The UAE's 2016 Internet Security Threat Profile improved with its world ranking dropping from 41 in 2015 to 51 in 2016
Published: Fri 5 May 2017, 12:12 AM
The UAE is the second most targeted country in the Middle East for 'ransomware' attacks, in which cyber criminals steal and encrypt files until a ransom is paid, according to a new Internet Security Threat Report from security-giant Symantec.
According to Symantec, ransomware attacks are continuing to escalate worldwide as they provide a lucrative business for criminals. The company has identified over 100 new 'malware families' over the last year, more than triple the amount seen previously, as well as a 36 percent increase in ransomware attacks globally.
In the Middle east and Africa, the UAE was the second most targeted countries for ransomware attacks, behind Saudi Arabia, and ranked 26th worldwide. Symantec found 30 per cent of UAE ransomware victims are willing to pay a ransom, compared to 34 per cent globally. The highest figure was in the US, where 64 per cent of American victims are willing to pay a ransom.
Consequently, in 2016 the global average ransom spiked 266 percent with criminals demanding an average of $1,077 per victim up from $294 as reported for the previous year.
Large enterprises (more than 2,501 employees) in the country received the most emails containing malware and phishing, while small enterprises (less than 250 employees) received the most spam. Cybercriminals attack large companies given the bigger user and asset base, which makes them a more lucrative victim given the multiple attack vectors.
Additionally, the services industry in the UAE was the most affected by malicious emails (one in 53 emails), while 57 per cent of all emails received by organisations were identified as spam, higher than the global average.
Additionally, the report found that organised gangs and nation states are increasingly targetting financial institutions. "New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus," said Hussam Sidani, regional manager for Gulf, Symantec.
"The world has seen specific nation states doubling down on political manipulation and straight sabotage. In the Middle East, we saw Shamoon putting Saudi Arabia on high alert again after attacks were uncovered late 2016. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools, unsecured IoT devices and cloud services."
The UAE's 2016 Internet Security Threat Profile improved with its world ranking dropping from 41 in 2015 to 51 in 2016. In the Middle East and Africa, UAE improved its regional standing, dropping to 10th place compared to 6th the previous year. This shift indicates a lower global percentage of source-based security threats, including malicious code, spam, phishing hosts, web and network attacks, and bots originating in the country. However, the country was heavily targeted for ransomware, the second highest in the Middle East and Africa region, and representing about 0.5 per cent of all global detections.
"UAE has taken commendable measures at federal, public and private levels to solidify cybersecurity in the country. Furthermore, various entities have made efforts to identify and foster future cybersecurity specialists, and there is also a growing awareness about cyberthreats in the weakest link in the chain -the end user or consumer," added Sidani.
reporters@khaleejtimes.com
Ransom numbers for UAE
2nd - position of UAE in ransomware attacks in Mena region
26th - UAE's position worldwide
30% - UAE ransomware victims willing to pay
1 in 53 - emails targeting services industry in the UAE
51 - UAE ranking in 2016 Internet Security Threat Profile (worldwide)
10 - UAE ranking in 2016 Internet Security Threat Profile (Mena)