“We were exposed to a breach at the beginning of this week, and they demanded a ransom of
$250,000 in order to retrieve the information and data that they encrypted,” says the owner of
a major food manufacturing company in Lebanon, who preferred not to be named.
In the details, an e-mail reached one of the company’s employees offering her fashion designs,
asking her to register a new account to provide her with additional details. Account creation
often includes data such as: full name, e-mail, password, date of birth, and phone number…
In the case of the aforementioned company, the virus settled inside the employee’s computer for a
week, and found a loophole that the hacker exploited to gain access to all data, especially those
belonging to the company.
There is no confirmed information if this company is the target specifically, as the hackers
strategy depends on defrauding more than one company, using different methods, perhaps one
of them falls into the trap. The company contacted a digital security organization, and its
experts were able to isolate the source of the breach. Fortunately, the company has previously
kept an “offline” copy that includes all the data, so work is currently focused on strengthening
the company’s protection systems, returning and checking the data.
In light of the rapid digital development, most companies have fortified their security systems.
On the other hand, digital invasion tactics increased, especially for companies, causing them to
incur financial losses or cause chaos in their systems, work, and relationship with their
customers.
Click on the link to win
Targeting does not only affect institutions and companies, but also individuals. How many times
have social media users through their accounts or via SMS received a message saying
“Congratulations! You have won a prize, click on the link for more details!
Most of them have become aware of the trap of these messages, but other “smart messages”
similar to a job opportunity, for example, are able to attract a group of users. Hackers target the
“sensitive chord”, so whoever is looking for a job that will take him out of unemployment may
be lured into trying the link and filling in his data.
Recently, a page published a video on the “Tik Tok” platform, stating that the United Nations
Development Program in Lebanon needs employees in various sectors, including education and
electricity. Monitoring the comments on the clip, which has more than a million views, is
sufficient to describe the poor digital reality in Lebanon, which often lacks a culture of
protecting personal data.
Identity theft
“When the hacker draws the target in front of him, he seeks to reach the contacts in the first
place, through which he can impersonate the hacker and request a sum of money, all the way to
the WhatsApp application, as it contains the majority of private and sensitive chats,” says the
CEO of “Technology” company, Mazen Al-Dakash, to Al-Modon. Protection on “WhatsApp”
stems from tracking links, even if they start with well-known words such as YouTube, in addition
to being wary of foreign numbers that often target credit theft.
Conversations are not limited to personal information only, but include two or more parties,
which exposes individuals to various types of blackmail, especially sexual. Digital security is
often linked to passwords, which El Daccache stresses, “a hacker has a dictionary that can try
millions of words in moments. The most fragile passwords are those that contain an individual’s
name, date of birth, and the names of his family members, because it is information that he
previously entered when creating the account.” Therefore, as an initial and primitive protection
stage, passwords must be constantly changed.
Who is the target?
The eyes of hackers are generally directed towards the rich, public figures, and major companies
to blackmail them with their information and request large sums of money.
In Lebanon, more than one incident of “sexual extortion” was recorded by violating the means
of communication, especially of teenagers and women in particular. Here, Al-Dakash points out
that “fake blackmail” is the most common in Lebanon, through which the hacker tries to delude
the victim into possessing private pictures, so the individual prefers to pay money in order to
avoid any danger.
According to a study by the American University of Beirut (AUB), small and medium-sized
companies (constituting about 90 percent of all companies in Lebanon) are the most vulnerable
to penetration, due to the weakness of their protection systems compared to large ones.
Quarantine periods during Corona posed a great challenge to her, as it was considered a golden
opportunity for hackers, after all transactions turned to “online”, in addition to the increase in
the duration of individuals’ use of the Internet.
Protection from the protectors!
The issue of digital security raises the dilemma of protecting companies from the protection
authorities themselves, which may expose them to blackmail or any kind of collusion, especially
with competitors. Al-Dakash says, “The relationship between cybersecurity companies is based
on trust in the first place, before moving to any legal action represented by a penalty clause that
may reach thousands of dollars.”
According to lawyer and expert in information crimes, Charbel Shbeir, “companies are supposed
to work on two practical aspects in the event of a breach: the first is technical, through the
procedures that must be implemented by the official, most notably the disconnection of the
network. The second is to quickly file a complaint before the competent authorities.” The latter
considers that the legal reality today is “much better,” after Law 81/2018. It also approved the
strategy related to cyber security and is in the process of implementation.
Official departments: Retreat protection
This development is not reflected in the state’s administrations, which are experiencing fragility
in their systems, especially the digital system, as a result of the accumulation of chaos and
neglect. The economic crisis that has afflicted Lebanon since 2019 affected the development of
protection systems, especially in official departments, in which the attendance of employees
has become limited to one or two days a week. Likewise, protection systems lack sufficient
spending, which requires large sums, to keep pace with all developments and updates in the
field.
One of the workers in this field describes that it is “heading towards more chaos in the digital
field, as the percentage of protection in official departments decreased from about 99 percent
to 70 after the crisis.” Al-Modon has learned that some cybersecurity companies provide free
services to public institutions such as defense Civilian and the Red Cross because of the
symbolism of these two institutions.
It is certain that breaches will always occur in the cyber world, and hackers’ methods will
increase in innovation and development, as well as means of protection and defense, in an
industry that cost an estimated $8.4 trillion globally during the past year 2022, according to the
German company “Statesca” that specializes in market and consumer data. And if protection
from cybercrime is an individual responsibility all over the world, then it is doubly required in
Lebanon amid the absence of necessary awareness and strict support from state agencies
Original source: https://www.almodon.com/
