Carding, data leakage on the rise in the Middle East

Dubai - There has been a 500% jump in risk alerts for carding from January to June 2020 compared to the same period in 2019

Organisations and consumers across the UAE and the Middle East are facing increased instances of carding, data exposure, and hacktivism, a new report by Help AG, the cyber security arm of Etisalat Digital, has revealed.

According to Help AG’s ‘Digital Risk Protection report’, these instances have escalated to become the highest rated digital risk categories in 2020, especially during the months of the Covid-19 pandemic.

Help AG’s security analysts saw a 500 per cent jump in risk alerts for carding from January to June 2020 compared to the same period in 2019. Carding refers to the trafficking of credit cards, bank accounts, and other personal information online. The top impacted sectors include aviation, logistics, and retail. During the initial months of Covid-19, Help AG’s security analysts also witnessed a 183 per cent jump in threat alerts related to data exposure. Data leakage refers to the intentional or unintentional exposure of confidential documents, corporate e-mails, and documents with sensitive metadata on official channels of an organisation and the dark web for subsequent unauthorised use and exploitation for malicious purposes. The top impacted sectors include healthcare, government, aviation, logistics, retail, and energy and utilities.

Lastly, there was a nearly 50 per cent increase in hacktivism risk alerts following analysis of monitored hacker groups’ advertisements on social networks, media, petition and signature platforms, information sharing platforms and manifestos. Hacktivism is an open challenge among cybercriminals to take down a normal business by causing disruption. The top impacted sectors include healthcare, government, aviation, logistics, retail, and energy and utilities.

“The impact of the pandemic is very clear as we compare risk alerts with the corresponding number of alerts in 2019 in our first ever Digital Risk Protection report,” Stephan Berner, chief executive officer at Help AG, said. “These high rated threats are an unfortunate reality of the Covid-19 era, hence knowing and guarding against your enemy is now more important than ever before. The risk management cycle is never ending but remains critical for business continuity.”

For organisations, the biggest impacts of these major digital risks range from service disruptions to exposure of private information intended for confidential use for future business goals, loss of reputation and trust established with customers and partners, inability to ensure compliance against regulatory requirements, and ultimately a dent in the success of digital transformation initiatives. It is important to note that the risks affect a wide audience of stakeholders from board and executive management levels to legal, marketing, risk, compliance, governance, and operations.

While having a proper digital risk protection plan in place will help with managing risks related to an organisation’s cyber exposure, experts have also advised residents to take the time to understand the growing number and nature of threats in order to better protect themselves.

“Consumers need to be extra vigilant to protect against cybercriminals as they will amp up their nefarious ways,” said Harish Chib, vice president, Middle East & Africa, Sophos.

He also offered several tips on how to remain safe online. The first has to do with learning how to clean up your browser’s autofill storage. “Modern browsers try to help you by automatically remembering and storing details such as passwords, credit card numbers and even addresses. In many browsers, these autofill features are turned on by default, which may not be what you want. Learn how to review how much personal data your browser has kept up its sleeve in case you need it again. Also, turn on two-factor authentication (2FA) wherever you can. This can be annoying at times, and it means that you can’t login on your laptop if you don’t also have your phone handy, because most services rely either on a one-time text message to your phone, or a special mobile app, for supplying the needed codes. But, that small extra hassle for you makes it very much harder for the crooks to mess with your accounts, even if they figure out your password.”

rohma@khaleejtimes.com