Guarding against cyber espionage [Gulf News (United Arab Emirates)]Naushad K.Cherrayil Staff ReporterAl Bawaba Ltd.
Dubai Stuxnet, Duqu, Flame, Gauss, Wiper, Mahdi and Shamoon. These are not the names of people or streets.
These are the viruses that are targeting Middle Eastern companies to steal and destroy data from the hard disk, and creating havoc for the past two years.
Attacks carried out by young politically-motivated hackers such as the ones that grabbed headlines in Saudi Arabia do expose the security weaknesses in organisations in the Middle East.
The scope of cyber espionage in the Middle East has widened, even after security experts blew the operation's cover.
For years, industrial control systems and automation systems were considered beyond the reach of cyber criminals and nasty nation state actors because they were not connected to the internet.
In fact, cyber security experts from Kaspersky, Symantec and Sophos for years have been warning that critical infrastructure operational technologies lack appropriate cyber defences. (anti-hacking and anti-virus software, it is an industry term) The threat is especially strong in rapidly growing sectors such as oil and gas that operate in multiple locations, or to businesses that might be adopting cloud-based ICT infrastructures to help them spread/share data across multiple locations and help company users access data wirelessly.
Stuxnet, was the first serious wake-up call that industrial control systems, like those that control nuclear and most other power generation plants, are susceptible to cyber attacks, just like the rest of the systems that control the free, and not so free, world, from critical infrastructure to your desktop computer at home.
The recent Mahdi Trojan targeted mainly at Iran's energy industry has brought the total number of infections found so far to nearly 1,000.
Stuxnet Trojan was targeted at Iran's nuclear programme in 2010. After that virus was uncovered by security researchers, authorities in Iran discovered it in a uranium enrichment facility that it had targeted.
"Corporations operating in the region can learn from others' inability to prevent these attacks and, in doing so, protect the region's hard-earned intellectual capital as well as their financial and political stability," said Roger Cressey, senior vice-president at Booz Allen Hamilton, and a counterterrorism and cyber security expert.
Middle East businesses need to remember that cyber espionage is an immediate threat, attacks are often highly targeted and that effective attacks are more often carried out for monetary gains than for political reasons, he said.
Roel Schouwenberg, a senior researcher with Kaspersky Lab, suspects the campaign is being run by hacker activists, or "hactivists," who are either funded by a government or provide information they collect to a country for ideological reasons.
He declined to say which country might be involved.
Cressey said the hacker attacks on Saudi Aramco serve as a reminder that no business in the Middle East is immune from security threats.
"Among MENA clients we talk to, the number one mistake they make is to believe that cyber attacks and cyber espionage are a Western' problem and not issues that affect the Middle East," he said. "The fact is that coordinated cyber attacks can bring any business, anywhere, to its knees."
The Gulf represents a prime target for attacks, with the region's economic strength and widespread usage of social media making it an attractive target, Cressey said.
Unscrupulous competitors, disgruntled employees and the stakes to be gained from stealing valuable data from oil companies or the banking sector are a "significant threat".
"Espionage happens all the time," said Mikko Hypponen, chief research officer at anti-virus software maker F Secure.
"In the old days you had to go where the information was to copy it; today it is on computers and networks."
Flame is the biggest and most high-functioning cyberweapon ever discovered. It is comprised of multiple files that are 20 times larger than Stuxnet and carry about 100 times more code than a basic virus, experts said.
"We have strong beliefs that there are nations behind these malwares," said Vitaly Kamluk, the chief malware expert for Kaspersky Lab. "We assume it's related to the regimes and political situation in the Middle East."
Let us learn from Iran and Saudi Arabia's mistakes rather than waiting for the lights to flicker here and don't fall prey to the hactivists, he said.
"Businesses need to reinforce their defences inside and out, and what happened in Iran and Saudi Arabia give a perfect wake-up call to many that think they are already strong enough to withstand attack," Cressey said.