The Rise of Cyber Security Threats on Critical Infrastructures in the Middle East
With the rise in geopolitical rivalries and disputes, the Middle East faces nation-state-sponsored cyber attacks on infrastructures such as utilities, oil and gas, and transport hubs. Meanwhile, the advancement to cloud services and digital marketing growth is fuelling a terrifying rise in consumer data theft. Critical infrastructure must segregate and defend networks while governments must bring forward new GDPR-style data security.
Security teams at critical infrastructure plants across the Middle East are on utmost alert as a surge of politically-motivated cyberattacks targets their functions.
Many of the attacks are undiscovered, and those found are often unreported, which may hide the nature and scope of the problem.
Cyberpunks are targeting infrastructures such as water systems, oil and gas facilities, transport hubs, and manufacturing plants.
Tarek Kuzbari, director for security vendor Cybereason of the Middle East and Turkey, says: “In the Middle East, the number of politically-driven cyber attacks is very high compared to other regions.
A report by UAE cyber security company DarkMatter in 2019 revealed that the oil and gas industry, finance, transport, and utilities had been targeted by state-sponsored groups striving to sabotage rival nations’ economic and social resilience. Three-quarters of oil and gas firms in the region had undergone cybersecurity breaches.
DarkMatter’s research pinpointed eight key intrusion sets, coordinated attacks which are: Bitter, Molerats, MuddyWater, Shamoon 3, Chafer, DarkHydrus, OilRig, and DNSpionage. Shamoon 3, in particular, has been used to undermine significant companies.
A monthly report by TRA for June 2020 on cybersecurity developments in the United Arab Emirates Federal Government stated that 73% of the cyberattacks were malware, 15% vulnerabilities, and 12% phishing attacks. The cybersecurity units have also regulated more than 407 cyber incidents. Over 80% of companies in the United Arab Emirates reported at least one cyber-attack last year.
What makes critical infrastructure so vulnerable?
Despite the rise of digitalization, most industries still depend heavily on traditional safety systems. This provides cyber attackers a unique opportunity to bank on the vulnerabilities of decades-old infrastructure systems.
Most enterprises also outsource operations that are not part of their core competencies. This results in a problematized mesh of technologies and services, expanded attack surfaces, and a lack of visibility and control. Shortage of budget and cybersecurity expertise for smaller enterprises is yet another problem.
Importance of threat prevention in critical infrastructure sectors
Security professionals have often cautioned about the possibility of Supervisory Control And Data Acquisition (SCADA) attacks resulting in complete blackouts and worse. Advanced Persistent Threat (APT) cyberpunks have become a virtual wing of nation-states’ military forces because of the possible damages and mess caused by successful critical infrastructure cyber attacks.
There have been constant cyber attacks launched due to problems escalating between states. NotPetya is a notorious example of how a state-sponsored cyber attack can totally debilitate a transportation giant.
Now, imagine a ransomware attack disabling the production machines of a pharmaceutical corporation liable for manufacturing critical medication and equipment in the middle of the pandemic. The outcomes could be terrifying.
Top 5 critical infrastructure vulnerabilities
Legacy software
OT Systems run on traditional software that lacks good user and system authentication, data authenticity verification, or data integrity scanning features that authorize attackers’ uncontrolled access to systems.
Default configuration
Out-of-box systems with default or easy passwords and baseline configurations enable cyberpunks to list and compromise OT systems.
Lack of encryption
Traditional SCADA controllers and industrial protocols lack the capability to encrypt communication. Cyber attackers use sniffing software to find username and passwords.
Policies and procedures
Security gaps are formed when IT and OT departments vary in their process of securing industrial controls. Different departments should work together to construct a unified security policy that defends both IT and OT technology.
Remote access policies
SCADA systems linked to unaudited dial-up lines or remote-access servers give cyberpunks easy backdoor entry to the OT network and the corporate LAN.
Top 5 Critical Infrastructure Threats
Lack of network segmentation
Internet-connected OT flat and misconfigured network and firewall features that fail to notice or intercept hostile activity provide cyberpunks with an easy path to enter OT systems.
DDoS attacks
Invalidated sources and limited access controls enable cyberpunks to sabotage OT systems to perform DoS attacks on vulnerable unpatched systems.
Web application attacks
Legacy OT systems, including human-management interfaces (HMI) and programmable logic computers (PLC), are increasingly linked to the network and are accessible anywhere via the web interface. Unsecured OT systems are vulnerable to cross-site scripting and SQL injection attacks.
Command injection and parameters manipulation
Invalidated information not verified as legitimate system traffic enables attackers to run arbitrary system commands on OT systems.
Malware
OT Systems are exposed to attack and should comprise anti-malware security, host-based firewall controls, and patch-management guidelines to reduce cyberattacks.
What Steps are Taken by the Government to Secure Critical Infrastructure?
With the massive increase of cyber attacks in the OT systems, the executives of the UAE and other selected states in the Middle East region (Bahrain, Saudi Arabia, Qatar, among others) are concerned about defending the cyber infrastructure and protecting the critical infrastructure against potential cyber threats.
Middle East governments are acutely aware of the new threat landscape of digitization. Many of them have enhanced their cyber security activities in the past few years to strengthen their national cyber security capabilities and upgrade the protection level of their critical national information infrastructures.
In the UAE, cabinets have decided to launch the UAE cyber security council to build a detailed cyber security plan and a safe and powerful cyber infrastructure. The council will contribute to making a lawful and regulatory framework that covers all sorts of cybercrimes, securing existing and emerging technologies, and setting a robust ‘National Cyber Incident Response Plan’ to promote a swift and coordinated response to cyber incidents in the country.
How can ATS help?
ATS is a trusted OT cyber security deliverer with over 18 years of experience. We are one of the top OT cyber security providers in the UAE and Middle East region, with over 400+ projects completed in the country and other parts of the Middle East.
It can be challenging to analyze where to start to defend the critical infrastructure from cybercrime and cyberattacks. There’s so much data out there that it can become overwhelming, especially when the information is conflicting. Hence, ATS is pleased to share with you a collection of critical data, procedures, and terminologies in a comprehensive eBook about OT Cyber Security entitled “ATS Operational Technology (OT) Cyber Security eBook.” Find more about OT cyber security in this new eBook from ATS.
Be one of the first to have a copy of the ATS eBook on Operational Technology (OT) Cyber Security, and download your free copy today here.
