Dubai Cyber Security Conference told cases of malware rose from 4,800 in whole of 2010, but many such attacks can be easily avoided.
DUBAI // The telecommunications regulator says there were more than half a million cyber attacks on UAE computer users in the first three months of this year.
The Telecommunications Regulatory Authority, or TRA, says the number of attacks has grown rapidly in the past three years, from 8,400 in 2010 to 530,000 in the first quarter.
And the problem is set to worsen, with an expert predicting smartphones will become popular targets for hackers.
“We are seeing a huge increase in the number of malware attacks taking place in the UAE,” said Saeed Belhoul, director of e-government at the TRA.
The figures, from the UAE’s cyber-security coordination centre known as aeCERT, were presented at the Cyber Security Conference in Dubai yesterday.
They show the number of attacks in the first quarter compared with 400,000 for the whole of last year.
Mr Belhoul said that of particular concern were the “Man in Browser” malware attacks, commonly used to access bank websites and defraud.
Malware, or malicious software, is programmed to collect sensitive information by hacking into a computer system.
A form of the software called the Trojan horse can be used to access a bank’s secure online web pages.
It then changes security settings to take control of the page by displaying the SSL certificate used for financial transactions.
The hacker then has control of the page, along with login, password and other customer details.
This technique also allows the hacker to get around the secondary layer of security many banks use by asking customers to SMS a code to confirm a transaction.
“The hacker makes a financial transaction and when the bank sends the request for the customer’s code, he can contact the victim directly to get that sent to him,” said Mr Belhoul.
But security experts at the conference said much of the risk could be negated by regularly updating software to plug any vulnerabilities, and for companies to keep in contact with local security-research communities.
Marc Maiffret, a former hacker who is now chief technology officer at the US cyber security company BeyondTrust, warned smartphones would become increasingly popular targets for malware.
“At the moment computers are a big target but in the coming years as we start to see smartphones used more and more for making payments and to store our identity, they will become more of a target,” Mr Maiffret said.
He said a simple step consumers and businesses could take to protect themselves was to upgrade their computers and phones to the latest versions of the software they used, as this would automatically plug security gaps.
Ninety five per cent of all attacks on computers that run Windows come from preventable weaknesses, said Mr Maiffret.
“One thing I advise companies to do is get in touch with your local security-research community and support them, because in many cases they want to do the right thing when they find these security holes and tell the companies affected about them,” he said.
“The underground market for this kind of information is so big now that they could just as easily make much more money selling what they have discovered to criminal organisations.”
Ahmad Al Mulla, vice president of information technology at Dubai Aluminum, told delegates companies should make sure they have a strategic vision for their security procedures.
“We tend to see that many companies focus on the technology aspect of information security but neglect the people,” Mr Al Mulla said.
“Making sure that your employees are aware of the issues regarding security will help to improve the situation greatly.”
Companies should also conduct risk assessments to see if it is worth protecting some IT aspects of their business.
“The issue of information security is one in which you have to constantly stay on top of because the threats are always evolving,” Mr Al Mulla said.
The Cyber Security Conference was organised by telecoms company du at the Armani hotel in the Burj Khalifa.