Saudi Arabia saw the highest proportion of cyber attacks in the EMEA region, with 11% of the total attacks, and about half directed against its oil and gas sector, according to FireEye.
The data come from a new threat report from FireEye, published this month, which details the findings of the firm’s security researchers and response units. The report shows Saudi Arabia has become a prominent target for online attacks, ahead of the largest European countries, according to Darren Gale, EMEA lead for Mandiant Consulting Services and network and endpoint forensics at FireEye.
“If you look at the countries most under attack across the whole of Europe, Middle East and Africa, Saudi Arabia comes up as one of the countries most under attack, with 11% of attacks targeting the country. To put that in context, Spain and Germany both had 10%, the UK had 9% – so it’s a really significant number,” Gale told Lynchpin Media’s Editorial Consultant, Eliot Beer.
Saudi Arabia’s oil production was the clear target, he said: “About 50% of the attacks were related to the energy and utilities sector – as you would expect, with oil being a strategically important commodity for most of the world’s economies, information relating to the oil and gas sector is particularly valuable, whether that’s a commercial espionage approach, or business process, commodities trading, or more from a government strategy perspective.”
According to the report, the kingdom’s educational institutions also saw a lot of attacks: “Education, which is always an easy target due to the liberal use of systems and resources for students to learn, allows attackers a perfect ‘staging’ environment, where they can have control of a system to launch a secondary (and more important) attack which was typically their ultimate goal. FireEye continues to build relationships with education institutes in the Kingdom to ensure cyber defence monitoring is on the top of their agenda.”
The FireEye report recorded an increase in attackers using the widely-known “backdoor.APT.LV” remote access tool – researchers said this was unexpected, and possibly showed a high level of confidence in the attackers, as it was common practice to discard tools which were now so easily detectable. But when it came to the oil and gas sector, attackers were not so complacent.
“In the energy and utilities industry, we seem more of a focus using advanced tools such as XtremeRAT and SpyNet. These tools, while publicly available, are not open for use, as they are more typically made available as a commercial tool. The XtremeRAT is also popular among attackers based in the Middle East, commonly seen in attacks by certain actors and also believed to be in use by the Syrian government,” said the report.
Gale said FireEye tracks around 300 groups of attackers, and can often provide attribution not just of the actors involved, but to their motivations as well. He said there had been a clear shift in the groups from just states to a wider range of organisations.
“If you look at how we classify those groups over time, maybe three years ago almost the exclusive advanced persistent threat actor was China, in terms of sophistication, and the motivations around economic espionage and so on. But our classification has expanded significantly in the last year or so to include other nation states, and also some of the financially motivated organised crime groups – mainly because of their level of sophistication,” said Gale.
Click below to share this article