x Abu Dhabi, UAEWednesday 21 February 2018

Pirated software opens UAE to hackers

Hackers and malware programs target businesses and organisations, experts warn. Undetectable Zero Day viruses - like the ones used against Iran's nuclear installations - are becoming a growing threat.

DUBAI // The use of pirated software is a main cause of the high number of malware attacks in the UAE, cyber-security experts warn.

They say users who install illegal versions of Microsoft’s Windows and Apple’s OS X operating systems leave themselves open to hackers because they do not have access to security updates.

They warn of a growing threat of Zero Day viruses, for which there is no protection. They are undetectable and often used against businesses and organisations.

Nicolai Solling, director of technology services at the cyber-security consultancy Help AG Middle East, said: “The Middle East has this issue where people are more willing to use this kind of counterfeit software.

“What they don’t realise is that they do not get access to the regular security patches.”

A study by the internet-security firm Kaspersky found the UAE had the second-highest rate of detected malware on computers.

Mr Solling said it was vital that operating systems were secure, but in the battle between software makers and hackers, the hackers were often a step ahead.

"The money invested in the black economy to create viruses is much higher than the resources available for those trying to stop them," Mr Solling said.

"There are malware kits available that allow virtually anyone to easily create their own computer virus. It's become that easy now."

Experts warn that in the coming year there is likely to be a growing threat from Zero Day viruses, which work so fast that by the time protection can be developed it is often too late.

The Gauss virus, found in May to be stealing bank passwords in the UAE as well as Lebanon, Palestine and Saudi Arabia, is an example of malware. It was a variant of the Stuxnet virus that targeted Iran's nuclear programme.

"Stuxnet contained 20 Zero Day viruses," said Fadi Aloul, associate professor of computer science at American University of Sharjah. "These viruses are sold on the black market for about US$100,000 [Dh367,300]."

Mr Aloul said the best way to protect against such attacks is to be careful when installing programs and using only trusted sources.

He said smartphones and tablet computers would become the next big targets for hackers.

"People have gigabits of data on their phones these days, everything from email addresses, to bank account numbers to social-networking contacts. And yet, these devices have no anti-virus or protection and that is a big concern."

He said the rapid increase in internet use in the UAE and the Middle East in recent years meant cyber security was scrambling to catch up.

The Kaspersky analysis of users of its products in the country found that on average they had 22 malware programs on their computers.

"We counted the average number of malicious programs that have been detected and blocked per each user of Kaspersky Security Network in these countries for the third quarter of 2012," said a spokesperson for the company.

The number of viruses blocked or removed on UAE computers was more than two times the average in North America.

The vast majority of infections were the result of visiting unsafe websites and opening infected email attachments.

More than a quarter of people surfing the internet in the UAE also suffered malware attacks.

"Since attacks on the web take place through the browser, cyber criminals need to exploit vulnerabilities in the browser, in browser add-ons [Flash Player], or in third-party software [such as Java or Acrobat Reader] which is used by the browser to process content," said the report.

"The main purpose of exploit packs is to download and launch executable malicious files without the user noticing."

nhanif@thenational.ae