Amazon Prime Day may have provided an opportunity for bargain hunters across the region to take advantage of discounted deals, but the two-day promotion also opened up another avenue for cyber-criminals to wreak their havoc.

Cyber criminals established malicious domains in the month leading up to Amazon Prime Day, a Point Software study found, with 46 percent of new domains including the word Amazon found to be bogus.

Prime Day, the two-day bargain hunt on the e-commerce giant, generated about $6.8 billion in revenue for Amazon this year, according to estimates from Morgan Stanley; about half of that revenue came from third-party merchants.

“While low costs and convenience are understandably appealing, there is another aspect to the e-commerce revolution that consumers need to be mindful of, especially on occasions like Amazon Prime Day,” said Steven Cunnington, global lead for identity assistance solutions, Collinson.

Steven Cunnington, global lead for identity assistance solutions, Collinson

But it’s not just during the two-day dash for discounts when consumers and employees have to be careful of hackers looking to steal information and cash.

In 2020, the UAE saw a 250 percent increase in cyberattacks, Mohamed al-Kuwaiti, the UAE’s head of Cyber Security told CNBC. Cyberattacks, motivated either by financial or political gain, impact businesses in the same way by causing downtime, data loss and digital damage, Mahmoud Samy, vice president EMEA emerging region, Forcepoint said.

Governments and businesses are waking up to the massive damage and costs resulting from cyberattacks, with a PwC survey revealing that about 74 percent of Middle East CEOs regard cyberattacks as an obstacle to growth in 2021. Of the survey respondents 43 percent said they plan to increase investment in cybersecurity and data privacy by 10 percent or more over the next three years, well ahead of the global average of 31 percent.

But in the Middle East, governments have been accused of taking a “tunnel vision” approach to cybersecurity, Emad Fahmy, systems engineering manager Middle East at NETSCOUT, said.

“Companies simply cannot tend to cybersecurity threats once they have surfaced and already done the damage. When facing a cybersecurity attack, it is essential to counter the threat by preventing it rather than curing it when it is too late,” he explained.

Emad Fahmy, systems engineering manager Middle East at NETSCOUT

Meanwhile Ray Kafity, vice president Middle East, Turkey and Africa at Attivo Networks said that “businesses have disregarded crucial areas within cybersecurity”.

“Most tactics, techniques, and procedures cybercriminals use centre around software vulnerability exploitation, highlighting the lack of cyber hygiene and resilience,” he said.

Making matters worse, the pandemic has pushed people to work from home, which increases vulnerability. Prior to Covid-19, only 10 percent of workers in the UAE reported working from home one to two days per week, compared to a global average of 62 percent, according to a 2019 survey by International Workplace Group.

Mahmoud Samy, vice president EMEA emerging region, Forcepoint

“Because of the cloud and the pandemic, an enterprise’s highly distributed employees are working in unmanaged home networks and directly connecting to cloud services with IP addresses they didn’t receive from corporate IT,” Samy said.

Ransomware on the rise

The effect has been clear: Data breaches and attacks rose last year in the Middle East where more individuals were working from home.

“Phishing attacks and ransomware [are] the most frequent and prevalent forms of malware,” Tamer Odeh, regional director at SentinelOne in the Middle East told Arabian Business.

Globally, there were fewer incidences in 2021 than in 2020, but the potential damage from targeted attacks has increased, the State of Ransomware report 2021 from Sophos read.

“Many attackers have moved from larger scale, generic automated attacks to more targeted attacks that include human operated, hands-on-keyboard hacking,” a Sophos whitepaper from April read.

Tamer Odeh, regional director at SentinelOne in the Middle East

Thirty-seven percent of respondents said they’d been hit in an attack, according to the Sophos research that surveyed 5,400 IT decision makers across 30 countries in January and February. Last year, 51 percent of respondents said they’d been hit by a ransomware attack.

Globally, the average ransom paid was $170,400, but when downtime, people time, device costs, network cost and lost opportunity costs are factored in, that average shoots up to $1.85 million. In the UAE the average cost was $520,000.

And just because targets pay the ransom, it doesn’t mean they’ll get their data back either. In 2021, only 32 percent of those who paid got their data back, but 96 percent got at least a portion of their data back.

“Today’s challenge is that everything is digital, and protecting the endpoint isn’t as easy as it used to be. Virtually any device can be connected to your network. And therefore, just as physical items can be stolen or broken, today’s precious assets are increasingly susceptible to cybercrime that seeks to halt the business activity, steal data, and steal money – all digitally,” Sentinel’s Odeh said.

Hackers hit UAE workers

The “unbound enterprise” – or the myriad of IP addresses employees use while working from home – offers advantages as well as a cybersecurity challenge, the Forcepoint vice president said.

In the UAE, more than 32 million threats were blocked by Trend Micro in 2020, 91 percent of which were email borne, a report from the data security and cybersecurity solutions company found.

There were “an average of 119,000 cyber threats detected per minute in 2020 as home workers and infrastructure came under new pressure from attacks”, the report found.

In the UAE, Trend Micro solutions detected and blocked over 19 million (19,662,122) email threats, prevented 10m malicious URL victim attacks, and nearly 119,000 URL hosts. In addition, 2.7m malware attacks were identified and stopped, while over 1,600 online related banking malware threats were blocked.

What can be done

Kafity said a Zero Trust approach, where people, devices, and applications must verify their identity before accessing network resources, is the best way to prevent an attack.

“Protecting identities, detecting and preventing network privilege escalation, and detecting and stopping attacker lateral movement inside the network becomes of paramount importance to the organisation,” he said.

Ray Kafity, vice president Middle East, Turkey and Africa at Attivo Networks

Hackers are cunning, and investing in prevention alone isn’t enough, Kafity said. Investing in detection solutions is equally as important.

“Cybersecurity is too big a job for governments or businesses to handle alone. They both need to work together for a more concentrated defence,” he said.