The development trends in cybersecurity are driven, among other factors, by the emergence of new threats and the consolidation of tried-and-tested attacks, in a context marked by an unstoppable increase.
The European Union Agency for Information Security (ENISA) published the tenth edition of the ENISA Threat Landscape 2022 Report. With more than 10 terabytes of data stolen monthly, ransomware is still a major threat this year, while phishing is identified as the most common initial vector for such attacks. No sector is spared today. Threats target public administration and governments (24%), digital service providers (13%) and the general public (12%) half of the time, while the other half is shared by all other sectors of the economy.
Even among the thriving economies of the Middle East, cybercrime is on the rise. Threats exploit various mechanisms and vectors of attraction such as phishing, smishing, ransomware, email spoofing, etc.
In the first half of 2021, the Middle East, which has become a target for cybercriminals due to the increase in remote work as a consequence of Covid-19 pandemic and the rapid digital transformation of the region's economies, saw a 17% surge in malware attacks, amounting to as much as $161 million.
Among all countries in the Middle East, there was a sharp increase in attacks: Oman and Bahrain were two of the countries that saw the greatest increase (+60%), while the United Arab Emirates recorded an overall increase in attacks of just 7%.
Remote desktop
According to the Global Incident Response Threat Report (GIRTR) by Vmware, a subsidiary of Dell Technologies, attacks conducted with lateral movements, exploiting services such as Remote Desktop Protocol or remote access tools in general, will become increasingly frequent. Criminals will use these methods to pretend to be system administrators. Companies and organizations are therefore called upon to supplement their defenses with Endpoint Detection & Response (EDR) or Network Detection & Response (NDR) systems to protect access points.
Deep fake
The evolution of Artificial Intelligence will also encounter the proliferation of deepfake attacks, conducted with the main communication systems (e-mail, mobile messages), within social media and with the widely used voice recording systems. Deepfake is a technique used to synthesize human images. It relies on Artificial Intelligence and Machine Learning to combine existing images and videos with originals. This leads to the creation of fraudulent content, manipulated to deceive targeted victims and obtain personal information, account credentials or sums of money from them.
The increase in attacks of this type is noted by the above-mentioned Vmware report. Based on the processing of false information and identity fraud, they aim to compromise the integrity and reputation of victims. To protect your infrastructure, it is essential to make the users more aware through continuous training, including simulations designed to train users and employees to respond effectively.
API
APIs (Application Program Interfaces), interfaces that allow applications and software to interact with each other, are very effective tools for causing damage since the data traffic passing through them is often not properly controlled. Once inside the systems, cyber criminals use evasive techniques to deviate detection to Virtual Desktop Interfaces, Virtual Machines and traditional applications. If the organization’s monitoring capabilities do not improve, the year 2023 promises to be a year of consolidation for the phenomenon.
To strengthen API connection security, it is good practice to perform the following activities: periodically manage the API inventory, use a strong authentication solution to control access, encrypt traffic using TLS, limit the speed of use to prevent denial-of-service attacks, and remove sensitive information that should not be shared (such as access keys).
Supply chain
Research by Capgemini on supply chain resilience has revealed the difficulties of companies and organizations in managing the profound change triggered by the Covid-19 pandemic crisis. Supply chains, therefore, remain a favored attack ground for cybercriminals to hit in the round, reaching even suppliers and collaborators (law firms, consulting firms, and accountancy firms).
The defense in this case is also provided for by law. The new european NIS 2, Cyber Resilience Act and DORA directives in fact impose specific security requirements not only for their areas of application but also for the entire supply chain.
Critical infrastructure
Between 2021 and 2022, the Postal Police noted a 138 percent increase in attacks on critical infrastructure, with a jump from 5400 to almost 13,000 incidents. According to analysts and corporate security managers, the main cause was the Russian invasion of Ukraine. The continuation of the conflict suggests that infrastructures will remain among the most considered targets, in a strategy that considers cyberwar to be perfectly integrated into the dynamics of traditional conflicts.
The recent report “State of the Connected World 2023” by the World Economic Forum analyses the main critical issues concerning critical infrastructures, highlighting the problem of security.
Precisely with the objectives of preventing and minimizing the impact of the consequences of any cyber incidents, the new NIS 2 directive requires essential and important players to adopt appropriate and proportionate technical, operational and organizational measures in cyber risk management, i.e. in the management of information systems and networks used in the course of business activities and service provision.
