it will be successful.
Most attacks that DarkMatter investigated leveraged a system’s outdated software or weak passwords to gain access to a person or company’s data. Eighty-three per cent of organisations were using unverified software and 91 per cent had outdated software and were missing critical security patches. Nine in ten organisations in the region were using insecure network protocols, which are systems that manage communication between networks.
The UAE, with the second-highest smartphone adoption rate globally and one of the world’s most digitally-connected societies, continues to be one of the most attractive destinations for cyber criminals in the world, according to DarkMatter.
“The UAE is increasingly relying on digitisation while pursuing its social, economic and digital agendas. It is expanding its digital footprint and de facto enlarging the [cyber] attack surface,” said Mr Sabbagh.