Feed aggregator

The Rise of Cybercrime in Dubai and UAE

Secure List feed for B2B - Mon, 06/23/2014 - 12:35

A lot of our everyday communication and commercial activities are now taking place online, the threat from cybercrime is increasing, targeting citizens, businesses and governments at a rapidly growing rate.

Organizations and individuals are worried about the increase of Cybercrime, not just because of financial damage, but loss of privacy and intellectual property, in addition to reputation problems.

Recent statistics have shown dramatic growth in the Cybercrime in the UAE. Emerging markets have long been of interest for Cyber criminals.

Official statistics from Dubai have shown a dramatic 88% increase in the number of electronic crime cases reported in 2013 compared to the year before. The cyber investigation department of Dubai Police received a total of 1,419 reports in 2013, 792 in 2012 and 588 in 2011.

Kaspersky malware statistics in the UAE and worldwide

The increase in the number of attacks in the UAE and the region is also reflected by the number of attacks and infection attempts detected by Kaspersky Security Network in the region. The KSN cloud network uses the latest intelligence technologies to enable the reporting and analysis of threats around the world.

Kaspersky top Malware detections statistics for 2014 in the world Adware.Win32.Amonetize.heur 3,700,000+ Worm.VBS.Dinihou.r 1,800,000+ Virus.Win32.Sality.gen 1,780,000+ AdWare.Win32.BetterSurf.b 1,500,000+ AdWare.Win32.Yotoon.heur 1,500,000+ Exploit.Win32.CVE-2010-2568.gen 1,388,000+ Worm.Win32.Debris.a 1,094,000+ Trojan.Win32.Starter.lgb 1,007,000+ AdWare.Win32.Skyli.a 883,000+ Exploit.Java.Generic 850,000+ Trojan.Win32.AntiFW.b 829,000+ Virus.Win32.Nimnul.a 713,000+ Trojan.WinLNK.Runner.ea 676,000+ Why is cybercrime surging in the UAE?

The last few years have seen huge increase in the use of smart electronic devices and Internet services, all these devices are connected to the Internet.

Increasing use of online services

According to recent statistics Internet penetration has reached 92% in the UAE. Most people now use online services, including the transfer of financial and personal information to fulfill their day-to-day needs, and the most popular services are as follows:

  1. E-Government transactions, e-bills
  2. E-banking
  3. E-shopping

While the benefits of using online services are obvious, there are also threats that target user information.

Smartphone Threats

Many people in the UAE and Gulf region have smart mobile devices. These have many benefits and allow anyone to easily access services and activities online. These devices are expensive, so users often wrongly assume they have some kind of default protection.

Android is the most targeted mobile platform. At Kaspersky Lab we now have more than 10 million unique Android malware samples in our databases.

In Q1 2014, more than 99% of all mobile malware targeted Android devices. Detections over the past three months included:

  • 1 258 436 installation packages,
  • 110 324 new malicious programs for mobile devices,
  • 1 182 new mobile banking Trojans.
Financial Motivation

The huge increase in the use of online payment and e-services, in addition to the wide availability of unprotected smartphones, has encouraged cyber-criminals to target users with malware and phishing attacks affecting all types of devices.

Just like offline crime, money is a prime motive, especially when the risks of a criminal life are less apparent when you're hiding being a computer screen. The perception of low risk and high financial reward stimulates many cyber criminals to participate in identity theft and fraudulent activities.

Personal Motivation

Human beings and the crimes they commit are often motivated by personal emotions and vendettas. From irritated employees to jealous boyfriends, many crimes have their roots in powerful passions.

Ideological and Political Motivation

These kinds of attacks are carried out for moral, ideological or political reasons, damaging or disabling online services and networks to protest against individuals, corporations or governments. Anonymous group is a popular example of ideologically motivated hackers.

The most dangerous attacks on users in the UAE Banking Malware

The UAE is a country well known for its concentration of financial resources. Banking malware targets user devices to steal financial information like credit card details and bank account passwords. The criminals then use this stolen information to transfer money from the compromised accounts.

The most popular banking malware in the UAE are as follows:

  • Zeus (Windows)
  • Carberp (Windows)
  • mToken (Android)

Zeus and Carberp have long been popular malware for Windows computers and widely available public source code has enabled criminals to develop many variants of these. Zeus Gameover, the latest variant of Zeus has hit hard in the UAE, the third most affected country in the world. Zeus Gameover was taken down by the FBI and Microsoft on 2nd of June 2014.


Number of Zeus and Carberp attacks, and files blocked between 5 and 12 June 2014 in UAE

mToken was first recognized and reported by the Intercrawler organization. This is a different type of malware that mainly targets Android devices. It is used to steal banking usernames and passwords, in addition to stealing SMS token messages from the banks. There were 513,000 mToken attacks in Q1 2014 in the GCC region according to statistics from the Telecommunications Regulatory Authority. The mToken disguises itself as a banking token generator for some of the most popular banks in KSA and UAE Most of its victims are in the United Arab Emirates and the Kingdom of Saudi Arabia.

Kaspersky Lab products have detected and blocked Zeus variants since 2010 and Mtoken variants since 2012.

Ransomware: Lockers and Crypters

Lockers and Encrypters are ransomware trojans. An attack may come from several sources; one example is disguised as an authentic email attachment.

Some Lockers can be removed with no damage to the system or files, others harm files by encrypting them using RSA public-key cryptography where only the hackers have the keys to decrypt and recover the files.

The malware displays a message which offers to unlock/decrypt the device and data if a payment is made by a stated deadline (through either Bitcoin or a pre-paid coupon), and threatens to delete the key if the deadline passes.

Lockers and Encrypters mainly target Windows devices but recently we have seen versions for Android.


Number of ransomware attacks and files blocked between 5 and 12 June 2014 in UAE


Even though it is old, CashU malware is still active in the UAE


Cryptolocker encrypts your files and they can only be recovered using the hacker's key


Ransomware targeting Android devices, disguised as a protection application

The most popular attacks in the UAE

The total number of attacks from Jan-May 2014 is 12,713,890

Top 3 Adware in the UAE in 2014 AdWare.Win32.BetterSurf.b 1,228,000+ AdWare.Win32.BrainInst.u 1,189,000+ AdWare.Win32.BHO.batb 680,000+ Top 3 malware attacks in the UAE in 2014 Virus.Win32.Sality.gen 378,000+ Net-Worm.Win32.Kido.ih 348,000+ Exploit.Win32.CVE-2010-2568.gen 339,000+

Sality virus: blocks some security functions and utilities on Windows computers. It also tries to download malware from other servers. It infects Windows files and copies itself to removable and remote drives.

Kido worm: also known as conficker, is malware that targets the Windows operating system, mainly attacking the MS08-067 vulnerability; it also uses dictionary attacks on administrator passwords to spread and create a botnet.

CVE-2010-2568 is one of the most popular weaknesses in the Microsoft Operating system. When exploited by malware attacks, it allows a user to execute code via shortcut file (.lnk) that is not properly handled by the operating system.

Sality virus, Kido worm and the CVE-2010-2568 exploit are legacy attacks which were used to infect millions of machines worldwide. They are still widespread because they can easily infect new machines or they are publicly available for the criminals to use which explains the high success rates if a device is not protected.

These recent statistics suggest that the most popular malware and adware in the UAE are not new:

First Date of malware detection by Family BetterSurf adware Oct 2013 BrainInst adware Dec 2013 BHO adware Mar 2006 Sality virus Oct 2009 Kido worm Nov 2008 CVE-2010-2568 exploit Jul 2010

The main reasons why old attacks are still very successful are as follows:

  • The absence of correct patching on the user operating systems
  • The use of unlicensed software
  • The lack of security software to protect the user devices against the latest threats
  • The lack of good practices for handling smart devices, like good passwords and awareness on cyber security
Conclusion and future expectations

Most malware works in stealth mode. It doesn't announce itself on a PC or mobile device, preferring to monitor and steal information and then use it to steal your money or reveal themselves while extorting money. In most cases criminals are not very interested in the information on most personal or business computers. But this data is vital to the owner, and criminals manipulate the need for confidentiality, integrity and availability to cause financial and reputational damage to victims.

The UAE has a diverse, cosmopolitan and multicultural society and the accelerated economic growth in the region has encouraged cyber-criminals to excessively target citizens, using and adapting the latest trends in global cybercrime.

The increasing number and complexity of threats targeting users and businesses in the UAE requires better protection and awareness to defend against various cyber-threats.

You can follow me on twitter: @mahasbini

Google’s BoringSSL Latest OpenSSL Fork to Surface

Threatpost for B2B - Mon, 06/23/2014 - 11:06
Google announced its fork of OpenSSL called BoringSSL, a version of the crypto libraries that will now import changes from OpenSSL.

Cisco Releases Open Source FNR Cipher

Threatpost for B2B - Mon, 06/23/2014 - 10:57
Cisco has released a new open-source block cipher called FNR that is designed for encrypting small chunks of data, such as MAC addresses or IP addresses. The cipher is still in the experimental stage, but Cisco has released the source code and a demo application. The company suggests that the new cipher–called Flexible Naor and […]

Microsoft to Preview Interflow Information Sharing Platform

Threatpost for B2B - Mon, 06/23/2014 - 09:03
A private preview of Microsoft's new Interflow security threat information-sharing platform opens this week. Interflow, built on industry standards such as STIX and TAXII, automates information sharing across industries.

House Amendment Limits Funding for NSA Surveillance

Threatpost for B2B - Fri, 06/20/2014 - 13:27
The House of Representatives yesterday passed an amendment that reins in NSA surveillance by cutting Department of Defense funds.

FBI, NYPD Form Financial Cybercrime Task Force

Threatpost for B2B - Fri, 06/20/2014 - 10:08
The FBI has formed a new cybercrime task force with the New York Police Department and the Metropolitan Transit Authority whose job will be to go after high-level financial cyber crimes, employing a model of interagency cooperation that the bureau and other federal law enforcement agencies have used with notable success in other areas. The […]

Plaintext Supermicro IPMI Credentials Exposed

Threatpost for B2B - Fri, 06/20/2014 - 09:28
Weaknesses in Supermicro IPMI-based baseboard management controllers expose remote passwords in plaintext.

Google, Microsoft to Implement Mobile ‘Kill Switch’

Threatpost for B2B - Thu, 06/19/2014 - 13:58
Google and Microsoft will implement 'kill switches' into their mobile offering in response to petitions from elected officials claiming that a similar Apple feature has deterred theft and violent crime.

Adware or money loss instead of your favorite World Cup game

Secure List feed for B2B - Thu, 06/19/2014 - 13:28

This is the fourth and final part of our series of blogposts about the World Cup and the IT threats associated with it. Moreover, these are problems that we face right now, while our soccer stars are strutting their stuff in Brazil.

Many fans have found themselves away from the TV and looking for a live stream of a big game - but looking for live broadcasts on the Internet can cost you money or leave a malicious program on your computer.

When you search on Internet for the live Word Cup broadcast, you will sometimes find purchased advertisements that lead to fraudulent or malicious content. Here are two fresh examples of it, all set up for the World Cup:

When you go to the Website, it asks you to download a special plugin available for all browsers. This is supposed to be the player needed to watch the on-line broadcast of the games:

In reality, it is an Adware program, which may not show you anything but will drain your computer's resources. Adware software straddles a thin line between classic cybercrime and legitimate software. This is why our statistics show the constant detection grow on the same on the user's devices:

Sites like these also promise to show all the World Cup action:

The sites offer every game, at any time. They promise high quality footage taken from the best cameras in the arenas. Of course, all credit cards are accepted!

However, if you pay, you will just lose your money. Dubious and dishonest websites like these have no interest in playing by any rules.

One last important point is every day we see a lot of new registered domain names containing words like "Fifa Live World Cup steaming 2014". We believe most of them will be used for a malicious purpose.

Cybercriminals, opportunists and other malicious individuals look for occasions like the World Cup. They know this is the best time to cheat people, stealing their money and infecting their devices. Stay ahead of the game and do not fall into their social engineering traps. Use the best anti-malware protection and keep your wits about you when browsing and looking for the content. By the way, if you want to see a live broadcasting, probably you may use one of these legitimate councils.

You may follow me on twitter: @dimitribest

Research Project Pays People to Download, Run Executables

Threatpost for B2B - Thu, 06/19/2014 - 11:57
Incentivized by a minimal amount of cash, computer users who took part in a study were willing to agree to download an executable file to their machines without questioning the potential consequences.

Possible TrueCrypt Fork in the Works

Threatpost for B2B - Thu, 06/19/2014 - 11:08
Although the developers behind the TrueCrypt encryption software have given up the ghost and decided to no longer maintain the application, interest in the project has never been higher. But, one of the developers says that a nascent effort to fork TrueCrypt is unlikely to succeed. Matthew Green, a cryptographer and professor at Johns Hopkins […]

Hacker Puts Hosting Service Code Spaces Out of Business

Threatpost for B2B - Wed, 06/18/2014 - 17:09
Cloud-based code-hosting service Code Spaces announced today it was going out of business after a hacker deleted most of its machines, customer data and backups.

Hacker Exploits NAS Vulnerabilities to Mine $620K in Dogecoin

Threatpost for B2B - Wed, 06/18/2014 - 15:01
A hacker exploiting vulnerabilities in Synology network attached storage boxes was able to mine $620,000 in Dogecoin.

FTC Asking DEF CON to Help Catch Robocallers

Threatpost for B2B - Wed, 06/18/2014 - 13:01
The FTC is seeking help from hackers at DEF CON to help lure and identify the perpetrators of illegal robocalling scams, whether they are criminal or corporate.

A Spam Trinity: Email Harvesters, Botmasters, Spammers

Threatpost for B2B - Wed, 06/18/2014 - 12:55
Researchers at the University of California Santa Barbara and Aachen University in Germany examined the relationship between spammers, botmasters and email harvesters in order to improve antispam systems.

Flaws Found in USCIS RFID Card Production System

Threatpost for B2B - Wed, 06/18/2014 - 11:42
The system that’s used to produce RFID-enabled identification cards–including permanent resident IDs–by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system […]
Syndicate content