COVID-19 restrictions across the region have meant the number of people working from home has skyrocketed. According to a regional cyber security firm, cyber-crime and ransomware attacks have soared in tandem.
Amir Kolahzadeh, managing director of Itsec, a leading cyber security company in the Middle East, told Al Arabiya English that figures suggest cyber-attacks by online conmen have grown by as much as 300 per cent since the outbreak of the pandemic.
This, said Kolahzadeh, is due to a lack of security on home computers, and an increase in traffic on apps such as Zoom and WhatsApp.
“The Middle East, like anywhere else in the world has been affected by the COVID-19 pandemic and this has definitely given opportunistic cybercriminals to exploit previously ignored and low value targets.”
“The reason for this surface attack shift is primarily due to remote working.”
“As cyber criminals realized that the corporate communication now has left the secure office boundaries into the homes of the employees - which are not secured - it has become the best way to exploit obviously data, and other information by hacking personal devices or internet routers of individuals at home.”
More companies need to work on cybersecurity improvement and increase awareness among employees.
Often cyber security breaches are down to “human error”, such as individuals receiving emails that claim to have payments included in them, said Kolahzadeh.
Upon clicking the attachment, malware will infect, and restrict access to some files then demand the user to pay a ransom to have the encryption or lock removed.”
Another malware, Zeus, worked by installing itself on a computer when the victim clicked on a link in an unsolicited email, or via a website. The virus lies dormant until it finds an opportunity to obtain a person’s private details, such as online banking information.
“The pandemic has not brought any vulnerabilities to any system,” Kolahzadeh said. “It has only caused a shift of focus from hackers.”
For example, he said, 95 percent of all home internet routers are unsecured.
“They are taken out of the box plugged and forgotten about, other than once or twice a month unplugging it when the internet is slow.”
“Most of these have the default username and password which makes it an extremely easy target to attack and take over. So, this security challenge has always been there, the only difference is that in the past it was not worth the time or effort for hackers to exploit such a target because there was nothing of importance utilizing these devices.
“With the COVID-19 pandemic and a push to work from home, now suddenly people’s valuable information, documentation, can be exploited by hackers using these unsecured devices.”
It has meant that cyber crime is spreading as quickly as the virus itself, said Kolahzadeh.
“We have seen approximate increase of 300 percent in attackers, however that seems to on par with the rest the world.
“Notable here, people have targeted the healthcare industry, WhatsApp numbers in the region and Zoom calls have been a top target.”
Kolahzadeh said there are measures companies can take to protect themselves from cyber attacks.
“There are certain solutions and technologies combined with proper cyber security awareness programs to educate users about the risks and forcing the right protocols - this should prevent majority of these fraudulent exploits.”
During the height of the pandemic, the United Arab Emirates government’s top cyber security chief warned that the Middle East region is facing a “cyber pandemic” with growing COVID-19 related attacks.
“As we moved into a full online life, we saw a huge increase in many of those attacks,” Mohamed al-Kuwaiti, head of UAE Government Cyber Security said at the time.
The UAE has seen an “at least 250 percent increase” in cyber attacks , al-Kuwaiti said in June, as the pandemic forced organizations around the world to reconsider how, and where they work. Hackers and malicious actors took advantage of increased digital adoption.
“There is a cyber pandemic, not only a biological pandemic,” he said.
“The financial sector was one of the most attacked areas, as well as the health sector,” al-Kuwaiti revealed, without going into specific detail about the nature of the incidents in the UAE, or whether they were successful.
The comments offer a snapshot into the increasingly challenging cybersecurity environment in the UAE and the wider Middle East region, where security breaches and attacks are widespread, frequently undetected and often state-sponsored.