Amin Hasbini, senior security researcher at Kaspersky Lab’s Global Research and Analysis Team, making a point at the Cyber-Security Weekend conference organised by Kaspersky Lab in Lisbon, Portugal, last week.
By Pradeep Palat/Lisbon
Kaspersky Lab, one of the leading vendors of IT security solutions, is setting up its malware cleaning centres in the region with one in Saudi and one in the UAE in the final stages of the process, Amin Hasbini, senior security researcher at the company’s Global Research and Analysis Team, said.
“The cleaning centres are being set up to process specific threats called Distributed Denial of Service (DDoS) attacks against big corporates, organisations and government agencies. Currently one such centre is being finalised in Saudi, and one in Fujairah in the UAE. Fujairah has been chosen because the emirate has the Internet ‘backbone’ — a big fibre network being laid under the sea off its coast, which is feeding half the region,” Hasbini told Gulf Times on the side lines of a Cyber-Security Weekend conference in Lisbon last week.
Hasbini said that the GCC region is being attacked by cyber criminals more than anywhere else in the world. “The reason is that the this is an advanced region with a lot of resources and very good Internet speeds — which helps the cyber criminals to launch attacks against banks, other commercial establishments as well as government agencies and steal their files. And cyber criminals look for money. For example, they consider that people in Qatar will be able to pay more ransom than anybody else in the world, because Qatar is the richest country in the world in terms of per capita income.”
Hasbini said an Internet malware called ‘ransomware’ is a big problem now in the region. “The perpetrators of this particular malware encrypt your files and will not give the key to open them unless you pay the ransom they ask for. We have seen some ransomware in the region with a demand of upto $1500. Earlier it used to be only something like $200.”
Hasbini said two major attacks, against Aramco in Saudi and RasGas in Qatar, has caused a revolution in the region in terms of cyber security. “The attackers on Saudi Aramco were able to wipe files from some 20,000 PCs and 2,000 servers. We are lucky enough that the attacks did not affect the oil and gas production. Also, there were cyber-attacks on some other public utilities in the region but the information is not public.” However, there is an increasing level of awareness in the region after these two major cyber-attacks, he added.
What are the motives behind such attacks? Are they only financial? “No. Though they must have spent some tens of thousands of dollars to develop the malwares to launch such attacks, the motives may not be financial, but political or just to cause reputational damage. It’s a bit complicated to jump into conclusions. There could be a big force behind it.”
“For example, the ‘Desert Falcons’, which Kaspersky detected in February 2015, are some 20 to 30 Arabic-speaking people who developed a malware tool and attacked the region. They attacked files in Palestine, Egypt, Jordan and Turkey. Windows and Android devices were attacked. They targeted military, government, religious, energy and aerospace entities. We have detected that they were working since 2011 and have spent a lot of money on developing the malware and we are not sure whether they have completely dropped it. May be they could come back from a different IP address later. It’s a possibility.”
Hasbini said Kaspersky Lab is working with some governments in the region and has signed MoUs with Computer Emergency Response Teams (CERTs), the entities under the ministries of telecommunication.
He said said Kaspersky Lab has multiple sales partners in Qatar and has a dedicated team working for the Qatar market. In the UAE, recently Kaspersky had signed a big contract with Etisalat and they moved a large number of devices under the protection of cyber security by Kaspersky Lab, Hasbini added.
