8 April 2019

Group-IB and NGN International: Gulf countries came under hackers’ spotlight in 2018, with more than 130 000 payment cards compromised

Group-IB, an international company that specializes in preventing cyberattacks, and NGN International, a global system integrator, analyzed cybersecurity landscape in Gulf countries in 2018. Group-IB Threat Intelligence team identified compromised credentials of 7 306 users from the Gulf countries in 2018 and detected the total of 138 978 compromised cards issued by the Gulf countries’ banks.

Number of compromised cards ramps up in GCC

In 2018, Gulf countries including Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates (UAE) came under the spotlight of cybercriminals increasingly often. Group-IB Threat Intelligence experts detected a total of 138 978 compromised cards issued by the Gulf countries’ banks. This data comes not only from the analysis of underground forums and phishing websites, but also from the analysis of cybercriminals’ infrastructure (including but not limited to C&Cs) and malware disassembling.

The stolen payment cards data is often put up for sale on underground forums or used in further fraudulent activities. Group-IB Threat Intelligence team continuously analyses compromised cards data all over the world. According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, the details of 1.8 million payment cards were uploaded to card shops monthly.

Aleksandr Kalinin

Aleksandr Kalinin

Head of Group-IB’s Computer Emergency Response Team (CERT-GIB)

CEO of NGN International, Yaqoob AlAwadhi stated that, from 2017 to 2018, cybercrimes aimed at financial thefts increased significantly with cyber-criminals largely exploiting software vulnerabilities through phishing mailings and hacked legal resources.

The attacks lately have evolved a lot as attackers are beginning to use artificial intelligence and machine learning to bypass the defense, attempting what is known as ‘low-and-slow’ attacks,» explained Mr. AlAwadhi. «What is important is that successful struggle with such cyber-attacks is possible. It is extremely important to react to them in time and correctly, as well as to build a competent comprehensive protection system in advance.

Yaqoob AlAwadhi

Yaqoob AlAwadhi

CEO at NGN International

With the advent of IoT technologies, big data and machine learning, attack tools become more advanced and encompass several information systems and resources.

Attacks on state information systems and resources, and resources of individual enterprises and industries, can lead to negative consequences for the economy of the country, while affecting the health and lives of people. Hence, the task of preventing information security incidents for critical information infrastructures should be addressed at the legislative level. NGN International offers customers a comprehensive approach to protecting information infrastructure: from protecting important critical information infrastructure objects to round-the-clock monitoring of security incidents based on Group-IB solutions.

Yaqoob AlAwadhi

Yaqoob AlAwadhi

CEO at NGN International

Compromised credentials

Group-IB Threat Intelligence team also identified leaked credentials of 7,306 users from the Gulf countries in 2018, among which the company experts discovered 1 227 compromised credentials from government resources in GCC. Upon identification of this information, CERT-GIB reached out to region’s government CERTs to inform about the threat.

It is important to highlight that credentials were not leaked from government systems, which are most likely safe and secure, but from the individuals who used them for personal purposes. However, with the credentials from government websites, hackers can not only obtain classified information, but also infiltrate government networks and maintain presence while remaining unnoticed for long periods.

Aleksandr Kalinin

Aleksandr Kalinin

Head of Group-IB’s Computer Emergency Response Team (CERT-GIB)

According to Group-IB experts, cybercriminals might have used special spyware to steal user credentials — formgrabbers, keyloggers, such as Pony Formgrabber and AZORult. According to Group-IB data, the two Trojans mentioned above were amongst the most popular for credentials stealing in 2018 in GCC.

Regularly updated Group-IB Threat Intelligence system allows to get actionable information about data leaks, compromised accounts, information about malware, infected IPs, and existing vulnerabilities across the world. Group-IB collects and analyses large amounts of unique and proprietary information to deliver tailored, trusted and actionable intelligence to predict risks, while preventing and mitigating any targeted attacks.

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
Report an incident