For a successful business, a ransomware attack could be fatal, and businesses in Dubai are not immune to such attacks, said Netskope solutions engineer Steve Foster in an exclusive interview with Arabian Business.
Ransomware is a kind of malware that uses encryption to hold a business or an individual’s information at ransom. When a user or organisation’s data is encrypted, they will cannot access files, databases or applications.
A growing threat, ransomware attacks often lead to businesses paying billions of dollars to cybercriminals, to curb the attack. However, ransomware attacks can cause significant damage and businesses can incur heavy expenses.
“In the coming year, we will likely see more groups performing more devastating attacks, more affiliates being involved in these attacks, newer payloads and tools being used, and newer techniques like collaborating directly with malicious insiders,” Foster said.
Ransomware is a constantly evolving threat
Echoing the same sentiment, ransomware attacks are expected to become more “sophisticated,” according to NETSCOUT’s Emad Fahmy, who works as a systems engineering manager for the Middle East region.
“The will continue to evolve,” in 2023, he told Arabian Business, adding “malicious actors are also likely to continue targeting specific industries or types of organisations with ransomware attacks to maximise their profits.
Fahmy also said along with ransomware and malicious actors, another threat targeting businesses in the UAE are triple extortion attacks.
“These campaigns begin with infiltrating a network and stealing valuable assets such as source codes, authentication credentials, and other personally identifiable information (PII), while ransomware is simultaneously injected to encrypt valuable data or even entire storage systems,” he said, adding that cybercriminals then demand a ransom in exchange for the decryption keys.
Fahmy also stated that a distributed denial-of-service (DDoS) attack, or even the threat of one, amplifies the pressure.
DDoS attacks on an organisation’s can affect its “internet presence” if the ransom is not paid. These attacks then expose the entire security threat and failure to protect valuable assets.
“The bottom line is that increasing pressure tactics ups, by adding DDoS attacks increases the likelihood of a payoff, making ransomware an increasingly disruptive form of cybercrime that affects not only companies but also governments, schools, and public infrastructure,” he said.
Ransomeware groups treat all victims equally
According to Ivan Pisarev, Head of Dynamic Malware Analysis Team, based at Group-IB’s Threat Intelligence and Research Center, Dubai, ransomware groups treat “all victims equally,” with a few exceptions.
“Their tactics, techniques, and procedures (TTPs) are similar, and they do not differentiate between victims based on their location or industry,” he said.
If a ransomware group encrypts a large organisation, such as a government or military entity, “it can result in a high-profile PR push for the group and significant reputational loss for the compromised organisation,” Pisarev explained.
According to him, ransomware “will remain the top cyber threat” for businesses and organisations in 2023, irrespective of country. Pisarev added that rising geopolitical tensions will also lead to “greater” cyber attack numbers, especially on those companies that operate in “crucial infrastructure sectors, such as energy, manufacturing, and telecommunications.”
However, he added that the GCC is less “affected” by such attacks than other regions.
“The number of GCC companies that had data published on dedicated leak sites by ransomware groups following successful attacks between H2 2021 and H1 2022 was 42, just 1.45 percent of the global total of 2,886. During the reporting period, 14 companies in the UAE and 12 companies in Saudi Arabia were the most affected countries in the GCC region by ransomware-related data leaks,” he said.
Pisarev also added that between H2 2021 and H1 2022, “47 instances of network access to UAE companies being sold on the underground market, 26.3 percent of the entire total for the Middle East and Africa region, and we expect this number to be even higher for the next reporting period.”
Tackling ransomware attacks
Companies in the UAE must “be vigilant” and invest in cybersecurity infrastructure, according to Pisarev.
“We also recommend that companies work diligently to foster a culture of cybersecurity in the workplace by empowering their employees to maintain high cybersecurity standards and upskilling their IT personnel to stay abreast of all the latest cyber threat trends.”
Companies must use Managed Extended Detection and Response solutions to protect their infrastructure against targeted attacks, according to Pisarev and cybersecurity analysts must constantly stay informed and up to date of the latest TTPs leveraged by ransomware gangs.
On the other hand, if companies are hacked, or those that have detected traces of a ransomware group in their network infrastructure must “seek the services of a highly-experienced Digital Forensics and Incident Response team.”
Detecting in real-time is also a good way to tackle ransomware attacks, given businesses have the right tools.
Doing so, “results in faster detection, lower costs, and a stronger security posture that enables organisations to cope with the speed and scale of the evolving threat landscape,” according to NETSCOUT’s Fahmy
“One of the most prominent applications of AI and ML in cybersecurity is through intrusion detection systems (IDS). These systems monitor network data and detect irregularities that may suggest a potential intrusion using machine learning technologies,” he said.
Meanwhile, Netskope’s Foster recommends adopting a “Zero Trust approach to all IT services.”
“Replace traditional perimeter-based access controls that allow lateral data movement with Zero Trust Network Access to narrow any attack surface. Put controls in place to prevent unfiltered access to the internet and cloud services, and never forget that cloud services are now the one distribution source for ransomware. Ensure you know which cloud services your users are accessing and select security technologies that allow you to apply granular controls so that you can remove unnecessary risk without completely blocking employees from accessing useful cloud productivity tools,” he said.
Foster also said that in case an attack is detected, “always follow the response plan that you have created and ensure you have the right team in place from across your organisation to reduce any damage.”
Follow us on
