When asked if the Russians were involved, Kafity, says: “We haven’t directly observed APT28 (or other Russian threat groups) target entities in the UAE, however, that does not mean that UAE entities won’t be targeted in the future.”
There have been several instances in which it appeared to target the governments and militaries of countries with which the Russian government was attempting to strengthen relationships. For example, it appeared to target Mexican and South African government agencies at the same time that Russia was building out increased partnerships with those countries, particularly expanding their trade relationships and increasing weapons sales.
“We don’t discount the possibility that Russia-based threat groups may target entities in the UAE, particularly given the growing economic relationship between the two countries, and both governments’ stated interest in expanding bilateral relations.”
The two countries are talking of increasing trade, energy investments and business partnerships, and therefore, targets might include government agencies closely involved in these discussions.
“Just to be clear, what we have announced is a report on cyber espionage operations (not attacks) that (are) likely benefit the Russian government. Again, the key word here is likely, we are not saying that we definitely know that APT28 works for the Russian government, we are assessing — based on the targets APT28 chooses and characteristics of the malware they develop — that the Russian government has most likely sponsored the group since at least 2007. We are very careful in making an assessment (based on our data and research).”
Last month, security firm Symantec revealed the presence of a malware named Regin, which was involved in “systematic spying campaigns against a range of international targets”. These included governments, infrastructure operators, businesses, researchers and individuals.
The virus had some links to Stuxnet, which was allegedly used by US and Israeli governments to attack computer networks involved in disputed Iran’s nuclear programme some years ago.
Nicolai Solling, Director of Technology Services at Help AG, says there are many state-sponsored actors actively dispensing malware and so-called new generation worms. “It is a poorly hidden truth that both Western, Asian and former Eastern bloc countries are developing and sponsoring the generation of malware or funding espionage programmes utilising malware and advanced persistent threats.
“Very close to our own backyard, we have seen an element of campaigning that is either been state-sponsored or is being carried out by groups that are loyal to the Syrian government — and they were also attacked by their opponents.”
On the loose
Solling says the spread of malware is not always controlled by the attackers. “Specifically, in our region and in the UAE, we saw a large infection of the Malware Stuxnet and Flame — which were targeting Iranian nuclear facilities — simply due to our close geographical location to Iran.”
He says the main cause behind state-sponsored malware is easy to understand as intelligence services are keen to pick up information about their geo-political adversaries. “Since this information is now stored in IT systems, it is natural to focus the activities on the systems holding the information.”
However, state-sponsored is only part of the problem. Other groups of malware producers have a commercial focus, meaning they steal data to sell, or hold sensitive information. A ransom is usually sought and unless it is paid, the data can go public to the embarrassment of the victims. ‘‘Commercial hacking groups are more widespread in their attacks and for them it is all about targeting as many systems as possible and harvesting as much information as possible,’’ says Solling.
Online protection firm McAfee Labs, in its latest threat assessment report, foresees increased use of cyber warfare and espionage tactics next year. “Cyber espionage attacks will continue to increase in frequency as long-term players will become stealthier information gatherers, while newcomers to cyber-attack capabilities will look for ways to steal sensitive information and disrupt their adversaries.”
In the assessment, it says established nation-state actors will work to enhance their ability to remain hidden on victim systems and networks.
The bigger worry is that cyber criminals will continue to act more like nation-state cyber espionage actors and cyber warfare by small nation states and terror groups will gain ground.
In the UAE, Kafity says awareness and understanding of online dangers is maturing rapidly. “This is driven by increasing governance and regulations requiring enterprises in verticals like finance and healthcare among many others to pay careful attention to how they approach and execute data/network security.”
Users are required to change their behaviour and ensure systems are patched and the software they use have a good reputation. Organisations must implement correct solutions to secure their online presence.
Governments play a huge role as they can enforce governance frameworks on their organisations. The UAE is a great example of this, where Abu Dhabi Systems and Information Centre and Dubai Smart Government both maintain and publish governance frameworks for government organisations to follow,” says Solling.
Earlier this year, UAE National Electronic Security Authority said it would come up with electronic security standards and policies to secure core sectors of the economy, the first big step in an evolving process to combat these advanced threats online.