Passwords are a weak form of protection and complacency runs high. We might not think that we, as individuals, would be unlucky enough to be targeted by hackers, or that we’re worth hacking at all. But that complacency extends from smartphone-toting citizens right up to government contractors and employees of multinational corporations.
This week, Microsoft said it had seen a surge in activity from a suspected state-sponsored group of hackers, thought to be Iranian, targeting companies in the Middle East working in defence, fossil fuels and maritime transportation. Its strategy? Guessing the passwords of Microsoft Office 365 users. Its success rate? Of more than 250 targets, fewer than 20 systems were compromised. The spoils? Data such as shipping plans, logs and satellite imagery, which, Microsoft says, could assist with Iran’s developing satellite programme.
It wasn’t a sophisticated attack, but it was an effective one. Microsoft says it used a freely available research tool to blast a series of commonly used passwords at vulnerable systems. Known as “password-spraying”, the technique is more about brute force than subtlety, but any large organisation will inevitably have a small number of systems protected by weak passwords, and these provide an incredibly convenient point of entry.
A survey conducted earlier this year by software firm Keeper Security found that more than a third of employees have incorporated their company's name into a new work-related password. The company also reported high usage of family names or birth dates. For state-sponsored hackers with a wealth of tools at their disposal, accounts secured in this way are the lowest of low-hanging fruit.
Such hackers are known as APTs, or “advanced persistent threats”, and security monitoring groups give them codes to match. The North Korean APT38, for example, also known as the Lazarus Group or Zinc, has achieved a number of successful, high-profile attacks – including a crippling one on Sony Pictures – going back as far as 2009. Their aims and strategies are self-evident: they have specific objectives to disrupt, steal or observe – usually for political or economic ends – and crucially they have the skills, time and resources to succeed.
Proving that nation states are behind APTs and their attacks is difficult; the origin of a single cyber attack is hard to detect and responsibility for it is easy to deny. But the label “state-sponsored” can cover a multitude of different involvements - some hacker groups may be tightly integrated within government departments, while others could be third parties to which governments choose to turn a blind eye because their aims happen to align very neatly. The current world leader in hacking is, according to Microsoft, Russia, as it says 58 per cent of attacks from July 2020 to June 2021 originated there, with North Korea second (23 per cent) and Iran third (11 per cent). The US and Ukraine were the most besieged by cyber attacks, receiving 46 per cent and 19 per cent, respectively.
The coronavirus pandemic has seen an escalation in nefarious activity, with Google reporting bad actors using 'Covid-related themes' to attack US government employees
The recent breach of a handful of systems via Microsoft Office would seem, on the face of it, to be a comparatively minor incident. But the past decade has demonstrated the potential that state-sponsored hackers have to wreak havoc. In 2017, the so-called “WannaCry” attack, thought to have originated in North Korea, caused huge disruption to health services in the US and the UK, along with Russian banks and corporations including Nissan. In 2018, hackers in Russia conducted a mass cyber-campaign against home routers and ISPs around the world, with weak passwords again providing them with easy pickings. In 2017, Iran was suspected of a malware attack that caused infrastructure systems in Saudi Arabia to be shut down. Connectivity has brought with it vulnerability.
The coronavirus pandemic has sparked an escalation in nefarious activity, with Google reporting bad actors using “Covid-related themes” to attack US government employees through phishing scams (including posing as fast-food outlets), while Microsoft reported a Russian hacking group called Strontium (APT28) using password-spraying in an attempt to infiltrate medical agencies working on a vaccine.
Crucially, if a weak password gives hackers a foothold, it may be possible for them to gain privileges to access other systems within the organisation. In July, the US government, in response to the rising incidence of malicious cyber activity, offered rewards of up to $10 million for information that would help authorities track down those responsible.
Multimillion-dollar rewards may well help in the fight against these attacks, but Microsoft and Google are also working with companies to prevent something as critical as national security hanging on something as threadbare as a weak password. Microsoft is urging greater use of two-factor authentication (where an extra pass key is required alongside a password) or, more preferably, sign-in methods that don’t use passwords at all. It has recently encouraged wider use of an app, Microsoft Authenticator, which signs in neatly with bolstered security. This week, Google provided 10,000 users deemed at high risk of state-sponsored attacks (activists, journalists, government employees), with free USB security keys to replace their passwords altogether.
Step-ups in security, of course, merely prompt hackers to become more ingenious. Some dispute the validity of the term “cyber warfare”, given that the cyberattacks have neither the scale nor the brutality of actual war. But both sides are mustering all their resources, and the battle – as we are seeing – is undoubtedly real.
MATCH INFO
Uefa Champions League, Group B
Barcelona v Inter Milan
Camp Nou, Barcelona
Wednesday, 11pm (UAE)
HOW%20TO%20ACTIVATE%20THE%20GEMINI%20SHORTCUT%20ON%20CHROME%20CANARY
%3Cp%3E1.%20Go%20to%20%3Cstrong%3Echrome%3A%2F%2Fflags%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3E2.%20Find%20and%20enable%20%3Cstrong%3EExpansion%20pack%20for%20the%20Site%20Search%20starter%20pack%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3E3.%20Restart%20Chrome%20Canary%3C%2Fp%3E%0A%3Cp%3E4.%20Go%20to%20%3Cstrong%3Echrome%3A%2F%2Fsettings%2FsearchEngines%3C%2Fstrong%3E%20in%20the%20address%20bar%20and%20find%20the%20%3Cstrong%3EChat%20with%20Gemini%3C%2Fstrong%3E%20shortcut%20under%20%3Cstrong%3ESite%20Search%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3E5.%20Open%20a%20new%20tab%20and%20type%20%40%20to%20see%20the%20Chat%20with%20Gemini%20shortcut%20along%20with%20other%20Omnibox%20shortcuts%20to%20search%20tabs%2C%20history%20and%20bookmarks%3C%2Fp%3E%0A
UAE currency: the story behind the money in your pockets
The National's picks
4.35pm: Tilal Al Khalediah
5.10pm: Continous
5.45pm: Raging Torrent
6.20pm: West Acre
7pm: Flood Zone
7.40pm: Straight No Chaser
8.15pm: Romantic Warrior
8.50pm: Calandogan
9.30pm: Forever Young
BMW M5 specs
Engine: 4.4-litre twin-turbo V-8 petrol enging with additional electric motor
Power: 727hp
Torque: 1,000Nm
Transmission: 8-speed auto
Fuel consumption: 10.6L/100km
On sale: Now
Price: From Dh650,000
UPI facts
More than 2.2 million Indian tourists arrived in UAE in 2023
More than 3.5 million Indians reside in UAE
Indian tourists can make purchases in UAE using rupee accounts in India through QR-code-based UPI real-time payment systems
Indian residents in UAE can use their non-resident NRO and NRE accounts held in Indian banks linked to a UAE mobile number for UPI transactions
ICC men's cricketer of the year
2004 - Rahul Dravid (IND) ; 2005 - Jacques Kallis (SA) and Andrew Flintoff (ENG); 2006 - Ricky Ponting (AUS); 2007 - Ricky Ponting; 2008 - Shivnarine Chanderpaul (WI); 2009 - Mitchell Johnson (AUS); 2010 - Sachin Tendulkar (IND); 2011 - Jonathan Trott (ENG); 2012 - Kumar Sangakkara (SL); 2013 - Michael Clarke (AUS); 2014 - Mitchell Johnson; 2015 - Steve Smith (AUS); 2016 - Ravichandran Ashwin (IND); 2017 - Virat Kohli (IND); 2018 - Virat Kohli; 2019 - Ben Stokes (ENG); 2021 - Shaheen Afridi
The specs: Hyundai Ionic Hybrid
Price, base: Dh117,000 (estimate)
Engine: 1.6L four-cylinder, with 1.56kWh battery
Transmission: Six-speed automatic
Power: 105hp (engine), plus 43.5hp (battery)
Torque: 147Nm (engine), plus 170Nm (battery)
Fuel economy, combined: 3.4L / 100km
Roll of honour 2019-2020
Dubai Rugby Sevens
Winners: Dubai Hurricanes
Runners up: Bahrain
West Asia Premiership
Winners: Bahrain
Runners up: UAE Premiership
UAE Premiership
}Winners: Dubai Exiles
Runners up: Dubai Hurricanes
UAE Division One
Winners: Abu Dhabi Saracens
Runners up: Dubai Hurricanes II
UAE Division Two
Winners: Barrelhouse
Runners up: RAK Rugby
COMPANY PROFILE
Name: Qyubic
Started: October 2023
Founder: Namrata Raina
Based: Dubai
Sector: E-commerce
Current number of staff: 10
Investment stage: Pre-seed
Initial investment: Undisclosed
More from Neighbourhood Watch:
UAE squad
Men's draw: Victor Scvortov and Khalifa Al Hosani, (both 73 kilograms), Sergiu Toma and Mihail Marchitan (90kg), Ivan Remarenco (100kg), Ahmed Al Naqbi (60kg), Musabah Al Shamsi and Ahmed Al Hosani (66kg)
Women’s draw: Maitha Al Neyadi (57kg)
What it means to be a conservationist
Who is Enric Sala?
Enric Sala is an expert on marine conservation and is currently the National Geographic Society's Explorer-in-Residence. His love of the sea started with his childhood in Spain, inspired by the example of the legendary diver Jacques Cousteau. He has been a university professor of Oceanography in the US, as well as working at the Spanish National Council for Scientific Research and is a member of the World Economic Forum’s Global Future Council on Biodiversity and the Bio-Economy. He has dedicated his life to protecting life in the oceans. Enric describes himself as a flexitarian who only eats meat occasionally.
What is biodiversity?
According to the United Nations Environment Programme, all life on earth – including in its forests and oceans – forms a “rich tapestry of interconnecting and interdependent forces”. Biodiversity on earth today is the product of four billion years of evolution and consists of many millions of distinct biological species. The term ‘biodiversity’ is relatively new, popularised since the 1980s and coinciding with an understanding of the growing threats to the natural world including habitat loss, pollution and climate change. The loss of biodiversity itself is dangerous because it contributes to clean, consistent water flows, food security, protection from floods and storms and a stable climate. The natural world can be an ally in combating global climate change but to do so it must be protected. Nations are working to achieve this, including setting targets to be reached by 2020 for the protection of the natural state of 17 per cent of the land and 10 per cent of the oceans. However, these are well short of what is needed, according to experts, with half the land needed to be in a natural state to help avert disaster.
UAE currency: the story behind the money in your pockets
Emergency
Director: Kangana Ranaut
Stars: Kangana Ranaut, Anupam Kher, Shreyas Talpade, Milind Soman, Mahima Chaudhry
Rating: 2/5
Favourite things
Luxury: Enjoys window shopping for high-end bags and jewellery
Discount: She works in luxury retail, but is careful about spending, waits for sales, festivals and only buys on discount
University: The only person in her family to go to college, Jiang secured a bachelor’s degree in business management in China
Masters: Studying part-time for a master’s degree in international business marketing in Dubai
Vacation: Heads back home to see family in China
Community work: Member of the Chinese Business Women’s Association of the UAE to encourage other women entrepreneurs
Company profile
Date started: 2015
Founder: John Tsioris and Ioanna Angelidaki
Based: Dubai
Sector: Online grocery delivery
Staff: 200
Funding: Undisclosed, but investors include the Jabbar Internet Group and Venture Friends
About Takalam
Date started: early 2020
Founders: Khawla Hammad and Inas Abu Shashieh
Based: Abu Dhabi
Sector: HealthTech and wellness
Number of staff: 4
Funding to date: Bootstrapped
RESULTS
Cagliari 5-2 Fiorentina
Udinese 0-0 SPAL
Sampdoria 0-0 Atalanta
Lazio 4-2 Lecce
Parma 2-0 Roma
Juventus 1-0 AC Milan
AndhaDhun
Director: Sriram Raghavan
Producer: Matchbox Pictures, Viacom18
Cast: Ayushmann Khurrana, Tabu, Radhika Apte, Anil Dhawan
Rating: 3.5/5
'The worst thing you can eat'
Trans fat is typically found in fried and baked goods, but you may be consuming more than you think.
Powdered coffee creamer, microwave popcorn and virtually anything processed with a crust is likely to contain it, as this guide from Mayo Clinic outlines:
Baked goods - Most cakes, cookies, pie crusts and crackers contain shortening, which is usually made from partially hydrogenated vegetable oil. Ready-made frosting is another source of trans fat.
Snacks - Potato, corn and tortilla chips often contain trans fat. And while popcorn can be a healthy snack, many types of packaged or microwave popcorn use trans fat to help cook or flavour the popcorn.
Fried food - Foods that require deep frying — french fries, doughnuts and fried chicken — can contain trans fat from the oil used in the cooking process.
Refrigerator dough - Products such as canned biscuits and cinnamon rolls often contain trans fat, as do frozen pizza crusts.
Creamer and margarine - Nondairy coffee creamer and stick margarines also may contain partially hydrogenated vegetable oils.
Ain Issa camp:
- Established in 2016
- Houses 13,309 people, 2,092 families, 62 per cent children
- Of the adult population, 49 per cent men, 51 per cent women (not including foreigners annexe)
- Most from Deir Ezzor and Raqqa
- 950 foreigners linked to ISIS and their families
- NGO Blumont runs camp management for the UN
- One of the nine official (UN recognised) camps in the region
MATCH INFO
Serie A
Juventus v Fiorentina, Saturday, 8pm (UAE)
Match is on BeIN Sports
More coverage from the Future Forum
The specs
Price: From Dh529,000
Engine: 5-litre V8
Transmission: Eight-speed auto
Power: 520hp
Torque: 625Nm
Fuel economy, combined: 12.8L/100km
