Trend Micro ‘ME Cyber attack will increase’
Dubai, February 5, 2012
The Middle East in 2012 will see cybercriminals act with even more persistency and sophistication, as the region shifts from the PC-centric desktop toward mobile and cloud computing, a top official from Trend Micro said.
Industry specific attacks, data leakage from mobile devices, theft through social networking are key areas of concern this year, the statement said.
“The Middle East is one of the fastest growing regions globally, and this instantaneously attracts cybercriminals. We are dealing with an epidemic that can literally cripple organisations, and having in place adequate security protocols, and by using the most up-to-date security products and solution is the only way to ensure business continuity,” said Nick Black, technical manager, Trend Micro, Middle East and Africa.
The company’s “MiddleEast Threat Predictions for 2012” include:
Industry Specific Targets
Targeted attacks on organisations using specific software and applications will be prevalent. Exploits will become more specific and will be designed to target known vulnerabilities in regional organisations that are using this software.
Data Leakage through mobile devices
Since mobile usage is increasingly popular it is common for users in the region to expect to use their personal devices to access corporate applications and therefore data. Unfortunately the users that demand this access (and in most cases are granted access) may not be security aware.
Simple security practices such as Anti malware, web reputation and mail reputation services are not something that the average regional user would consider when accessing corporate data. The expectation is that the organisation is responsible for securing the data. An effective security policy should include the users themselves and ensure that there is a shared responsibility mentality.
New technology data breaches
Organisations in the Middle East will adopt Cloud technologies over the next few years, it is important that they take security seriously when considering cloud services or even a virtualised data centre model.
Traditional approaches to security do not address the new areas of vulnerability and potential breach that is introduced with these platforms. Choosing a security partner that has security solutions that are specifically designed for these new technologies is critical.
It is likely that cybercriminals will test new attacks on Cloud Service providers – these may be targeted attacks outside of the region but in the case of a public cloud service there may be Middle Eastern user data residing elsewhere globally.
Open Source Platform
Andriod-based smartphones will suffer from numerous malware infections. Due to the Android policy of having an open application download policy we can expect that malware will be embedded in these applications that will lead to data theft and other compromises.
Social networking in the Middle East is commonplace and yet the concept of data privacy is in its infancy. Users rarely hesitate to share personal data on these sites which allows for potential data and ID theft.
Advanced Persistent Threats
Advanced Persistent Threats (APT’s) may be targeted to the Middle East region in 2012. The reasons being that the detection skills and technology adoption among many organisations is at a basic level.
APT’s require forensic level skills and technology to detect, meaning that networks and data may be compromised for a length of time before the threat is detected and remediated. - Reuters