GOVERNMENT STAFF AT RISK AFTER CYBER ATTACKS ON UAE WEBSITES
▶ Experts warn of need for tighter security on malicious documents,
Emirati government officials may have been compromised by a cyber attack that could leave staff vulnerable to blackmail, analysts said.
Researchers at the respected Cisco Talos Intelligence Group said that UAE police forces and the country’s Telecommunication Regulatory Authority, which has a role in protecting against cyber attacks, were among the targets.
Also hit in the infiltration attempt by the mysterious group, which has not been identified, were Lebanon’s finance ministry and Lebanon’s Middle East Airlines.
The scheme could have allowed the hackers to access confidential information and gain access to emails.
Cisco outlined details of the attempts in a briefing note by analysts this week.
The TRA has previously described attempts by hacking groups to infiltrate government and private sector companies, including 34 hacks on websites in January this year.
One of the attacks tried to trick people into downloading Word documents infected with spy software on a fake jobs website, which was disguised as a page belonging to a legitimate company. Web activity suggests the campaign targeted the UAE.
The other attempted to redirect web users from legitimate government web addresses to fake sites, potentially leaving members of the public vulnerable to uploading sensitive personal information to hackers rather than the authorities.
The identification of the attack came after DarkMatter, a UAE cyber security company, released a report in which it said it had found several “common, preventable cyber security weaknesses” in the country.
Outdated software, weak passwords and a lack of awareness were making some entities a soft target for cyber criminals, it said.
The latest attack showed the need for organisations and businesses to upgrade their security, said Hoda Al Khzaimi, the director of the Centre of Cyber Security at New York University Abu Dhabi.
“The attack relies on having a weak infrastructure when it comes to web security and people to click on postings to download malicious documents,” she said. “This is textbook, which means we have to upgrade our infrastructure and the way we build security.”
Warren Mercer and Paul Rascagneres, the authors of the blog exposing the attack, said they were unable to link the criminals to any previous activities through analysis of their tactics or IP addresses.
“Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates affecting .gov domains, as well as a private Lebanese airline,” they wrote.
“It’s clear that this adversary spent time understanding the victims’ network infrastructure to remain under the radar and act as inconspicuous as possible during their attacks.”
The fake job attack affected users in October, before spreading this month.
The separate “DNS redirection attack” was launched between September and November, leading to some public sector servers in the UAE being compromised with users unwittingly directed to “attacker-controlled IP addresses,” it is claimed.
The analysts said several public sector servers in Lebanon and the UAE “were apparently compromised”.
“We don’t know if the redirection attack was ultimately successful, or what exact purpose the DNS redirection served,” the authors wrote.
“However, the impact could be significant, as the attackers were able to intercept all traffic destined for these host names during this time.
“Because the attackers targeted email and VPN traffic specifically, they may have been used to harvest additional information, such as email and/or VPN credentials.
“Since the attackers were able to access email, they could carry out additional attacks or even blackmail the target.”
The UAE has tried to beef up cyber security policies over recent years, while private sector companies have also come under attack.
Careem, the Dubai ride-hailing app, revealed this year that the personal information of up to 14 million users, across the Middle East, North Africa, Pakistan and Turkey had been stolen by criminals. There was no evidence, however, that credit card numbers were accessed.
The UAE government, meanwhile, rolled out an upgrade to cyber security systems across federal bodies last year.
The scheme could have allowed the hackers to access confidential information and gain access to emails