E-Paper
Sign In
Sat, Nov 23, 2024 | Jumada al-Awwal 21, 1446 | DXB
0°C
Companies in the Middle East face online extortion threats
Online extortion is the new game in town with hackers and other cyber criminals demanding huge ‘ransoms’ from companies, according to security experts.
Distributed Denial of Service attacks (DDoS) is a ploy used by criminals in which they threaten to take down a company’s website unless large sums of money changes hands.
Enterprises or businesses which rely heavily on the Net are becoming more vulnerable against these criminals and their mode of operations, says Arbor Networks, which helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats.
Firms which come in the firing line of the attackers face the risk of their websites going offline. These ransom-based cyber attacks are gaining ground in Middle East. Arbor’s director of Security Research Dan Holden says extortion attacks account for 15 per cent of all DDoS attacks — the online security firm reports some 10,000 daily.
Arbor officials say the top three countries targeted in the Middle East this year are Saudi Arabia (30.4 per cent of attacks), Egypt (27.3 per cent) and Iran (11.3 per cent).
Such attacks are aimed at bringing down a company’s website or server by bombarding it with packets, which originate from a large number of geographically distributed bots. “The size of volumetric DDoS attacks continues to increase year over year, and they remain a major threat to enterprises and Internet Service Providers (ISPs) alike. In fact, Arbor’s research shows that the average size of DDoS attacks was 20 per cent higher in 2013 than in 2012.”
When asked about the sources of the attack, he says it is “very difficult” to tie down the “true origin” of attacks from looking at attack data. Traffic involved in any attack may originate from a large number of machines which have been compromised by malware or used to reflect attack traffic originally generated elsewhere.
Motivation for these incidents online have broadened. Ideological hacktivism, extortion, competitive takeout etc., mean that organisations are now being targeted for many reasons.
“Organisations in the Middle East should under no circumstances agree to pay the ransom—– it can set a dangerous precedent and encourage more attacks in the future and while it might make the pain go away in the short term, the long term results are generally not worth it.”
Arbor says companies that are especially vulnerable to this type of attacks are those with no or limited DDoS protection or ones that lack the resources to deal with either volumetric- or application layer-based DDoS attacks.
This is how an attack works: Once the criminals choose a target, the attackers conduct a ‘sample’ DDoS attack, which lasts for a short period of time and is followed by a threat of further attacks if ransom isn’t paid. Sometimes they simply skip the display of power and proceed straight to the ransom request. The targeted company is then faced with two obvious choices: Either pay up or brace itself for further attacks.
How are companies to deal with the scenario? Holden says many companies still rely on reactive measures such as router filters and firewalls, which are inefficient and not sophisticated enough to protect against organised cybercrime.
allan@khaleejtimes.com
Allan Jacob
A news junkie with an abiding interest in foreign affairs. I'm a keen follower and learner of the media and how it will pan out in the future when the common man and woman will themselves be journalists and not just sources of information. Lead a team of bright journalists who are driving the change and have their feet on the ground.
Sign Up For Breaking News Alerts
Be in the know. Get the latest breaking news delivered straight to your inbox.
Next Story