Ashraf Koheil, Director of Business Development, Middle & Africa at Group-IB, has stated his belief that the security solution and service provider has the ‘complete platform’ when it comes to cybersecurity in a conversation with CNME Editor Mark Forker.
Group-IB’s Ashraf Koheil has been in the Middle East region for over 10 years, and during that time he has cultivated a reputation as a key thought leader within the cybersecurity ecosystem.
Prior to his appointment as Regional Director for the Middle East & Africa at Group-IB, Koheil held senior positions at Microsoft and FireEye.
We began our conversation by discussing some of findings that emerged from a comprehensive report that examined new threat actors and global scams during a recent virtual summit that was held by Group-IB.
It has been claimed by some security analysts that the UAE and other GCC nations are more vulnerable than other developed nations when it comes to cyberattacks. According to Koheil the United Arab Emirates has been a victim of its own success.
“I think in terms of cyberattacks it is fair to say that the UAE is targeted more than other nations in the region, and the primary reason for that is the fact that the UAE is leading in so many areas when it comes to technology and innovation. EXPO 2020 is a great illustration of that sort of visionary leadership that fosters new innovations. However, as we know threat actors follow the noise and go where the big brands are based. I would stop short at saying the UAE is being singled-out, but it is certainly a big attraction simply because they lead on innovation and digital transformation”, said Koheil.
Koheil also highlighted that when businesses embark on large transformation projects then there is always the inevitable risk that some will lag and fall behind, which creates a pathway for scammers and cybercriminals.
“We know that the UAE government leads on innovation, and they always set the bar high for businesses in terms of the transformation required, so in many ways it’s rather inevitable that there will be some that lag behind, as some enterprises that are bigger than others will be able to comply faster than SMBs for example, so that’s how it can be easy for threat actors to target some enterprises”, said Koheil.
One other interesting statistic that emerged from the report was that more than 130 well-known and popular brands had been the victim of impersonation attacks. According to the recently published fifth part of Group-IB’s report HI-TECH CRIME TRENDS 2021/2022 “Scams and phishing: the epidemic of online fraud”, another trending scam that has been gaining popularity is the use of special targeted links, fine-tuned for a specific victim. Group-IB Digital Risk Protection analysts have recorded the presence of this targeted scam in over 100 countries worldwide, including in the the GCC region. The users receive a rogue unique link customised for their victim, which utilises the potential victim’s unique parameters (country, time zone, language, IP, browser, and etc.) to display the relevant content on the scam page. The targeted link most frequently leads to the website with the notorious surveys. Very often scammers promise a large prize for completing the survey. But after completing this survey, the user will be asked to fill out a form with their personal data or payment data which goes straight to scammers. It’s extremely hard to detect and take down as scam actors create a targeted link customised for a specific user so that it doesn’t display any content to those who attempt to follow it without specific cookies,” said Koheil.
Again, Koheil outlined how the hackers were clever in terms of monitoring which entities were embarking on large marketing campaigns to again exploit unsuspecting end-users.
“Brand equity is massively important. it’s big money, and it is a large part of a company’s market capitalization. If you examine the marketing investments being made by the biggest brands in the UAE, whether they are telecom providers, retailers, or airlines, the scammers follow that because if enterprises are advertising aggressively across all the mediums available to them then this inevitably creates noise and draws attention, which is want they want from a consumer perspective, but the negative consequence of the marketing campaign is that it alerts those potential threat actors. Companies send offers directly to their customers, so as a consumer if you get 5 offers, you’re not going to know if the 6th or 7th is a scam, as all your identifying with is the brand logo, and that’s why so many are falling victim to these types of attacks,” said Koheil.
In terms of what can be done to combat and thwart brand impersonation attacks in the future, the Group-IB executive believes a combination of greater cyber education and responsible approach to digital risks mitigation on the part of big-name brands would be the appropriate remedy for the issue.
“An important component in stopping brand impersonation attacks is cyber education. Scams thrive on lack of information and silence. We need to better communicate to consumers about the trending tools used by scammers and educate how to spot them. I think from the enterprises perspective they need to ensure that their marketing campaigns adhere to the secure guidelines that are in place. Banking providers, to their credit, always state when they are marketing that they will never ask a customer for their personal information and businesses need to continually reinforce these messages when launching marketing strategies. Finally, users alone can hardly do anything about the spread of scam. Companies should focus on monitoring and taking down scammers’ entire infrastructures, instead of blocking separate violation. It’s important to gather knowledge about their evolving schemes tailored to target a particular entity and investigate the violations to bring the perpetrators to justice together with law enforcement”, said Koheil.
Over the last 12 months, we have seen some high-profile ransomware attacks that have had some devastating economic ramifications for those targeted.
The economics of modern-day ransomware attacks are a far cry from the very first ransomware attack on a bank which was for $189 dollars, as Koheil pointed out the average ransomware attack on a bank last year was $1.25 million.
According to the Group-IB’s HI-TECH CRIME TRENDS 2021/2022, data relating to 2,371 companies were released on ransomware DLS (Data Leak Sites) over H2 2020–H1 2021. This is an increase of an unprecedented 935% compared to the previous review period, when data relating to 229 victims was made public.
In the Middle Eastern region at least 50 organisations fell prey to ransomware attacks so far in 2021. To compare, in 2020, the data on 27 companies in the Middle Easter region was released on DLS, which is an increase of 85%.
When asked for his view on the opinion that businesses should never pay a ransom, he agreed, but said that in many instances it’s not as black and white as that.
“I would agree with the categorical answer that you should not pay the ransom, but there are so many different scenarios where it becomes very difficult to judge the situation for the business. In my opinion, ransomware is like crying over spilled milk, because there are so many easy functionalities and features today to support and prevent ransomware. However, when we say don’t pay the ransom we need to explain why. If you look at the threat landscape today, then ransomware is like the Facebook of organised crime. Unfortunately, I have been in meetings with clients where they have disclosed that they will not invest in security infrastructure because if they get hit by a ransomware attack then they’ll probably end up paying for it. That’s obviously the wrong approach, the question businesses need to ask themselves is what can we do to prevent an attack?” said Koheil.
In terms of what businesses needed to do to bolster their security offering, Koheil bemoaned the fact that many enterprises still believe that having the best technology will protect them from cyberattacks.
“Many organisations believe that because they have the latest technology, or the best-in-class solution, or the most expensive firewall that they are protected, but that is not the case. There are three key factors that enterprises need to consider. We know that technology is important, but even if it works 99.9% of the time, there is always the risk of that 0.1% when it fails. Secondly, we also look at the skillsets required within organisations, and we make sure that there is a transfer of knowledge, so these teams have the best pilots for the planes that they have invested in. The final piece is the escalation itself, and the escalation, efficiency and KPIs needs to happen through constant security fire drills,” said Koheil.
In terms of what differentiates Group-IB from other security vendors, Koheil believed it was a combination of their commitment to transferring knowledge and their product lifecycle that distinguished them from their market rivals.
“Group-IB has a complete platform. We are not a firewall company, and we have very specific surgical set of solutions that moves your environment from good to great. We are probably one of the very few companies in which the No.1 mandate of all our services is knowledge transfer. Knowledge transfer is so important to us. For example, when we do an incident response with a client, after which we will then spend two days on incident response training, and this is something that is simply not done by others in the market. I think another key differentiator for us is our product development lifecycle, it is very impressive. There is not a quarter that goes past where we don’t add new functionalities to our products, and the feedback we get back from our clients also serves to reinforce that,” said Koheil.