GOVERN­MENT STAFF AT RISK AF­TER CY­BER AT­TACKS ON UAE WEB­SITES

▶ Ex­perts warn of need for tighter se­cu­rity on ma­li­cious doc­u­ments,

The National - News - - NEWS - DANIEL SAN­DER­SON

Emi­rati govern­ment of­fi­cials may have been com­pro­mised by a cy­ber at­tack that could leave staff vul­ner­a­ble to black­mail, an­a­lysts said.

Re­searchers at the re­spected Cisco Ta­los In­tel­li­gence Group said that UAE po­lice forces and the coun­try’s Telecom­mu­ni­ca­tion Reg­u­la­tory Au­thor­ity, which has a role in pro­tect­ing against cy­ber at­tacks, were among the tar­gets.

Also hit in the in­fil­tra­tion at­tempt by the mys­te­ri­ous group, which has not been iden­ti­fied, were Le­banon’s fi­nance min­istry and Le­banon’s Mid­dle East Air­lines.

The scheme could have al­lowed the hack­ers to ac­cess con­fi­den­tial in­for­ma­tion and gain ac­cess to emails.

Cisco out­lined de­tails of the at­tempts in a brief­ing note by an­a­lysts this week.

The TRA has pre­vi­ously de­scribed at­tempts by hack­ing groups to in­fil­trate govern­ment and pri­vate sec­tor com­pa­nies, in­clud­ing 34 hacks on web­sites in Jan­uary this year.

One of the at­tacks tried to trick peo­ple into down­load­ing Word doc­u­ments in­fected with spy soft­ware on a fake jobs web­site, which was dis­guised as a page be­long­ing to a le­git­i­mate com­pany. Web ac­tiv­ity sug­gests the cam­paign tar­geted the UAE.

The other at­tempted to re­di­rect web users from le­git­i­mate govern­ment web ad­dresses to fake sites, po­ten­tially leav­ing mem­bers of the pub­lic vul­ner­a­ble to up­load­ing sen­si­tive per­sonal in­for­ma­tion to hack­ers rather than the au­thor­i­ties.

The iden­ti­fi­ca­tion of the at­tack came af­ter DarkMat­ter, a UAE cy­ber se­cu­rity com­pany, re­leased a re­port in which it said it had found sev­eral “com­mon, pre­ventable cy­ber se­cu­rity weak­nesses” in the coun­try.

Out­dated soft­ware, weak pass­words and a lack of aware­ness were mak­ing some en­ti­ties a soft tar­get for cy­ber crim­i­nals, it said.

The lat­est at­tack showed the need for or­gan­i­sa­tions and busi­nesses to up­grade their se­cu­rity, said Hoda Al Khza­imi, the di­rec­tor of the Cen­tre of Cy­ber Se­cu­rity at New York Uni­ver­sity Abu Dhabi.

“The at­tack re­lies on hav­ing a weak in­fra­struc­ture when it comes to web se­cu­rity and peo­ple to click on post­ings to down­load ma­li­cious doc­u­ments,” she said. “This is text­book, which means we have to up­grade our in­fra­struc­ture and the way we build se­cu­rity.”

War­ren Mercer and Paul Rascagneres, the au­thors of the blog ex­pos­ing the at­tack, said they were un­able to link the crim­i­nals to any pre­vi­ous ac­tiv­i­ties through anal­y­sis of their tac­tics or IP ad­dresses.

“Cisco Ta­los re­cently dis­cov­ered a new cam­paign tar­get­ing Le­banon and the United Arab Emi­rates af­fect­ing .gov do­mains, as well as a pri­vate Le­banese air­line,” they wrote.

“It’s clear that this ad­ver­sary spent time un­der­stand­ing the vic­tims’ net­work in­fra­struc­ture to re­main un­der the radar and act as in­con­spic­u­ous as pos­si­ble dur­ing their at­tacks.”

The fake job at­tack af­fected users in Oc­to­ber, be­fore spread­ing this month.

The sep­a­rate “DNS re­di­rect­ion at­tack” was launched be­tween Septem­ber and No­vem­ber, lead­ing to some pub­lic sec­tor servers in the UAE be­ing com­pro­mised with users un­wit­tingly di­rected to “at­tacker-con­trolled IP ad­dresses,” it is claimed.

The an­a­lysts said sev­eral pub­lic sec­tor servers in Le­banon and the UAE “were ap­par­ently com­pro­mised”.

“We don’t know if the re­di­rect­ion at­tack was ul­ti­mately suc­cess­ful, or what ex­act pur­pose the DNS re­di­rect­ion served,” the au­thors wrote.

“How­ever, the im­pact could be sig­nif­i­cant, as the at­tack­ers were able to in­ter­cept all traf­fic des­tined for these host names dur­ing this time.

“Be­cause the at­tack­ers tar­geted email and VPN traf­fic specif­i­cally, they may have been used to har­vest ad­di­tional in­for­ma­tion, such as email and/or VPN cre­den­tials.

“Since the at­tack­ers were able to ac­cess email, they could carry out ad­di­tional at­tacks or even black­mail the tar­get.”

The UAE has tried to beef up cy­ber se­cu­rity poli­cies over re­cent years, while pri­vate sec­tor com­pa­nies have also come un­der at­tack.

Ca­reem, the Dubai ride-hail­ing app, re­vealed this year that the per­sonal in­for­ma­tion of up to 14 mil­lion users, across the Mid­dle East, North Africa, Pak­istan and Turkey had been stolen by crim­i­nals. There was no ev­i­dence, how­ever, that credit card num­bers were ac­cessed.

The UAE govern­ment, mean­while, rolled out an up­grade to cy­ber se­cu­rity sys­tems across fed­eral bod­ies last year.

The scheme could have al­lowed the hack­ers to ac­cess con­fi­den­tial in­for­ma­tion and gain ac­cess to emails

Newspapers in English

Newspapers from UAE

© PressReader. All rights reserved.