UAE phishing threat on the rise

The UAE Computer Emergency Response Team, also known as aeCERT, said that phishing remains among the highest security threats facing the UAE's cyberspace today. The cyber security consultancy, which is formed under the Telecommunications Regulatory Authority (TRA), has tied up with 95 governmental and private institutions to whom it provides services such as system monitoring, training, penetration testing, among other services. Phishing is the act of claiming to be an established enterprise in an attempt to scam users into providing private information that can be used for theft. It could be through e-mails or by creating a bogus website. Last year, 72 local banks have had security incidents with phishing, the centre's director, Tarek Al Hawi, said at a press conference yesterday. "The attacks have not increased, but its nature has become more complex and, therefore, we're required to provide full visibility of the systems for these different departments," Al Hawi said. "It's no longer a case of getting the account numbers and passwords of clients [of a bank] for example and stealing money… now the hackers have become so specific, targeting specific clients and then blackmailing the banks with the information they've got for a ransom," Mesha'al Bin Hussain, operations manager of technology development affairs at CERT, said. Other attempts have been Distributed DoS, or what is simply known as bringing a company's website down. "These kinds of incidents need to be dealt with within just a few hours from when they happen," Al Hawi said. Last year, CERT dealt with 15 forensic cases for its constituents, Al Hawi said. "These are only cases where we've been approached by the departments that we work with to resolve a security incident," he said. The majority of these incidents have been related to data recovery (47 per cent), followed by analysis (33 per cent), e-mail related issues (13 per cent) and investigation (7 per cent). In light of the high number of attacks and theft attempts that the banking sector is exposed to, the CERT is organising quarterly roundtables for banks in the UAE to help raise awareness and provide consultancy on how to fight specific viruses and how to maintain a secure network. "I think by now, almost everybody knows not to give private information over e-mail to anyone," Al Hawi said. "But, it seems the hackers are always one step ahead of us." From gulfnews