Cyber crime: A real threat that needs to be fought [Khaleej Times (United Arab Emirates)]
(Khaleej Times (United Arab Emirates) Via Acquire Media NewsEdge) The ramifications of cyber-attacks are far reaching. Companies around the world are targeted for good reason.
There are criminal gangs, individual hackers, groups and certain governments who strive to unbalance targeted economies by disrupting business, through cutting off the supply of oil to international and domestic markets, or stalling the smooth workings of a country's financial services sector.
The Middle East has already witnessed some audacious attempts by cyber-criminals to disrupt some of the region's largest oil and gas companies. In the UAE, two of the top banks have been hit by so-called denial of service attacks, where hackers bombard a site with traffic until it collapses under the load. As a result, the Web sites of these banks were temporarily unavailable to online customers last year. The former chief of the UAE Air Force has publicly confirmed that countries in the Gulf with advanced telecommunications infrastructure, such as the UAE, are a favourite target for hackers. Past evidence has confirmed this, with Egypt and Saudi Arabia among the top three target countries for a particularly pernicious online banking virus known as Zeus.
Certainly, companies of every size in all vertical sectors need to work around the clock to defend themselves against these sorts of threats. Without preventative measures in place, any one of them could impact on the smooth working of an organisation's operations.
One of the problems of defending against cyber-threats is not just the sheer scale of attacks, but the huge number of different types of malware that experts identify; 1,200 a day is not an unusual count, one per cent of which will be a new malware strain, never before seen. The attack vectors are regularly changing and the threat landscape constantly shifting.
Spear-phishing is one of the latest techniques where an e-mail is disguised by a hacker, luring the victim to open an attachment or link that infects a device with malicious software. Smartphones are just as vulnerable to cyber-attacks as a desktop computer or laptop, and cyber-attacks on mobile phones rose by a factor of six this year, data security company McAfee has confirmed. Growing numbers of people now use their smartphones to access their personal bank accounts, and to remotely access business files. As they do, more cyber-criminals will begin to target them. In fact, data security experts predict that employees' private mobile devices that have access to company networks will become a number one target for cyber-criminals in 2013.
According to security analysts, the most notable trends will be new examples of cyber-warfare operations, increasing targeted attacks on businesses and new, sophisticated mobile threats. Android's growing popularity among smartphone users means this platform, in particular, is becoming a prime target for cybercriminals.
Few people have yet experienced a mobile malware attack, and even fewer have suffered any significant consequences. While this is re-assuring, it raises the risk of a lack of vigilance and a lack of caution by users.
One of the most serious mobile malware attacks was one of the earliest. In 2002, an attack on phones on the Japanese Docomo network was used to engineer a denial of service attack against the emergency services by swamping them with spoof calls. At that time, Docomo had the most advanced mobile network in the world. Fraudsters in the mobile domain have favoured implanting rogue diallers on mobile devices to call premium rate numbers that profit the fraudsters. However, mobile platform vendors have tried to prevent malware from installing itself on mobile platforms and these efforts have so far prevented widespread malware infection.
Malware attacks in the mobile arena will no doubt follow their Internet counterparts, however, and focus on fraud and theft. This puts the mobile banking and mobile payments industries in the front line of the battle, along with telcos that will be targeted with rogue dialler attacks. Hackers will direct their main effort into the most lucrative forms of attack, which may be measured either by the value of a fraud or the volume of attacks that can be driven by a single offensive. This means that the banking industry will need to pay particular attention to validating money transfer instructions, whether initiated within a mobile banking session or by a mobile commerce payment instruction. The risks are greater when the user has the ability to initiate new payment routes, rather than simply transferring more money across an existing payment authorisation.
The threat to mobile banking will emerge when the volume of mobile banking users reaches the viability threshold needed to reward hackers for their effort. No technology-based approach that facilitates large-scale access to financial systems and the personal assets of its customers can remain immune from attack. That notwithstanding, protection needs to be put in place that makes successful hacker attacks difficult to achieve and at the same time reduces to a minimum any associated financial gains. Hackers continue to attack the weakest system links that they can find and it is incumbent upon mobile providers, the financial services sector, and the security industry to ensure that the use of mobile devices to transact business remains as safe as possible.
Although the volume of incidents so far has not been large, the industry is now at the point where adoption of mobile banking services will attract hackers to some potentially rich pickings. Banks, mobile device vendors, and mobile network operators need to cooperate to address the issue.
The author is the chief commercial officer of du. Views expressed are his own and do not reflect the newspaper's policy.
(c) 2013 Khaleej Times. All Rights Reserved. Provided by Syndigate.info an Albawaba.com company
[ Back To TMCnet.com's Homepage ]