Cybercriminals Double Down on Crypto Mining Attacks in the UAE


According to the Kaspersky Security Network findings released at GISEC 2022, cryptomining attacks in the UAE doubled in 2021 as compared to 2020. The country also witnessed an increase in financial malware attacks on Android by 42% in the same time period. The Middle East overall paints a similar picture, wherein cryptomining attacks increased by 7% and financial malware on Android increased by 6% in 2021 as compared to 2020.

On the bright side, all malware attacks in the country saw a decrease by 22%, and Ransomware attacks too dropped by 25% in 2021 as compared to 2020. While the plummeting numbers are a promising sign, experts are noticing a change in tactics used by cybercriminals targeting the UAE. More complex and targeted cyberattacks are being devised and launched, suggesting that cybercriminals are focusing more on quality than quantity.

Organizations in the UAE are rapidly adopting technologies like the Internet of Things, artificial intelligence and automation to transform the way they operate and build an “always-on” business. Trends like remote and hybrid working are also gaining traction, which opens new doorways to vulnerabilities. Cryptominers steal computing power by exploiting all applications, servers, and platforms that can support their mining operations. Such attacks result in organizations experiencing IT infrastructure performance lags and high electricity bills, which are less noticeable than the usual red flags in cybersecurity such as disruption of services, financial losses or file encryption due to a ransomware attack.

This also calls for caution within the Critical Infrastructure (CI) sectors, which include, Oil & Gas, Utilities, Manufacturing, Water, Smart Cities, and Transportation. These are the key drivers of the UAE economy and rely on Industrial Control Systems and technologies like IoT for smooth functioning. During the second half of 2021, Kaspersky reported that almost 40% of all ICS computers were attacked by malicious software at least once. Cyberattacks on these systems can impact production operations, result in financial losses and affect people’s lives. The goal of such attacks can be both cyber sabotage and cyberespionage.

“Cybercriminals are now more interested in targeting the select organization, not many, to achieve what they want. It’s quality over quantity from here on” said Emad Haffar, Head of Technical Experts for META at Kaspersky. “They are choosing to use complex methods to design and launch highly-targeted attacks. To mitigate this situation, it is important to educate employees, who are the organisations’ first line of defense and help them understand how cyber threats are evolving, and their role in avoiding them.” He added.

Although these attacks are tricky to prevent, they can be detected and responded to at an early stage of the attack sequence. Today, large organizations across all industries and governments need strong detection, analysis, and hunting capabilities to stay one step ahead of cybercriminals. Security Operation Center (SOC) plays a key role and must be equipped with actionable Threat Intelligence and the tools to enable it to identify threats and dynamically respond to them. For instance, Endpoint Detection and Response, which monitors, analyses, and responds to ongoing suspicious activities on endpoints, is a cornerstone in the SOC. In the event of a shortage of security experts, organizations can invest in Managed Detection and Response (MDR) which can strengthen their cybersecurity posture. The Kaspersky MDR platform delivers round-the-clock protection to networks from the growing volume of threats circumventing security barriers. Organizations also have access to Kaspersky experts and advanced intelligence to fend off complex attacks.

Leave a reply