cyber trends
THE MIDDLE EAST HAS
SEEN A RECENT UPTICK
IN THE NUMBER OF NATION
STATE ATTACKS, IN LINE WITH
GEOPOLITICAL TENSIONS IN THE
REGION. WE CAUGHT UP WITH ALISTER
SHEPHERD – DIRECTOR, MIDDLE
EAST AND AFRICA, FOR MANDIANT, THE
CONSULTING ARM OF FIREEYE, TO FIND
OUT ABOUT THE REGIONAL THREAT
LANDSCAPE AND WHAT IT’S REALLY
LIKE TO BE ON THE FRONTLINE
OF INCIDENT RESPONSE.
C
Can you give an overview of
the threat landscape within
this region?
I think in this region, more than any
other, we see nation state actors as the
primary threat. The geopolitical situation
here leads to increased threat and we
see a correspondingly high volume of
nation state attributed attacks.
Within that, we see Iran is probably the
most prolific threat actor but we also see
Russia active in the region as well as
China, which is active globally. And then
we see criminal threat actors and other
nation states to a much lower degree.
Has there been any change
to the number of nation state
attacks in the region?
Over the last few months, we’ve seen
an uptick in attacks that we attribute to
Iran. And again, I think that would be
expected with the increase in tensions in
the region. What is encouraging though,
is that while we’ve seen an uptick in
18
Nation state
attacks, the
new phishing
and the
importance of
education
things like espionage attacks or attacks
aimed at gaining access, we’ve not seen
any successful disruptive attacks for
some time. I think the regional maturity
and defensive posture is getting better.
What is the primary motivation
for these types of attacks?
We track a number of different Iranian
threat groups. We call them APT 34,
APT 35, APT39 and APT33. We have
a number of other groups that we
haven’t given an APT name to, but which
we attribute to Iran and the Iranian
government. And they seem to subdivide
their specialisms. So APT 34 is long-
term espionage focused and they’re
probably the group that we’ve been
tracking in this region for the longest.
APT 33 is a group that we associate
with disruptive attacks, such as the
Shamoon attacks against Aramco.
The objectives are different depending
on the overarching political goal but we
see long term espionage, data theft and
intelligence gathering.
APT 39 is interesting because they
target telecoms and travel, and they
look to be gathering Big Data sets about
people, both for processing as a Big
Issue 20
|
www.intelligentciso.com