5 Endpoint Security Threats You Must Monitor in 2024
Hybrid work isn't going anywhere, and companies in the META region have had to radically change their approach to work. Since the increased demand for working from home, employees have resorted to using their own devices to maintain business continuity.
Using personal devices comes with a larger set of cyber breach possibilities. These devices do not come with endpoint security features, and can act as a facilitator for malicious software to enter the corporate network. This places an additional level of complexity on an already complex cybersecurity situation. Furthermore, remote workers often work on public or home networks, which do not offer the same secure environment as corporate networks do.
What are some of the immediate threats to consider, even when working with secured endpoint devices?
1. Phishing
The META region is home to some of the world's most innovative phishing campaigns. Campaigns using emails and SMSes impersonating the Dubai Police have been initially successful in extracting money from the unsuspecting public. Furthermore, with black-hat search engine manipulation, cybercriminals are able to appear at the top of search engine results and coax unknowing users to enter their confidential information in exchange for services.
The cases have forced the Dubai Police to issue regular statements asking users to stay vigilant in such scenarios .
Phishing typically begins with a deceptive email or another form of communication with the aim of enticing a specific target. The messages seemingly originate from a reliable source. If the target is deceived, they are encouraged to disclose sensitive information, often on a fraudulent website. The UAE alone has seen a monumental rise in phishing emails of over 77% quarter over quarter since 2023 .
2. Insider Threats
Insider threats are a much larger threat to your corporate data than most external attacks. This is because insiders understand the value of the organisation's data, know the responsible stakeholders and are aware of the systems in place to prevent cyberattacks.
Insider threats can be categorised into three buckets, depending on the nature of the user behind the attack:
60% of data breaches are caused by insider threats , which emphasises the criticality of the situation. Endpoint security solutions monitor the possibilities of insider threats by analysing user behaviour on corporate devices. They can detect unauthorised file access, unusual network connections, or attempts to install software not approved by IT teams.
领英推荐
3. Ransomware
Ransomware, even after being one of the oldest forms of cyberattacks, remains a growing threat in the region. Group-IB found that 205 companies in the MEA region had their data leaked on ransomware Data Leak Sites (DLSs) in 2023. This indicates an increase of 68% from the previous year when information from 122 victim companies was exposed.
H.E. Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, said: “In an era when technology is evolving constantly, the UAE stands at the forefront of Digital Transformation. We have made great strides in safeguarding our digital landscape. However, ransomware remains a significant threat to our nation. Additionally, cybercriminals are adopting Artificial Intelligence to launch more advanced and sophisticated cyberattacks. Once associated primarily with state and non-state actors, this technology is now employed by a broader spectrum, including hacktivists. We, therefore, urge everyone – companies, public sector organisations and regulators, cybersecurity vendors and law enforcement agencies – to collaborate and take the measures needed to stay ahead of cyber threats.”?
The industries of choice for ransomware attacks continue to be the financial services sector (13%), followed by the real estate sector (9%) and manufacturing (9%)
4. Zero-Day Exploits
The most recent zero-day exploit to successfully target Middle Eastern companies was the APT28, also known as Fancy Bear and Forest Blizzard . Hackers were able to utilise compromised Ubiquiti EdgeRouters to collect sensitive user credentials, launch targeted spear-phishing attacks, and deploy network traffic proxying techniques.?
These efforts have been directed towards various industries such as Aerospace & Defense, Education, Energy & Utilities, Government, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation, with a focus on European and Middle Eastern nations.
A zero-day exploit is a type of attack that exploits a previously-unknown vulnerability in an organisation's software or hardware. The term "zero-day" indicates that developers and IT teams have no time to fix the vulnerability before it can be exploited by malicious actors.
5. Nation States
Nations across the globe have taken warfare to the digital space, fostering the rise of nation-state cyber attack cells. A global issue, nation-state attackers have access to state-sponsored resources, improving their attack capabilities.
State-sponsored cybercriminal actors are known to gain initial access by exploiting users and endpoint devices. Various methods are used, including social engineering and zero-day exploits. Due to the complexity of the attacks, these criminals are often found to utilise indirect paths as a way to avoid detection and attribution.
In 2023, Group-IB reported that the Middle East and Africa were significantly targeted by advanced persistent threats (APTs), with 77 attacks attributed to nation-state actors in the region . The high number of attacks in the MEA region is believed to be linked to ongoing geopolitical conflicts and the region's importance in the global energy market. The top targeted areas in the region were Israel, Turkey, and the GCC, with government and military organisations being the primary targets.
The rise of hybrid work in the META region has necessitated a revaluation of cybersecurity practices. The use of personal devices for work purposes has introduced new vulnerabilities. The most imminent threats include ransomware, phishing, insider threats, zero-day exploits and nation-state attacks. It is imperative for companies to: