x Abu Dhabi, UAETuesday 16 January 2018

Risk of cyber crime rises in region

The region has recently been targeted by software that infects computers and then steals banking details by logging the computer users' keystrokes.

Banks in the Middle East are at risk from increasingly sophisticated online banking attacks as the region's economic growth creates a tempting target for cyber criminals, say banks and internet security analysts.

The region has recently been targeted by the Zeus Trojan horse malicious software - or malware - that infects computers by inviting users to click on links sent via e-mail, Facebook and online advertisements, and then steals banking details by logging the computer users' keystrokes.

Its availability, low cost and ease of configuration makes Zeus particularly attractive to hackers.

"Cyber crime is a booming business, and it's hardly surprising," said David Emm, the senior regional researcher at Kaspersky Lab, a provider of anti-virus software.

In October, an international law enforcement task force led by the US FBI reportedly smashed an organised-crime ring in eastern Europe that had stolen US$70 million (Dh257m) from US banks.

Kaspersky Lab has said that during its monitoring of cyber crime this year, it identified Egypt and Saudi Arabia as among the top three countries experiencing Zeus infections.

Saudi Arabia's vulnerability has increased because online banking and the use of credit cards have grown at a greater rate in the kingdom than in some other Gulf states, where cash is the preferred method of payment, said Waleed al Hatlani, the head of remote banking at Riyad Bank in Saudi Arabia.

Zeus and other sophisticated tools used in cyber attacks made it imperative that banks take new measures to protect customerswho may have low levels of computer literacy, he said.

"This is a necessity now, since the hacker isn't interested in playing games and infecting computers just for the heck of it," Mr al Hatlani said.

"Now they're interested in financial transactions. This is the trend worldwide."

Malike Bouaoud, the head of risk management at Q-Cert, the Qatari government's internet security centre, said hackers were adapting quickly to new security initiatives.

"Even though we have more security layers, they're taking more and more advantage of potential vulnerabilities," he said.

He warned, however, that the ease of configuring the Zeus Trojan had set a precedent for other malware targeting financial institutions.

"What's been seen around the world is just the beginning of something much bigger," he said.

"What I've seen as a trend is that such kinds of malware as Zeus might be trying to focus on payment instruments."

Unknown vulnerabilities in credit card readers and automatic cash machines, if successfully exploited by hackers, could cause serious economic damage, he said.

But Justin Doo, the director of security practice in emerging markets for Symantec, said Zeus had yet to infiltrate the Middle East to the same extent as in Europe because of the relatively low penetration of online banking done in the region.

But the growth of online banking and an increasing number of remittances had created a breeding ground in the region for malware such as Zeus.

"There is a lack of ability to track this easily," Mr Doo said. "It's harder for financial organisations to announce their losses because it could be thousands of accounts that could be compromised that they haven't identified yet."