The Gulf Cooperation Council (GCC) countries are expected to see a general increase in state-sponsored activities or APTs (advanced persistent threats) more than the criminal activity this year, an industry expert said.
Simone Vernacchia, partner and head of digital, cybersecurity resilience and infrastructure at PwC Middle East, told TechRadar Middle East that geopolitical tensions have given rise to attacks targeting critical national infrastructure and taking the systems offline by cyber warfare is one the biggest worry in this region, followed by profit criminal activity.
Moreover, he said that there is tension in this region from a geopolitical perspective and there is interest from different global actors to perform attacks aimed at disrupting the critical infrastructure as it will have massive consequences to national security.
“It is cheaper and a way to disguise than sending an army, just by sitting in front of the computer. There have been cases already and it will happen again next year,” he said.
Vernacchia expects more attacks aimed at stopping or compromising the availability of main supplies in the region such as oil and gas, petrochemical and electricity grid.
For example, a blackout in Ukraine and the destruction of nuclear enrichment centrifuges in Iran.
Researchers have identified a new malware – Snakehose – which kills specified OT/ICS-related processes to ensure that the ransomware would impact the data and files used by the specific enumerated software.
However, at the moment there is no strong evidence indicating that the malware was built to specifically target OT environments.
“Electricity grid is important in this region compared to many other parts of the world. Stoppage of A/C and water supply would hit the economy hard in the region, especially in summer,” Vernacchia said.
Although, while politically it is easy to say a country is behind an attack, certainty of attribution to a nation-state is always “difficult”.
“We have found attackers putting comments in specific languages, or even coding at a specific time in the day to forge proof a different nation-state is behind the attack. Everyone would try to disguise themselves as someone else and in some cases; it would be of vested interest in a bid to try to pretend it is someone else to ignite a reaction.
While a considerable number of countries require disclosure of attacks and provide consumers with a way to understand if their data may be abused as well as providing an image impact for low cybersecurity maturity, he said the region’s progress on requiring this has been limited so far.
“In the West, you are supposed to disclose the breach. In the region, it is not required by any government or entity to disclose the breach publicly when compared to the EU, California or some other countries,” he said.
Moreover, he said the digital transformation which is taking place in heavy industrials is pushing towards connecting OT (ICS and SCADA devices) and IT and this is creating new challenges by increasing the potential for remote attackers to penetrate the OT network of critical infrastructure, also due to the pace at which this transformation is happening in the region.
Vernacchia said this can also allow ransomware infections to move from IT to OT and affect the operation of critical infrastructures
At the same time, he said that the region has seen financially motivated attacks mainly aimed at smaller entities performing big yet rare financial transactions.
“There were some entities, in the region’s free zones, which are dealing with equities and debit transactions and attackers found the way to funnel money out usually to Taiwan or Hong Kong and from there to Mainland China or Africa,” he said.
However, he said that the criminal activity will keep growing at the financial hubs such as Dubai, Abu Dhabi and Bahrain but it will be less when compared to the West due to the fact these transactions involve a limited number of individuals and a higher level of personal trust when compared to same size transactions happening in larger economies.
“From a criminal investment perspective, there may be a lot more fun in attacking bigger geographies,” he said.