By Mark Sutton
Saudi Arabia ranked worst in region as target and source for cybercrime activities
Security company Symantec is warning that the Middle East is increasingly becoming a target for hackers and online theft.
In its latest biannual Internet Security Threat Report, Symantec warns that while the UAE has made significant progress in cutting the amount of spam and phishing attacks launched from the country, the region as a whole, and Saudi Arabia in particular, is coming under greater threat from co-ordinated, international gangs of cyber criminals.
Saudi Arabia ranked as the leading country as a source and target for malicious activity in the Middle East, and was ranked at number 32 worldwide. The UAE was rated 38th worldwide.
Due to the relatively small number of subscribers, Saudi Arabia ranked as the worst country in EMEA for malicious activity per broadband user in the second half of 2007. The company also said that last year saw 711,000 new malware threats detected, representing two-thirds of the total of all malware ever detected, indicating that the volume of threats is growing massively.
Ivor Rankin, Senior Security Consultant, Symantec, said that there was some improvement in certain countries in the Middle East, the overall trend was to more security incidents as more users came online in the region.
"It is quite interesting to see Saudi Arabia emerge as the number one GCC source of malicious attacks," he said. "If you look at last few years, as countries expand their broadband infrastructure, we see more interest from attackers to target these countries - the bigger the pipe, the more the value to the hacker."
Rankin said that the efforts by UAE authorities to combat cyber crime, including the 2006 Cybercrime Law No.2 and the formation of the country's first Cybercrime Emergency Response Team (aeCERT), plus a more mature approach to security by companies within the UAE, were showing positive effects. According to the ISTR, in the second half of 2007 the UAE dropped to 91st worldwide as a source of spam, and 69th as a source of phishing attacks, from the 51st and 66th slots respectively in the first half of 2007.
Despite the UAE's proactive approach and similar efforts that are emerging in other GCC countries. The sheer number of new users coming online meant that there was still a growing problem for the region, Rankin said. While the growing number of ISPs have so far competed to upgrade their network infrastructure, they hadn't yet focused on upgrading infrastructure security. He believes this will change, with ISPs offering security services like anti-virus software to subscribers as a value-added service, but that this may be a way off.
Rankin also highlighted the fact that it is not just attacks on sites within the region, but sites that are popular with users in region, such as social networking sites, that also pose a risk to internet users in the Middle East. He identified the growing trend of attacks that attempt to compromise the websites of trusted ‘brands' - major corporations, government organizations, well known e-commerce sites - and then stealthily install malware on PCs that visit those sites.
Such attacks on trusted brands are part of a more professional approach by cyber criminals, which aim to exploit vulnerabilities of many different applications and sites in order to steal confidential information. Protecting against such attacks are very difficult, said Ranking, particularly educating users.
"I don't think there is a single strategy we could recommend as an answer," he said. "We have seen consolidation and maturity in the underground economy in the past six months, and we have seen a significant increase in site specific vulnerabilities. If we look at the trends, [attackers] have changed their focus to the users, and they have realized that if they target popular websites then the likelihood of increasing their base of compromised systems is far greater."