Passwords are a weak form of protection and complacency runs high. We might not think that we, as individuals, would be unlucky enough to be targeted by hackers, or that we’re worth hacking at all. But that complacency extends from smartphone-toting citizens right up to government contractors and employees of multinational corporations.
This week, Microsoft said it had seen a surge in activity from a suspected state-sponsored group of hackers, thought to be Iranian, targeting companies in the Middle East working in defence, fossil fuels and maritime transportation. Its strategy? Guessing the passwords of Microsoft Office 365 users. Its success rate? Of more than 250 targets, fewer than 20 systems were compromised. The spoils? Data such as shipping plans, logs and satellite imagery, which, Microsoft says, could assist with Iran’s developing satellite programme.
It wasn’t a sophisticated attack, but it was an effective one. Microsoft says it used a freely available research tool to blast a series of commonly used passwords at vulnerable systems. Known as “password-spraying”, the technique is more about brute force than subtlety, but any large organisation will inevitably have a small number of systems protected by weak passwords, and these provide an incredibly convenient point of entry.
A survey conducted earlier this year by software firm Keeper Security found that more than a third of employees have incorporated their company's name into a new work-related password. The company also reported high usage of family names or birth dates. For state-sponsored hackers with a wealth of tools at their disposal, accounts secured in this way are the lowest of low-hanging fruit.
Such hackers are known as APTs, or “advanced persistent threats”, and security monitoring groups give them codes to match. The North Korean APT38, for example, also known as the Lazarus Group or Zinc, has achieved a number of successful, high-profile attacks – including a crippling one on Sony Pictures – going back as far as 2009. Their aims and strategies are self-evident: they have specific objectives to disrupt, steal or observe – usually for political or economic ends – and crucially they have the skills, time and resources to succeed.
Proving that nation states are behind APTs and their attacks is difficult; the origin of a single cyber attack is hard to detect and responsibility for it is easy to deny. But the label “state-sponsored” can cover a multitude of different involvements - some hacker groups may be tightly integrated within government departments, while others could be third parties to which governments choose to turn a blind eye because their aims happen to align very neatly. The current world leader in hacking is, according to Microsoft, Russia, as it says 58 per cent of attacks from July 2020 to June 2021 originated there, with North Korea second (23 per cent) and Iran third (11 per cent). The US and Ukraine were the most besieged by cyber attacks, receiving 46 per cent and 19 per cent, respectively.
The coronavirus pandemic has seen an escalation in nefarious activity, with Google reporting bad actors using 'Covid-related themes' to attack US government employees
The recent breach of a handful of systems via Microsoft Office would seem, on the face of it, to be a comparatively minor incident. But the past decade has demonstrated the potential that state-sponsored hackers have to wreak havoc. In 2017, the so-called “WannaCry” attack, thought to have originated in North Korea, caused huge disruption to health services in the US and the UK, along with Russian banks and corporations including Nissan. In 2018, hackers in Russia conducted a mass cyber-campaign against home routers and ISPs around the world, with weak passwords again providing them with easy pickings. In 2017, Iran was suspected of a malware attack that caused infrastructure systems in Saudi Arabia to be shut down. Connectivity has brought with it vulnerability.
The coronavirus pandemic has sparked an escalation in nefarious activity, with Google reporting bad actors using “Covid-related themes” to attack US government employees through phishing scams (including posing as fast-food outlets), while Microsoft reported a Russian hacking group called Strontium (APT28) using password-spraying in an attempt to infiltrate medical agencies working on a vaccine.
Crucially, if a weak password gives hackers a foothold, it may be possible for them to gain privileges to access other systems within the organisation. In July, the US government, in response to the rising incidence of malicious cyber activity, offered rewards of up to $10 million for information that would help authorities track down those responsible.
Multimillion-dollar rewards may well help in the fight against these attacks, but Microsoft and Google are also working with companies to prevent something as critical as national security hanging on something as threadbare as a weak password. Microsoft is urging greater use of two-factor authentication (where an extra pass key is required alongside a password) or, more preferably, sign-in methods that don’t use passwords at all. It has recently encouraged wider use of an app, Microsoft Authenticator, which signs in neatly with bolstered security. This week, Google provided 10,000 users deemed at high risk of state-sponsored attacks (activists, journalists, government employees), with free USB security keys to replace their passwords altogether.
Step-ups in security, of course, merely prompt hackers to become more ingenious. Some dispute the validity of the term “cyber warfare”, given that the cyberattacks have neither the scale nor the brutality of actual war. But both sides are mustering all their resources, and the battle – as we are seeing – is undoubtedly real.
England's lowest Test innings
- 45 v Australia in Sydney, January 28, 1887
- 46 v West Indies in Port of Spain, March 25, 1994
- 51 v West Indies in Kingston, February 4, 2009
- 52 v Australia at The Oval, August 14, 1948
- 53 v Australia at Lord's, July 16, 1888
- 58 v New Zealand in Auckland, March 22, 2018
If you go
The flights
Emirates flies from Dubai to Seattle from Dh5,555 return, including taxes.
The car
Hertz offers compact car rental from about $300 (Dh1,100) per week, including taxes. Emirates Skywards members can earn points on their car hire through Hertz.
The national park
Entry to Mount Rainier National Park costs $30 for one vehicle and passengers for up to seven days. Accommodation can be booked through mtrainierguestservices.com. Prices vary according to season. Rooms at the Holiday Inn Yakima cost from $125 per night, excluding breakfast.
ODI FIXTURE SCHEDULE
First ODI, October 22
Wankhede Stadium, Mumbai
Second ODI, October 25
Maharashtra Cricket Association Stadium, Pune
Third ODI, October 29
Venue TBC
Killing of Qassem Suleimani
Groom and Two Brides
Director: Elie Semaan
Starring: Abdullah Boushehri, Laila Abdallah, Lulwa Almulla
Rating: 3/5
Wicked: For Good
Director: Jon M Chu
Starring: Ariana Grande, Cynthia Erivo, Jonathan Bailey, Jeff Goldblum, Michelle Yeoh, Ethan Slater
Rating: 4/5
How to apply for a drone permit
- Individuals must register on UAE Drone app or website using their UAE Pass
- Add all their personal details, including name, nationality, passport number, Emiratis ID, email and phone number
- Upload the training certificate from a centre accredited by the GCAA
- Submit their request
What are the regulations?
- Fly it within visual line of sight
- Never over populated areas
- Ensure maximum flying height of 400 feet (122 metres) above ground level is not crossed
- Users must avoid flying over restricted areas listed on the UAE Drone app
- Only fly the drone during the day, and never at night
- Should have a live feed of the drone flight
- Drones must weigh 5 kg or less
'Outclassed in Kuwait'
Taleb Alrefai,
HBKU Press
NBA Finals results
Game 1: Warriors 124, Cavaliers 114
Game 2: Warriors 122, Cavaliers 103
Game 3: Cavaliers 102, Warriors 110
Game 4: In Cleveland, Sunday (Monday morning UAE)
MATCH INFO
Europa League final
Who: Marseille v Atletico Madrid
Where: Parc OL, Lyon, France
When: Wednesday, 10.45pm kick off (UAE)
TV: BeIN Sports
MATCH INFO
Uefa Champions League semi-final, first leg
Bayern Munich v Real Madrid
When: April 25, 10.45pm kick-off (UAE)
Where: Allianz Arena, Munich
Live: BeIN Sports HD
Second leg: May 1, Santiago Bernabeu, Madrid
BUNDESLIGA FIXTURES
Friday Stuttgart v Cologne (Kick-off 10.30pm UAE)
Saturday RB Leipzig v Hertha Berlin (5.30pm)
Mainz v Borussia Monchengladbach (5.30pm)
Bayern Munich v Eintracht Frankfurt (5.30pm)
Union Berlin v SC Freiburg (5.30pm)
Borussia Dortmund v Schalke (5.30pm)
Sunday Wolfsburg v Arminia (6.30pm)
Werder Bremen v Hoffenheim (9pm)
Bayer Leverkusen v Augsburg (11.30pm)
SPECS%3A%20Polestar%203
%3Cp%3E%3Cstrong%3EEngine%3A%20%3C%2Fstrong%3ELong-range%20dual%20motor%20with%20400V%20battery%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E360kW%20%2F%20483bhp%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E840Nm%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3ESingle-speed%20automatic%3Cbr%3E%3Cstrong%3EMax%20touring%20range%3A%3C%2Fstrong%3E%20628km%3Cbr%3E%3Cstrong%3E0-100km%2Fh%3A%3C%2Fstrong%3E%204.7sec%3Cbr%3E%3Cstrong%3ETop%20speed%3A%3C%2Fstrong%3E%20210kph%20%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3EFrom%20Dh360%2C000%3Cbr%3E%3Cstrong%3EOn%20sale%3A%20%3C%2Fstrong%3ESeptember%3Cbr%3E%3C%2Fp%3E%0A
Most%20polluted%20cities%20in%20the%20Middle%20East
%3Cp%3E1.%20Baghdad%2C%20Iraq%3Cbr%3E2.%20Manama%2C%20Bahrain%3Cbr%3E3.%20Dhahran%2C%20Saudi%20Arabia%3Cbr%3E4.%20Kuwait%20City%2C%20Kuwait%3Cbr%3E5.%20Ras%20Al%20Khaimah%2C%20UAE%3Cbr%3E6.%20Ash%20Shihaniyah%2C%20Qatar%3Cbr%3E7.%20Abu%20Dhabi%2C%20UAE%3Cbr%3E8.%20Cairo%2C%20Egypt%3Cbr%3E9.%20Riyadh%2C%20Saudi%20Arabia%3Cbr%3E10.%20Dubai%2C%20UAE%3C%2Fp%3E%0A%3Cp%3E%3Cem%3ESource%3A%202022%20World%20Air%20Quality%20Report%3C%2Fem%3E%3C%2Fp%3E%0A
MOST%20POLLUTED%20COUNTRIES%20IN%20THE%20WORLD
%3Cp%3E1.%20Chad%3Cbr%3E2.%20Iraq%3Cbr%3E3.%20Pakistan%3Cbr%3E4.%20Bahrain%3Cbr%3E5.%20Bangladesh%3Cbr%3E6.%20Burkina%20Faso%3Cbr%3E7.%20Kuwait%3Cbr%3E8.%20India%3Cbr%3E9.%20Egypt%3Cbr%3E10.%20Tajikistan%3Cbr%3E%3Cbr%3E%3Cem%3ESource%3A%202022%20World%20Air%20Quality%20Report%3C%2Fem%3E%3C%2Fp%3E%0A
Miss Granny
Director: Joyce Bernal
Starring: Sarah Geronimo, James Reid, Xian Lim, Nova Villa
3/5
(Tagalog with Eng/Ar subtitles)
MOUNTAINHEAD REVIEW
Starring: Ramy Youssef, Steve Carell, Jason Schwartzman
Director: Jesse Armstrong
Rating: 3.5/5
2025 Fifa Club World Cup groups
Group A: Palmeiras, Porto, Al Ahly, Inter Miami.
Group B: Paris Saint-Germain, Atletico Madrid, Botafogo, Seattle.
Group C: Bayern Munich, Auckland City, Boca Juniors, Benfica.
Group D: Flamengo, ES Tunis, Chelsea, Leon.
Group E: River Plate, Urawa, Monterrey, Inter Milan.
Group F: Fluminense, Borussia Dortmund, Ulsan, Mamelodi Sundowns.
Group G: Manchester City, Wydad, Al Ain, Juventus.
Group H: Real Madrid, Al Hilal, Pachuca, Salzburg.
More from Rashmee Roshan Lall
THE CLOWN OF GAZA
Director: Abdulrahman Sabbah
Starring: Alaa Meqdad
Rating: 4/5
Turning%20waste%20into%20fuel
%3Cp%3EAverage%20amount%20of%20biofuel%20produced%20at%20DIC%20factory%20every%20month%3A%20%3Cstrong%3EApproximately%20106%2C000%20litres%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3EAmount%20of%20biofuel%20produced%20from%201%20litre%20of%20used%20cooking%20oil%3A%20%3Cstrong%3E920ml%20(92%25)%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3ETime%20required%20for%20one%20full%20cycle%20of%20production%20from%20used%20cooking%20oil%20to%20biofuel%3A%20%3Cstrong%3EOne%20day%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3EEnergy%20requirements%20for%20one%20cycle%20of%20production%20from%201%2C000%20litres%20of%20used%20cooking%20oil%3A%3Cbr%3E%3Cstrong%3E%E2%96%AA%20Electricity%20-%201.1904%20units%3Cbr%3E%E2%96%AA%20Water-%2031%20litres%3Cbr%3E%E2%96%AA%20Diesel%20%E2%80%93%2026.275%20litres%3C%2Fstrong%3E%3C%2Fp%3E%0A
The specs
Engine: Dual 180kW and 300kW front and rear motors
Power: 480kW
Torque: 850Nm
Transmission: Single-speed automatic
Price: From Dh359,900 ($98,000)
On sale: Now
The Sand Castle
Director: Matty Brown
Stars: Nadine Labaki, Ziad Bakri, Zain Al Rafeea, Riman Al Rafeea
Rating: 2.5/5
The five pillars of Islam
EA Sports FC 26
Publisher: EA Sports
Consoles: PC, PlayStation 4/5, Xbox Series X/S
Rating: 3/5
Company profile
Name: Infinite8
Based: Dubai
Launch year: 2017
Number of employees: 90
Sector: Online gaming industry
Funding: $1.2m from a UAE angel investor
Mohammed bin Zayed Majlis
HWJN
%3Cp%3EDirector%3A%20Yasir%20Alyasiri%3C%2Fp%3E%0A%3Cp%3EStarring%3A%20Baraa%20Alem%2C%20Nour%20Alkhadra%2C%20Alanoud%20Saud%3C%2Fp%3E%0A%3Cp%3ERating%3A%203%2F5%3C%2Fp%3E%0A%3Cp%3E%3C%2Fp%3E%0A
SPEC%20SHEET%3A%20SAMSUNG%20GALAXY%20S24%20ULTRA
%3Cp%3E%3Cstrong%3EDisplay%3A%3C%2Fstrong%3E%206.8%22%20quad-HD%2B%20dynamic%20Amoled%202X%2C%203120%20x%201440%2C%20505ppi%2C%20HDR10%2B%2C%20120Hz%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EProcessor%3A%3C%2Fstrong%3E%204nm%20Qualcomm%20Snapdragon%208%20Gen%203%2C%2064-bit%20octa-core%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMemory%3A%3C%2Fstrong%3E%2012GB%20RAM%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStorage%3A%3C%2Fstrong%3E%20256%2F512GB%20%2F%201TB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPlatform%3A%3C%2Fstrong%3E%20Android%2014%2C%20One%20UI%206.1%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMain%20camera%3A%3C%2Fstrong%3E%20quad%20200MP%20wide%20f%2F1.7%20%2B%2050MP%20periscope%20telephoto%20f%2F3.4%20with%205x%20optical%2F10x%20optical%20quality%20zoom%20%2B%2010MP%20telephoto%202.4%20with%203x%20optical%20zoom%20%2B%2012MP%20ultra-wide%20f%2F2.2%3B%20100x%20Space%20Zoom%3B%20auto%20HDR%2C%20expert%20RAW%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EVideo%3A%3C%2Fstrong%3E%208K%4024%2F30fps%2C%204K%4030%2F60%2F120fps%2C%20full-HD%4030%2F60%2F240fps%2C%20full-HD%20super%20slo-mo%40960fps%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EFront%20camera%3A%3C%2Fstrong%3E%2012MP%20f%2F2.2%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBattery%3A%3C%2Fstrong%3E%205000mAh%2C%20fast%20wireless%20charging%202.0%2C%20Wireless%20PowerShare%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%205G%2C%20Wi-Fi%2C%20Bluetooth%205.3%2C%20NFC%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EI%2FO%3A%3C%2Fstrong%3E%20USB-C%3B%20built-in%20Galaxy%20S%20Pen%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDurability%3A%3C%2Fstrong%3E%20IP68%2C%20up%20to%201.5m%20of%20freshwater%20up%20to%2030%20minutes%3B%20dust-resistant%26nbsp%3B%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ESIM%3A%3C%2Fstrong%3E%20Nano%20%2B%20nano%20%2F%20nano%20%2B%20eSIM%20%2F%20dual%20eSIM%20(varies%20in%20different%20markets)%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EColours%3A%3C%2Fstrong%3E%20Titanium%20black%2C%20titanium%20grey%2C%20titanium%20violet%2C%20titanium%20yellow%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EIn%20the%20box%3A%20%3C%2Fstrong%3EGalaxy%20S24%20Ultra%2C%20USB-C-to-C%20cable%26nbsp%3B%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPrice%3A%3C%2Fstrong%3E%20Dh5%2C099%20for%20256GB%2C%20Dh5%2C599%20for%20512GB%2C%20Dh6%2C599%20for%201TB%3C%2Fp%3E%0A
UAE currency: the story behind the money in your pockets
More from Neighbourhood Watch:
if you go
The flights
Etihad and Emirates fly direct to Kolkata from Dh1,504 and Dh1,450 return including taxes, respectively. The flight takes four hours 30 minutes outbound and 5 hours 30 minute returning.
The trains
Numerous trains link Kolkata and Murshidabad but the daily early morning Hazarduari Express (3’ 52”) is the fastest and most convenient; this service also stops in Plassey. The return train departs Murshidabad late afternoon. Though just about feasible as a day trip, staying overnight is recommended.
The hotels
Mursidabad’s hotels are less than modest but Berhampore, 11km south, offers more accommodation and facilities (and the Hazarduari Express also pauses here). Try Hotel The Fame, with an array of rooms from doubles at Rs1,596/Dh90 to a ‘grand presidential suite’ at Rs7,854/Dh443.
