The cybersecurity landscape has changed dramatically since the outbreak of the pandemic. Many organizations have embraced the hybrid work model as the new normal, allowing their employees to divide their work time between the office and home.
As a result, the traditional network perimeter has dissolved, leaving organizations more vulnerable to cyber threats, which are becoming not only more frequent but also more sophisticated. MENA organizations are especially vulnerable because of their geopolitical position and importance to the world economy in several key industries, such as the oil industry.
Recently, Los Angeles-based cybersecurity company Resecurity has introduced its Dark Web Monitoring and Threat Intelligence solutions at GITEX 2021, which took place at the Dubai World Trade Center, in the United Arab Emirates (UAE).
“Resecurity’s mission is to protect enterprises of any size, market vertical and in any geography,” said Ayman Alshobaki, Resecurity’s Business Development Manager for the MENA region. “Resecurity is excited to tap into the fantastic networking and innovative atmosphere at Gitex 2021, allowing us to build new business alliances and accelerate market presence and channel sales”.
The new solutions leverage big data analytics and artificial intelligence to provide visibility into the global threat landscape, helping organizations mitigate risks coming from the darkest corners of the internet, which are commonly referred to as the dark web.
The main defining feature of the dark web is the fact it’s completely invisible to most internet users because it can be accessed only using specialized software, such as Tor, which also provides anonymity, something cybercriminals value deeply.
Equipped with Resecurity’s Dark Web Monitoring solutions, organizations in the MENA region and the rest of the world are much less likely to suffer a costly data breach, whose average cost has reached $4.24 million per incident — the highest in the last 17 years.
New Variants Of Android Spyware Are Targeting Middle East Users
Sophos recommends Android users to never install apps from untrusted sources and avoid ignoring available OS and app updates.
British security software and hardware company Sophos has recently revealed that new variants of Android spyware used by the C-23 group are actively targeting users in the Middle East.
C-23, also known as GnatSpy, FrozenCell, or VAMP, is what cybersecurity professionals refer to as an advanced persistent threat (APT) adversary. Such adversaries are typically well-funded and well-organized, which allows them to quickly evolve their tactics to overcome even the most sophisticated cybersecurity defenses.
The C-23 adversary has been known for targeting individuals in the Middle East since at least 2017, with a particular focus on the Palestinian territories.
The latest variants of its Android spyware are most likely distributed via a download link sent to victims as text messages. The link leads to a malicious app that pretends to install legitimate updates on the victim’s mobile device. When the app is launched for the first time, it requests a number of permissions that let it spy on the victim. It then disguises itself to make removal more difficult.
“The new variants use more, and more varied, disguises than previous versions, hiding behind popular app icons such as Chrome, Google, Google Play, YouTube, or the BOTIM voice-over-IP service” explain Sophos. “If targets click a fraudulent icon, the spyware launches the legitimate version of the app, while maintaining surveillance in the background”.
The information the new spyware can steal includes everything from text messages to the names of installed apps to contacts from all kinds of apps, including Facebook and WhatsApp. The spyware can even dismiss notifications and toggle “Do Not Disturb” settings.
Sophos recommends Android users to never install apps from untrusted sources and avoid ignoring available OS and app updates. The company’s own mobile antivirus app, called Sophos Intercept X for Mobile, can detect the new spyware as well as all kinds of other malicious software.