WannaCry: why ME needs to worry despite minimal damage
Fortunately, the bad news has not come yet. Despite a cyber-security researcher’s prediction of the return of WannaCry virus on Monday, no reports of attacks have emerged from the Middle East.
However, the international media suggest that there were few fresh attacks in parts of Asia and Europe on the day.
Also, in a major development, Microsoft officially confirmed that the attacks were carried out using tools stolen from the US National Security Agency (NSA).
Ransomware attacks infected more than 230,000 computer systems across the world on Friday demanding $300 to restore access.
UK cybersecurity researcher, tweeting as @malwaretechblog, who helped to halt the spread of the virus by accidentally activating a “kill switch” in the malicious software, had predicted “another one coming… quite likely on Monday”.
However, the UK’s National Crime Agency (NCA) has just confirmed that there has been no evidence of a second round of malware attacks.
“We haven’t seen a second spike in #WannaCry #ransomware attacks, but that doesn’t mean there won’t be one,” the NCA said in a tweet.
Government agencies, private firms and individuals in 150 countries were affected by the ransomware, known as WannaCry and variants of that name.
Russia was the hardest hit country followed by Ukraine and India. In China alone, computers at 29,000 institutions and organisations were affected.
The UK’s National Health Service (NHS), multinational courier delivery services company FedEx and car manufacturers Nissan and Renault were among the worst hit by the attacks.
Middle East not targeted?
The Middle East was largely unscathed in the ransomware attacks. Nonetheless, a few isolated cases were reported in Egypt and Oman. The UAE on Saturday confirmed that no cases of the malware attacks have been reported in the country.
“We have a specialised team which can deal and respond to Information security emergencies. Until now, only one case of ransomware attack has been reported at the sultanate in one of the government organizations,” said Dr. Bader bin Salim Almanthari, Director General, Information Security Division at Information Technology Authority, Oman.
Almanthari said that there was nothing to worry as the situation in the country is under control and as “only one case has been reported at the sultanate in one of the government organization with a few number of systems have been infected with the virus.”
“However,” Almanthari added, “at the same time, we would like to draw the attention of government and private organizations to the importance of taking serious protective measures to deal with all cybersecurity attacks generally including the necessity of making backups to all organization’s data before starting the work, updating antiviruses programmes and activating auto scanning for all organization’s network regularly.”
Experts have asked users to patch their systems with security updates.
Microsoft said the attack should serve as a wake-up call and the computer giant has already created security patches for its now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.
The UAE’s Telecommunication Regulatory Authority (TRA) has also called on “the system administrators to increase the degree of readiness and continuous monitoring of the systems and to inform the authority in case their devices got exposed to the virus.”
More importantly, security experts have always said the countries in the region are highly vulnerable to cyber-attacks and have asked them to step up measures to avoid such instances.
In the GCC alone, cyber-attacks are costing the economy an estimated $1bn annually.
According to the finding from a 2016 PwC survey, cybercrime is the second most reported crime faced by businesses in the Middle East, affecting 30 per cent of organisations. This is above world trends; 42 per cent of respondents in the region said they had suffered high or medium level damage to their reputation as a result of cyber-attacks, compared to 30 per cent globally.
American software company Symantec’s latest report revealed that Saudi Arabia was the most targeted country in the Middle East and Africa followed by the UAE for ransomware attacks. The kingdom ranked the 20th in Symantec – Internet Security Threat survey while the emirates came at the 26th spot globally.
Furthermore, credentials of 20,000 GCC employees were compromised and leaked online last year.
Russian cyber security firm Kaspersky Lab has revealed that the percentage of industrial computers under attack grew from over 17 per cent in July 2016 to more than 24 per cent in December 2016, with the top three sources of infection being the Internet, removable storage devices, and malicious e-mail attachments and scripts embedded in the body of e-mails.
On average two-in-five computers, related to the technological infrastructure of industrial enterprises, faced cyber-attacks in the second half of 2016, according to the firm.
Handiwork of US government
Microsoft lashed out at the US government in an official blog post published late on Sunday.
The company said “the attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.’
“This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action,” the blog post said.
It also said it was time for an urgent collective action and called on tech sector, customers, and governments to work together to protect against cyber-attacks.