A FireEye study has revealed key insights on the state of cyber-attacks across the EMEA (Europe, Middle East and Africa) region, particularly in the countries of the GCC (Gulf Cooperation Council).
In recent years, the GCC states have witnessed a spate of attacks, targeting key industries and critical infrastructure. The Regional Advanced Threat Report for EMEA provides an overview of APTs (Advanced Persistent Threats) targeting computer networks that were discovered during the second half of 2015. Financial, geopolitical and economic changes made 2015 a very busy year for the region, particularly in the cyber realm. When comparing the second half of 2015 to the first half, FireEye has identified a considerable degree of evolution in the EMEA cyberthreat landscape while monitoring changing cyber trends.
Key findings by FireEye include:
- Emerging nation-state sponsored threat actors from the Middle East were identified, making an impact in terms of the volume of potential attacks.
- The number of alerts in the GCC doubled during 2015, with a noticeable rise during the second half of the year.
- Macro driven malware detections in the GCC also rose during the second half of 2015. Cybercriminals continue to utilise macro-embedded Microsoft Office documents to deliver malicious payloads.
- Advanced threats are increasingly targeting governments, the energy sector and the financial services industry in the GCC. These three verticals alone accounted for 65 percent of identified attacks.
- Cyber attacks continue to reflect on-going real-world events. Turkey in particular witnessed a substantial rise in attacks (27 percent of all attacks in the EMEA region) in the second half of 2015, coinciding with a change in the political climate in the country.
- Ransomware continues to pose a threat to organisations, with the malware development lifecycle being so short that a strong defence is still a major challenge for many organizations.
The evidence highlighted in the report demonstrates that geopolitical, financial and economic changes happening in the real world are mirrored in cyberspace as well. The changes to the threat landscape between the first half and the second half of 2015 are considerable, demonstrating once more the speed at which threat actors operate.
“Over the years, we have seen that real-world developments are being played out in cyberspace, and 2015 was no exception. As cyberattacks continue to rise at an alarming rate, traditional security solutions will prove to be inadequate in the long run,” says Richard Turner, President for the EMEA region at FireEye. “Geopolitical developments and the GCC’s position as a hub for finance, energy, real estate, retail, tourism and aviation have put it in the crosshairs of a wide range of cyber attackers. The high level of connectivity in the region also makes it ripe for opportunistic and advanced threat actors. FireEye’s Advanced Threat Report summarises intelligence on cyberthreats, aiding companies by providing invaluable insights and helping them allocate resources towards a robust defense infrastructure.”
Motivated by numerous objectives, threat actors’ capabilities and level of sophistication are rapidly evolving to steal more information, including personal data and business strategies, in order to gain a competitive advantage or degrade operational reliability. Looking forward, FireEye predicts that malicious actors targeting entities in the GCC region are going to become even more disruptive as attackers modify or destroy targeted data.
In light of these developments, it is highly recommended that organisations take the following steps to defend themselves from the latest generation of emerging cyberthreats:
- Assume your organization is a target and that your existing security controls can be bypassed. No entity is off-limits to a cyber-attacker.
- Establish a cyber risk framework that enables the business with board-level sponsorship.
- Acquire threat intelligence in order to augment and enrich detections from your sensors.
- Establish an incident response/management service that will enable you to detect and react to an APT event quickly, mitigating the impact of a breach as much as possible.
- Bring in the right technology that could identify these new threats.
- Establish a clear response plan with board-level sponsorship and involvement to be prepared if a breach does occur.