Yazan A. Hammoudah, the manager for Systems Engineering at FireEye Middle East and Africa, said that the increase is due to the amount, as well as the variety of attacks from both advanced persistent threat (APT) or state-sponsored attackers and cybercrime groups.
Detection took 106 days for EMEA compared to 99 days globally in 2016. Hammoudah said that this reflects the advancement in the threat that has evolved.
He said that in 2017 Iran increased its cyber espionage capabilities and is now operating at a pace and scale consistent with other state-sponsored APT groups. “We found four groups such as APT32, APT33, APT34 and APT35 from Iran and their victims spans every sector and extends well beyond regional conflicts in the Middle East,” he said.
According to the report, APT32 targeted Vietnam, while APT33 targeted Saudi Arabian and Western organizations that provide training, maintenance, and support for Saudi Arabia’s military and commercial fleets. APT34 targets Middle Eastern financial, energy and government organizations. Since 2014, APT35 has targeted the US and the Middle Eastern military, diplomatic and government personnel, media, energy, and industrial defense base.
Hammoudah added that from August 2016 to August 2017, APT35 engaged in multiple operations against a broad range of victims. “Rather than relying on publicly available malware and utilities, Iranian hackers developed and deployed their own malware. When they are not carrying out attacks against their targets, they are conducting espionage and stealing data,” he said.
Further, “Some of the industrial control systems (ICS) in the region are using very old machines and now we are discovering a number of compromises. Once we went into the ICS, the malware has been in the system for many years with the hackers thinking like a foothold for future positioning rather than active attacks in 2017.” This is due to the shortage of cybersecurity skills gap and the average dwell time will increase further in the coming years.
“We are starting to see increased investment in developing the cyber defence skills among universities. As the demand for skilled personnel capable of meeting the challenges posed by these threat actors continues to rise, the supply simply cannot keep pace,” he said.
Also indicated by FireEye’s research is that Chinese cyber operations that target the intellectual property of US companies has declined significantly since an agreement by former President Barack Obama and China’s President Xi Jinping was signed in September 2015.