Sun, Dec 22, 2024 | Jumada al-Aakhirah 21, 1446 | DXB ktweather icon0°C

Ignore those dangerous e-attachments, please

Top Stories

Ignore those dangerous e-attachments, please

Dubai - Hackers on prowl to hijack internal e-mails of firms.

Published: Wed 13 Jan 2016, 6:11 PM

A professional hacker hijacked internal e-mails between departments of a Dubai-based trading firm to dupe staff members into invoicing funds to a foreign bank account. UAE-based cybersecurity company Torrid Networks detected the incident, which they say is a sign of increasing cybercrime in the country.
Torrid Networks - which has operated in the UAE for the last three years - has worked on a number of other investigations into cyberattacks on local trading firms, as well as with government officials in the UAE and India.
Once alerted to the recent cyber intrusion, a team of Torrid Networks investigators discovered that the hacker gained entry into the company networks by sending e-mails from a false e-mail address - fundtransfer@hsbc.com - which contained malware in attachments. Once staff members opened the attachments, the malware discreetly installed itself and began recording user keystrokes and taking screenshots which the hacker received via e-mail every 30 minutes.
In an interview with Khaleej Times, Torrid Network CEO and founder Dhruv Soi said the company could have suffered significant financial losses if the cyberattack had not been detected early on.
"The company engaged us at the right time and the team was able to figure out that something fishy was going on," he said.
"In another case, the company ended up transferring $1 million. If the money is transferred, it becomes a case for international police engagement, and courts have to come into the picture, and (the) Interpol. Most of the time the transfers are irreversible.
"In the UAE, this is very, very common. It's a trading hub and a lot happens in a day."
Soi noted that although the software used in the attack was relatively unsophisticated compared to other cyberattacks, the hacker successfully managed to fool company staff into installing the malware.
"It's common sense (to not open attachments), but common sense is most uncommon," he said.
Additionally, Soi said that educating employees about basic cybersecurity measures is the best way to prevent such incidents from occurring, rather than relying on antivirus software.
bernd@khaleejtimes.com



Next Story