SlideShare une entreprise Scribd logo

Cyber Security for Energy & Utilities Special Editorial Edition

Mohamed N. El-Guindy
Mohamed N. El-Guindy

Middle East Cyber Security Threat Report published in Cyber Security for Energy and Utilities Conference. 23 - 26 March 2014 - The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, United Arab Emirates

TechnologieBusiness
1  sur  7
Télécharger pour lire hors ligne
Middle East Cyber Security Threat Report 2014 Cyber Special EDITORIAL Edition Special insights from: Mohamed N. El-Guindy, Information Systems Security Association, Egypt Chapter, Founder and President
Middle East Cyber Security Threat Report 2014 Since my last cybercrime research in 2008 [1], cyber security threats have grown and matured. Subsequently, cybercriminals and even terrorists have become capable of carrying out sophisticated cyberattacks. In this context, cybercrime continues to grow rapidly in the Middle East and takes new paths every day. In contrast, governments in the region are losing millions of dollars annually [2]. As long as governments will be dependable on new technologies and deal with security as a “nice to have”, their ICT infrastructure will be vulnerable to more sophisticated cyber-attacks. Not only ICT, the region witnesses new era of terrorism in which terrorists exploit the 21st century technologies to carry out terrorist attacks; therefore, I suggest that the situation will continue to worsen in 2014. Politically and religiously motivated attacks Our region is volatile and instable due to political, economic and social problems. These issues will increase motivated attacks carried out by groups of “Hacktivists” that penetrate or target systems or users for political or religious cause. The majority of cyber-attacks in the region are the work of Hacktivists with a message they want to spread. The so called “Arab Spring” increased these types of attacks and current chaos in the region will escalate conflicts and increase the politically and religiously motivated attacks. Obvious examples are the bloody conflicts in Syria, looming tension between Saudi Arabia and Iran, and the Arab-Israeli conflict. Study revealed [3] that Syrian Electronic Army, the pro-regime group, used social engineering techniques and malware attacks to target users and NGOs in Syria and other countries. What the study didn’t mention is that other anti-Assad groups [4] are also hacking websites and targeting users on the internet. A group called “Lewa’ Al-Sham” or “Levant Brigade” announced that it hacked TV channels websites [5] that support Assad’s regime. Religion is big player in emerging cyber-attacks, especially website defacement. Due to change in US policy towards Iran and Saudi Arabia, the Saudi-Iranian tension [6] will increase and will affect Middle East geo-politics; therefore related politically and religiously motivated attacks will grow and will become destructive, especially when carried out by professional hackers. Most cyber-attacks that originate from within Middle East and target Middle East ICT infrastructure are DDoS attacks [7] and website defacement [8]. But other sophisticated cyber- M ID D L E E AST C Y BE R S E C U R IT Y T H R E AT REPORT 2 01 4
1010101010101010101010101 01010101010101010101010 1010101010101 Boo k an p 9 Fe ay bef d or bru to s ary 2 e ave up t014 US$ o Evolve Evolve and adapt in SCADA, DCS and ICS security and adapt in SCADA, DCS and ICS security 23 - 26 March 2014 Evolve and adapt in SCADA, DCS and ICS security The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE 23 - 26 March 2014 Don Codling, Former Cyber Bill Cheswick Security Unit Creator of the world’s first StatesChief, FBI, United network firewall & Author of “Firewalls and Internet Security: Repelling the Wily Hacker” VIP Keynote speakers: Bill Cheswick Creator of the world’s first network firewall & Author of “Firewalls and Internet Security: Repelling the Wily Hacker” Dr. Jamal Mohamed Al Hosani Official Spokesman & Director ICT, National Emergency Crisis VIP Keynote speakers: & Disaster Management Authority, UAE Lt. Col. Faisal Mohamed Al Shamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE Exclusive presentations from: Dr. Jamal Mohamed Al Hosani Official Spokesman & Director ICT, National Emergency Crisis & Disaster Management Authority, UAE Mohamed Al Sawafi, Head of IT Services, GASCO, UAE Reimer Brouwer, Head of IT Security, ADCO, UAE Mohammed Ikrami, IT Security Officer, Fertil, UAE Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE Gilles Loridon, CEO, Global Security Networks, UAE ! “Free golf training session The Westin Abu Dhabi Golf Resort ^ Spa, Abu Dhabi, UAE for the first 30 registered attendees!” Celebrity speakers: 23 - 26 March 2014 The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE Celebrity speakers: 650 Benefits of attending: Benefits of atten Don Codling, Former Cyber Identify emerging cyber threats and evolving landscape in the energy and utilities industries Security Unit Chief, FBI, Identify emerging cyber thr Understand the need to protect critical infrastructure and its impact on energy economics Determine bestUnited States security practices for ICS/SCADA systems Understand the need to pro Learn to protect real time systems from cyber attacks Know how to protect cloud computing networks Determine best security pra Tackle backdoor interface vulnerabilities in SCADA systems Understand cyber defence strategies and their subsequent implementationLearn to protect real time s Interact and network with industry experts from leading national and international oil Know how to protect cloud companies, IT security solution providers, as well as banks, power and telecom companies Tackle backdoor interface v Associate sponsors: Exhibitor: Understand cyber defence Interact and network with i Lt. Col. Faisal Mohamed Al Supported by: companies, IT security solu Shamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE Associate sponsors: Media partners: Researched and developed by: Exclusive presentations from: And many more… Mohamed Al Sawafi, Head of IT Services, GASCO, UAETel: +971 4 364 2975 Fax: +971 4 363 1938 For more information or to register Reimer Brouwer, Head of IT Security, ADCO, UAE Email: enquiry@iqpc.ae www.cybersecurityme.com Mohammed Ikrami,For moreOfficer, Fertil, UAE to register - Tel +971 4 363 1938 IT Security information or Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait Email: enquiry@iqpc.ae www.cybersecurityme.com Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE MIDDLE EAS T CYB ER S ECU RIT Y T HREAT REPORT 20 14 Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE Gilles Loridon, CEO, Global Security Networks, UAE
attacks started to appear in 2012 such as Saudi Aramco [9] and RasGas [10] attacks. What will make things worse is the Iranian nuclear project which still at early stages to develop real nuclear threat. But other players in Middle East especially Saudi Arabia see this as a real threat and will outsource real warheads and “ready-made” nuclear technology from Pakistan [11]. This arm race is dangerous in this unstable region and the fear is growing when one can think of Stuxnet-like [12] attacks that may target this off the shelf nuclear technologies which might result in Middle East Fukushima [13]. The Arab-Israeli conflict is another motive for cyber-attacks in the region. Many online groups are organizing cyber campaigns to attack Israeli [14] websites and reveal financial information. On the other side, Israeli groups are also conducting cyberattacks against Arabic websites [15]. Although most of the Arab attacks are not state-sponsored and can be categorized as propaganda, Israeli policymakers see this as real threat and consider it “Cyber terrorism” [16] which requires offensive reactions and even military attacks. They also established state-sponsored units [17] to wage Cyberwar with sophisticated capabilities [18]. The chaos in Middle East will also escalate the growing conflicts of Jihad for the Caliphate. Al-Qaeda and its inspired groups will continue to conduct bombing and killing across the region and other form of Jihad is exploiting the new technologies to cause harm. I will publish a dedicated research soon to investigate this phenomenon in the Middle East. Other dangerous trend we may witness soon in our region is a “Hacker for Hire”. Professional hackers and cyber mercenaries [19] can be hired by governments [20] or private sectors from outside the region to conduct sophisticated cyber-attacks, no matter what the motive is, political [21], religious or financial. Financial Attacks When it comes to cyber-attacks for financial gain, Middle East is a fruitful target for cybercriminals because of low level awareness of users, lack of technical and legislative capabilities and the availability of liquid money. Banks in the region are the biggest losers when it comes to financial cyber-attacks as criminals go where the money is. In 2013, a group of cybercriminals stole over $45 million [22] from two banks in the Middle East, Bank of Muscat in Oman and National Bank of Ras Al Khaimah “RAK Bank” in the UAE. Cyber gang hacking into a database of prepaid credit cards belonging to the banks, and then using fake cards to withdraw money from ATMs in 27 countries. The cards database was held by Indian payment processors that got hacked by the cyber gang. Banks and payment processors admitted the attack but that what revealed. There are other attacks that occurred around the clock in the region but no revelation. Some financial institutions may fear losing customers if they reveal that they got hacked. Lack of transparency makes the situation worse as users must know that their accounts are affected and should know how banks will recover and how they will deal with future attacks. It’s important for customers to understand that banks have the responsibility of protecting both their own data and customer’s data. If banks M ID D L E E AST C Y BE R S E C U R IT Y T H R E AT REPORT 2 01 4
1010101010101010101010101 01010101010101010101010 1010101010101 are not responsible, so what will be the point of having security policies at enterprise level? Having security policy is one thing; however, enforcing these policies is another. Enforcing and building out polices is a whole educational awareness process that needs to be addressed effectively. This is maybe the reason most banks and financial institutions in the Middle East do not have strict policies when dealing with electronic payments. The following issues could be easily spotted in many banks in the region: r Payment card statements with full details sent via postal mail r Customers allowed to put large sum on not carefully monitored cards r Bank websites have web application vulnerabilities such as non-secured login boxes r Emailing security-sensitive information insecurely to customers r Absent or poor security awareness training and education for employees r Poor security policies and absence of training for merchants r Loopholes for compliance are available due to corruption (Financial institutions and or merchants can get PCI-DSS, ISO27002 etc. without applying the required guidelines) r ATMs are not carefully protected and might be placed at unsafe environment r Outsourcing services that are related to sensitive or critical information without paying much attention to the security policies and reputation of the outsourcing partner. r Mobile payments are being implemented with the same weakness related to payment cards. Attackers will not only target large bank banks and financial institutions, they will also target small entities that deal with money such as merchants and POS operators due to their lack of security. The increase of Middle East online consumer habits with the growth of mobile payment platforms will increase risks for payment processors, banks and merchants. Due to the increase of mobile internet in Middle East [23] and the growth of e-commerce sales that reached $27 billion in 2013 [24], the region will be big target for cybercriminals. Not only cyber gangs who are interested in Middle East financial data, foreign intelligence agencies are also big players with their state-sponsored attacks [25]. One of the most important reasons that will make the region vulnerable to more sophisticated financial cyber-attacks is the regulation frameworks as hackers and cyber gangs are looking for places with poor or absent regulation to commit their crimes. Cyber regulations are poor in Middle East [26] and even lack the correct definition of cybercrime. Indeed, there are laws dedicated to cybercrime in the region and also cyber-related laws but governments need to update them so often to reflect the rapid change of such hi-tech crimes and should be harmonized with the path of the rest of the world. But due to the political issues, most cyber laws are drafted to suppress freedom of speech and do not address the real threat of cybercrime. In addition, policymakers are dealing with cyber regulation from old perspective in which crimes committed within specific location. This is completely wrong when dealing with cyberspace as it’s not location dependent. So when they deal with cybercrime law, they have to go beyond their countries as the crime itself is transnational. MIDDLE EAS T CYB ER S ECU RIT Y T HREAT REPORT 20 14
As long as governments in the region will not address these issues, financial cyber-attacks will increase in 2014 and I expect that we will see more sophisticated attacks that will target financial institution in the region. Future Threats: Everything will be hackable I published research paper in 2011 investigating the 21st threats and Middle East dilemma [27]. I expected that the situation will be worse in future because both governments and users lack future strategies and are looking always to access advanced technologies with consumer mindset. Since this the norm in our region, there will be no progress when it comes to future technologies. Everything will be connected to the Internet to form the new era of “Internet of Things” [28] and we will strive to protect devices that embedded in our homes, offices, cities and even our bodies. This situation might not appear in 2014 but things are moving faster in 21st century and we might see sophisticated attacks target connected devices that will cause panic [29]. This complex and connected world created the Big Data that will result in big benefits and big threats as well [30]. Additional cyber threat that will affect Middle East is cyber-espionage or spying that sparked debate in 2013 with the revelations of NSA surveillance. I expect that cyber-spying activities by western intelligence agencies will continue to grow in 2014 due to political situations, instability, chaos and terrorism. I argue that other players will enter the espionage game in the region. China, with its large numbers of connected electronic devices being used in the Middle East will be one of the biggest players when it comes to cyber espionage. As Middle East center of gravity is shifting from Saudi Arabia to Persian Gulf [31], Iran as a regional superpower and second to Israel, will enter the cyber-espionage game. Consequently, we will witness more dangerous cyber-attacks and cyber threats to originate from Iran and will be carried out by its state-sponsored cyber army [32]. Although Iran’s cyber capabilities couldn’t be compared to US and Israel and even not destructive against them, it might be destructive if used against “vulnerable” [33] Middle East countries. In addition to cyberattacks, Iran has also access to advanced warfare technologies such as drones that will be used in future attacks as ultimate asymmetric weapons. Middle East states need to understand that off the shelf technologies will not solve any security issue but it might make things worse. They need to address their internal issues and invest in their human capital to adapt with the 21st century or the consequences will be more dangerous in the years ahead. Source: Mohamed N. El-Guindy Information Systems Security Association, Egypt Chapter, Founder and President http://netsafe.me/ December 25, 2013 M ID D L E E AST C Y BE R S E C U R IT Y T H R E AT REPORT 2 01 4
Cyber Security for Energy & Utilities Special Editorial Edition

Recommandé

Cyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastCyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastMohamed N. El-Guindy
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Mehrdad Jingoism
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 

Recommandé

Cyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastCyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastMohamed N. El-Guindy
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Mehrdad Jingoism
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 
375
375375
375Waqas Amir
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two YearsIranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two YearsLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Kolluru N Rao
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)CA.Kolluru Narayanarao
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...David Sweigert
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Ajay Serohi
 
Present Trend of Cyber Crime in Bangladesh
Present Trend of Cyber Crime in BangladeshPresent Trend of Cyber Crime in Bangladesh
Present Trend of Cyber Crime in BangladeshSoutheast university, Bangladesh
 
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Hafizah Jupri
 
Cybercrime in Iraq
Cybercrime in IraqCybercrime in Iraq
Cybercrime in IraqAyub Nuri
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
comm16en01_dafc4
comm16en01_dafc4comm16en01_dafc4
comm16en01_dafc4Filip Stojkovski
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Kevin Fream
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorismDharani Adusumalli
 

Contenu connexe

Tendances

Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Kolluru N Rao
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)CA.Kolluru Narayanarao
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...David Sweigert
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Ajay Serohi
 
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Hafizah Jupri
 
Cybercrime in Iraq
Cybercrime in IraqCybercrime in Iraq
Cybercrime in IraqAyub Nuri
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 

Tendances (18)

375
375375
375
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two YearsIranian Hackers Have Hit Hundreds of Companies in Past Two Years
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
 
Present Trend of Cyber Crime in Bangladesh
Present Trend of Cyber Crime in BangladeshPresent Trend of Cyber Crime in Bangladesh
Present Trend of Cyber Crime in Bangladesh
 
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
 
Cybercrime in Iraq
Cybercrime in IraqCybercrime in Iraq
Cybercrime in Iraq
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
comm16en01_dafc4
comm16en01_dafc4comm16en01_dafc4
comm16en01_dafc4
 

Similaire à Cyber Security for Energy & Utilities Special Editorial Edition

Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Kevin Fream
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalLeslie Lee
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityMichele Thomas
 
THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...
THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...
THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...IJNSA Journal
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfJayaMalaR6
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityMehediHasan996
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidentsassanesignate
 
ANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docx
ANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docxANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docx
ANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docxamrit47
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global ProblemA Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global Problemijbuiiir1
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 

Similaire à Cyber Security for Energy & Utilities Special Editorial Edition (20)

Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Cyber Terrorism Essay
Cyber Terrorism EssayCyber Terrorism Essay
Cyber Terrorism Essay
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
 
THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...
THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...
THE EVOLVING THREAT LANDSCAPE: AN OVERVIEW OF ATTACKS AND RESPONSE STRATEGIES...
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdf
 
Cyber security
Cyber security Cyber security
Cyber security
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdf
 
Cyberterrorism Essays
Cyberterrorism EssaysCyberterrorism Essays
Cyberterrorism Essays
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidents
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
ANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docx
ANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docxANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docx
ANSWER THE QUESTION 250 WORDS MINDiscussion Questions I.docx
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global ProblemA Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
 

Dernier

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Dernier (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Cyber Security for Energy & Utilities Special Editorial Edition

  • 1. Middle East Cyber Security Threat Report 2014 Cyber Special EDITORIAL Edition Special insights from: Mohamed N. El-Guindy, Information Systems Security Association, Egypt Chapter, Founder and President
  • 2. Middle East Cyber Security Threat Report 2014 Since my last cybercrime research in 2008 [1], cyber security threats have grown and matured. Subsequently, cybercriminals and even terrorists have become capable of carrying out sophisticated cyberattacks. In this context, cybercrime continues to grow rapidly in the Middle East and takes new paths every day. In contrast, governments in the region are losing millions of dollars annually [2]. As long as governments will be dependable on new technologies and deal with security as a “nice to have”, their ICT infrastructure will be vulnerable to more sophisticated cyber-attacks. Not only ICT, the region witnesses new era of terrorism in which terrorists exploit the 21st century technologies to carry out terrorist attacks; therefore, I suggest that the situation will continue to worsen in 2014. Politically and religiously motivated attacks Our region is volatile and instable due to political, economic and social problems. These issues will increase motivated attacks carried out by groups of “Hacktivists” that penetrate or target systems or users for political or religious cause. The majority of cyber-attacks in the region are the work of Hacktivists with a message they want to spread. The so called “Arab Spring” increased these types of attacks and current chaos in the region will escalate conflicts and increase the politically and religiously motivated attacks. Obvious examples are the bloody conflicts in Syria, looming tension between Saudi Arabia and Iran, and the Arab-Israeli conflict. Study revealed [3] that Syrian Electronic Army, the pro-regime group, used social engineering techniques and malware attacks to target users and NGOs in Syria and other countries. What the study didn’t mention is that other anti-Assad groups [4] are also hacking websites and targeting users on the internet. A group called “Lewa’ Al-Sham” or “Levant Brigade” announced that it hacked TV channels websites [5] that support Assad’s regime. Religion is big player in emerging cyber-attacks, especially website defacement. Due to change in US policy towards Iran and Saudi Arabia, the Saudi-Iranian tension [6] will increase and will affect Middle East geo-politics; therefore related politically and religiously motivated attacks will grow and will become destructive, especially when carried out by professional hackers. Most cyber-attacks that originate from within Middle East and target Middle East ICT infrastructure are DDoS attacks [7] and website defacement [8]. But other sophisticated cyber- M ID D L E E AST C Y BE R S E C U R IT Y T H R E AT REPORT 2 01 4
  • 3. 1010101010101010101010101 01010101010101010101010 1010101010101 Boo k an p 9 Fe ay bef d or bru to s ary 2 e ave up t014 US$ o Evolve Evolve and adapt in SCADA, DCS and ICS security and adapt in SCADA, DCS and ICS security 23 - 26 March 2014 Evolve and adapt in SCADA, DCS and ICS security The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE 23 - 26 March 2014 Don Codling, Former Cyber Bill Cheswick Security Unit Creator of the world’s first StatesChief, FBI, United network firewall & Author of “Firewalls and Internet Security: Repelling the Wily Hacker” VIP Keynote speakers: Bill Cheswick Creator of the world’s first network firewall & Author of “Firewalls and Internet Security: Repelling the Wily Hacker” Dr. Jamal Mohamed Al Hosani Official Spokesman & Director ICT, National Emergency Crisis VIP Keynote speakers: & Disaster Management Authority, UAE Lt. Col. Faisal Mohamed Al Shamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE Exclusive presentations from: Dr. Jamal Mohamed Al Hosani Official Spokesman & Director ICT, National Emergency Crisis & Disaster Management Authority, UAE Mohamed Al Sawafi, Head of IT Services, GASCO, UAE Reimer Brouwer, Head of IT Security, ADCO, UAE Mohammed Ikrami, IT Security Officer, Fertil, UAE Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE Gilles Loridon, CEO, Global Security Networks, UAE ! “Free golf training session The Westin Abu Dhabi Golf Resort ^ Spa, Abu Dhabi, UAE for the first 30 registered attendees!” Celebrity speakers: 23 - 26 March 2014 The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE Celebrity speakers: 650 Benefits of attending: Benefits of atten Don Codling, Former Cyber Identify emerging cyber threats and evolving landscape in the energy and utilities industries Security Unit Chief, FBI, Identify emerging cyber thr Understand the need to protect critical infrastructure and its impact on energy economics Determine bestUnited States security practices for ICS/SCADA systems Understand the need to pro Learn to protect real time systems from cyber attacks Know how to protect cloud computing networks Determine best security pra Tackle backdoor interface vulnerabilities in SCADA systems Understand cyber defence strategies and their subsequent implementationLearn to protect real time s Interact and network with industry experts from leading national and international oil Know how to protect cloud companies, IT security solution providers, as well as banks, power and telecom companies Tackle backdoor interface v Associate sponsors: Exhibitor: Understand cyber defence Interact and network with i Lt. Col. Faisal Mohamed Al Supported by: companies, IT security solu Shamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE Associate sponsors: Media partners: Researched and developed by: Exclusive presentations from: And many more… Mohamed Al Sawafi, Head of IT Services, GASCO, UAETel: +971 4 364 2975 Fax: +971 4 363 1938 For more information or to register Reimer Brouwer, Head of IT Security, ADCO, UAE Email: enquiry@iqpc.ae www.cybersecurityme.com Mohammed Ikrami,For moreOfficer, Fertil, UAE to register - Tel +971 4 363 1938 IT Security information or Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait Email: enquiry@iqpc.ae www.cybersecurityme.com Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE MIDDLE EAS T CYB ER S ECU RIT Y T HREAT REPORT 20 14 Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE Gilles Loridon, CEO, Global Security Networks, UAE
  • 4. attacks started to appear in 2012 such as Saudi Aramco [9] and RasGas [10] attacks. What will make things worse is the Iranian nuclear project which still at early stages to develop real nuclear threat. But other players in Middle East especially Saudi Arabia see this as a real threat and will outsource real warheads and “ready-made” nuclear technology from Pakistan [11]. This arm race is dangerous in this unstable region and the fear is growing when one can think of Stuxnet-like [12] attacks that may target this off the shelf nuclear technologies which might result in Middle East Fukushima [13]. The Arab-Israeli conflict is another motive for cyber-attacks in the region. Many online groups are organizing cyber campaigns to attack Israeli [14] websites and reveal financial information. On the other side, Israeli groups are also conducting cyberattacks against Arabic websites [15]. Although most of the Arab attacks are not state-sponsored and can be categorized as propaganda, Israeli policymakers see this as real threat and consider it “Cyber terrorism” [16] which requires offensive reactions and even military attacks. They also established state-sponsored units [17] to wage Cyberwar with sophisticated capabilities [18]. The chaos in Middle East will also escalate the growing conflicts of Jihad for the Caliphate. Al-Qaeda and its inspired groups will continue to conduct bombing and killing across the region and other form of Jihad is exploiting the new technologies to cause harm. I will publish a dedicated research soon to investigate this phenomenon in the Middle East. Other dangerous trend we may witness soon in our region is a “Hacker for Hire”. Professional hackers and cyber mercenaries [19] can be hired by governments [20] or private sectors from outside the region to conduct sophisticated cyber-attacks, no matter what the motive is, political [21], religious or financial. Financial Attacks When it comes to cyber-attacks for financial gain, Middle East is a fruitful target for cybercriminals because of low level awareness of users, lack of technical and legislative capabilities and the availability of liquid money. Banks in the region are the biggest losers when it comes to financial cyber-attacks as criminals go where the money is. In 2013, a group of cybercriminals stole over $45 million [22] from two banks in the Middle East, Bank of Muscat in Oman and National Bank of Ras Al Khaimah “RAK Bank” in the UAE. Cyber gang hacking into a database of prepaid credit cards belonging to the banks, and then using fake cards to withdraw money from ATMs in 27 countries. The cards database was held by Indian payment processors that got hacked by the cyber gang. Banks and payment processors admitted the attack but that what revealed. There are other attacks that occurred around the clock in the region but no revelation. Some financial institutions may fear losing customers if they reveal that they got hacked. Lack of transparency makes the situation worse as users must know that their accounts are affected and should know how banks will recover and how they will deal with future attacks. It’s important for customers to understand that banks have the responsibility of protecting both their own data and customer’s data. If banks M ID D L E E AST C Y BE R S E C U R IT Y T H R E AT REPORT 2 01 4
  • 5. 1010101010101010101010101 01010101010101010101010 1010101010101 are not responsible, so what will be the point of having security policies at enterprise level? Having security policy is one thing; however, enforcing these policies is another. Enforcing and building out polices is a whole educational awareness process that needs to be addressed effectively. This is maybe the reason most banks and financial institutions in the Middle East do not have strict policies when dealing with electronic payments. The following issues could be easily spotted in many banks in the region: r Payment card statements with full details sent via postal mail r Customers allowed to put large sum on not carefully monitored cards r Bank websites have web application vulnerabilities such as non-secured login boxes r Emailing security-sensitive information insecurely to customers r Absent or poor security awareness training and education for employees r Poor security policies and absence of training for merchants r Loopholes for compliance are available due to corruption (Financial institutions and or merchants can get PCI-DSS, ISO27002 etc. without applying the required guidelines) r ATMs are not carefully protected and might be placed at unsafe environment r Outsourcing services that are related to sensitive or critical information without paying much attention to the security policies and reputation of the outsourcing partner. r Mobile payments are being implemented with the same weakness related to payment cards. Attackers will not only target large bank banks and financial institutions, they will also target small entities that deal with money such as merchants and POS operators due to their lack of security. The increase of Middle East online consumer habits with the growth of mobile payment platforms will increase risks for payment processors, banks and merchants. Due to the increase of mobile internet in Middle East [23] and the growth of e-commerce sales that reached $27 billion in 2013 [24], the region will be big target for cybercriminals. Not only cyber gangs who are interested in Middle East financial data, foreign intelligence agencies are also big players with their state-sponsored attacks [25]. One of the most important reasons that will make the region vulnerable to more sophisticated financial cyber-attacks is the regulation frameworks as hackers and cyber gangs are looking for places with poor or absent regulation to commit their crimes. Cyber regulations are poor in Middle East [26] and even lack the correct definition of cybercrime. Indeed, there are laws dedicated to cybercrime in the region and also cyber-related laws but governments need to update them so often to reflect the rapid change of such hi-tech crimes and should be harmonized with the path of the rest of the world. But due to the political issues, most cyber laws are drafted to suppress freedom of speech and do not address the real threat of cybercrime. In addition, policymakers are dealing with cyber regulation from old perspective in which crimes committed within specific location. This is completely wrong when dealing with cyberspace as it’s not location dependent. So when they deal with cybercrime law, they have to go beyond their countries as the crime itself is transnational. MIDDLE EAS T CYB ER S ECU RIT Y T HREAT REPORT 20 14
  • 6. As long as governments in the region will not address these issues, financial cyber-attacks will increase in 2014 and I expect that we will see more sophisticated attacks that will target financial institution in the region. Future Threats: Everything will be hackable I published research paper in 2011 investigating the 21st threats and Middle East dilemma [27]. I expected that the situation will be worse in future because both governments and users lack future strategies and are looking always to access advanced technologies with consumer mindset. Since this the norm in our region, there will be no progress when it comes to future technologies. Everything will be connected to the Internet to form the new era of “Internet of Things” [28] and we will strive to protect devices that embedded in our homes, offices, cities and even our bodies. This situation might not appear in 2014 but things are moving faster in 21st century and we might see sophisticated attacks target connected devices that will cause panic [29]. This complex and connected world created the Big Data that will result in big benefits and big threats as well [30]. Additional cyber threat that will affect Middle East is cyber-espionage or spying that sparked debate in 2013 with the revelations of NSA surveillance. I expect that cyber-spying activities by western intelligence agencies will continue to grow in 2014 due to political situations, instability, chaos and terrorism. I argue that other players will enter the espionage game in the region. China, with its large numbers of connected electronic devices being used in the Middle East will be one of the biggest players when it comes to cyber espionage. As Middle East center of gravity is shifting from Saudi Arabia to Persian Gulf [31], Iran as a regional superpower and second to Israel, will enter the cyber-espionage game. Consequently, we will witness more dangerous cyber-attacks and cyber threats to originate from Iran and will be carried out by its state-sponsored cyber army [32]. Although Iran’s cyber capabilities couldn’t be compared to US and Israel and even not destructive against them, it might be destructive if used against “vulnerable” [33] Middle East countries. In addition to cyberattacks, Iran has also access to advanced warfare technologies such as drones that will be used in future attacks as ultimate asymmetric weapons. Middle East states need to understand that off the shelf technologies will not solve any security issue but it might make things worse. They need to address their internal issues and invest in their human capital to adapt with the 21st century or the consequences will be more dangerous in the years ahead. Source: Mohamed N. El-Guindy Information Systems Security Association, Egypt Chapter, Founder and President http://netsafe.me/ December 25, 2013 M ID D L E E AST C Y BE R S E C U R IT Y T H R E AT REPORT 2 01 4