cyber trends
operations of a country so it could help
a military strike or things like that. So
that’s really a good reason why we see
more sophistication from those bodies
as they are getting more sponsored
from governments.
Are the main threat actors Iran,
China, North Korea and Russia?
Yes. These are the most active countries.
As FireEye and the consultants from the
Mandiant team have found most of the
time many of the threat actors are linked
to these countries.
Are any countries in the Middle
East particularly under threat?
Actually no. Every Middle East country
has been targeted in the past year.
But there are many attacks that are
not announced to the public due to
sensitivity or due to the culture so no
one has been immune from the attacks
in 2018.
The report says organisations
which have been victims of a
targeted compromise are likely
to be targeted again. Why is this?
If you were breached once this
means that someone was inside your
organisation. From our experience
when most of the hackers get into a
network they don’t rely on one way of
getting inside the victim network so
they always leave a way back inside
those organisations. If an organisation is
targeted it means it is important whether
that’s financially, industrially or politically.
This means another group could come
with a new technique to get inside this
I don’t think
organisations should
take comfort if they
are notified by a third-
party agency that
their data is exposed.
www.intelligentciso.com
|
Issue 14
Mohammed Abukhater, Vice President –
MEA at FireEye
There are many
attacks that are
not announced to
the public due to
sensitivity or due to
the culture.
network too to get additional information
or get money.
If you look at the history you will find
that most of the banks in the region were
targeted many times in many different
ways so sometimes they will try and
compromise their money transfer system
or try another technique that will lead
to denial of service. These things are a
motive for all of these hackers to come
back and get inside the network.
Another fact that I want to highlight
here is as we progress into the
emerging technologies like Blockchain
and AI, these are lacking security
measures and they will take time to
mature from a security point of view
and this will help hackers.
Why is there an increase in
phishing attacks during mergers
and acquisitions (M&A) activity?
When you look to the mergers that have
happened or the acquisitions, they are
usually very large organisations that
acquire smaller organisations. They
are not all at the same security
level. We need to look at the
reasons for acquisitions and
mergers. Some of them
are for financial reasons,
some of them are for
technology reasons. Some
government organisations, for
example, acquire a technology
organisation so they can have an in-
house service. This gives hackers, one
way or another, an opportunity to get into
the mother company.
In the smaller company you could have
employees who are not at the same
level of maturity. The easiest way to
reach those people is by email. From
one to three years following the merger,
there is an opportunity for hackers to
utilise a lack of sync between the two
organisations to get inside the network.
One click on a phishing email and the
hacker can get inside an organisation.
Why is data in the cloud
being targeted?
If you go back to why people go to cloud
it is to have many things in one place
which is accessible by many people, that
is the origin of having a third-party host
for an organisation’s data so its mobile
users and multi-branch offices can
reach the same place within a minimal
cost and at the same time.
The problem with cloud security is the
hosts are usually not at the same level
of security. The cloud is still breachable
from the hackers because not all cloud
infrastructure is secure 100%. A lot
of the cloud providers do not have a
security background, they have a storage
background so this helps the hackers.
The other thing is cloud means a lot of
things. Cloud means a lot of data which
means it is a juicy target for the hackers
to go inside those networks where they
can get the data easily.
Many cloud providers have third, fourth
or even fifth party bodies that are
engaged in building their infrastructure.
Some of the breaches that happen are
through one of their third-party bodies. u
21