Dubai Police registered 25,000 e-crime reports last year, as cyber criminals exploited the disruption caused by Covid-19 around the world.
The pandemic exposed a barrage of cyber security vulnerabilities in the Middle East and hackers took advantage of the uptake in digital adoption, a senior official said on Monday.
Col Saeed Al Hajri, director of the Cybercrime Department at Dubai Police, said that since the e-crime platform was established in 2018, reports have increased each year, with 2020 accounting for the highest case numbers yet.
He said phishing and ransomware incidents were some of the most common forms of attack in the country.
“As well as facing a biological pandemic, we have been faced with a cyber pandemic too,” Col. Al Hajri said at the Gulf Information Security Expo and Conference (Gisec) in Dubai.
“When it comes to cyber security, it’s a cat and mouse game between criminals and policing authorities. We have to keep implementing preventive and proactive methods to keep data and individuals safe.
“In 2018 we introduced a unified reporting platform for transparency for the public, the e-crime service. In its first year we registered 3,000 cases, in 2019 that number increased to 14,000, and last year a record 25,000 cases were reported.”
The comments offer an insight into the increasingly challenging cyber security environment in the Middle East.
A life spent online
The UAE has one of the highest digital adoption rates in the region. Data from the World Digital Report 2021 shed light on the web-based lifestyle of 43 countries in 2020, including the UAE.
The average resident in the Emirates spent seven hours and 24 minutes online a day last year. According to the report, 99 per cent of people in the UAE are active on social media and 97.6 per cent are smartphone owners.
Speaking at Gisec, Dr Mohamed Al-Kuwaiti, head of cyber security for the UAE government, said Covid-19 had fundamentally changed the way we work and live.
In the past year, the UAE has recorded a “300 per cent increase in cyber attacks”, and that frequency is likely to grow as the digital revolution continues.
“This past year has taught us that we are not only in the midst of a pandemic but in the midst of a digital revolution too,” he said.
“While technology advancement may be deemed a saviour in that it allowed us to continue working and learning remotely from home, the heavier reliance on technology and the internet has exposed new vulnerabilities.
“Securing the cyber landscape is a necessity in protecting the connected population.”
He said as cyber threats become increasingly sophisticated, it is crucial that countries collaborate to be more resilient.
While hackers will always find ways to breach systems, international knowledge sharing will help governments keep abreast of new attacks.
Speaking alongside Col. Al-Hajri, Craig Jones, cyber crime director for Interpol in Singapore, said countries need to be more "willing to share data" - from policing authorities to public or private entities - to help understand how criminals are attacking local communities.
“It is about understanding local communities and what crimes are specifically impacting a population,” he said.
“We can analyse this activity with vital data, so the priority is on how we can change policing models and introduce and encourage this ‘dare to share’ model internationally.
“Nowadays, cyber criminals work as a business model so we want to disrupt that model. It is very challenging.”
What are the top cyber vulnerabilities in 2021?
1. Social engineering
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions, rather than technical hacking techniques. It is one of the most common forms of attacks on individuals.
It uses psychological manipulation to trick users into making security mistakes or give away sensitive information, such as bank account details and passwords. Social engineering attacks happen in one or more steps.
- On the phone - a social engineer might call and pretend to be a fellow employee or a trusted outside authority (such as law enforcement or bank employee).
- In the office – a criminal might claim to have forgotten their access card to enter a building. While the person asking may not seem suspicious, this is a very common tactic used by social engineers.
- Online - social networking sites have made social engineering attacks easier to conduct. Today's attackers can go to sites like LinkedIn and find all of the users that work at a company and gather plenty of detailed information that can be used to further an attack.
This is a technical attack where a victim is targeted via email or text message by someone posing as a legitimate institution to lure them into providing sensitive data.
This could include personally identifiable information, banking and credit card details, and passwords.
3. Spear phishing
Spear phishing is an email or electronic communications scam targeting a specific individual, organisation or business.
Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.