30 May 2021

Exposing the UAE’s Underground Digital Dangers: The Attack Surface of One of the Most Digitally Advanced Countries in the Arab World

Victoria Kivilevich and Sharon Bitton

The UAE has gained global attention for the incredible improvements the country has gone through over the last few decades. While the UAE’s economy continues to flourish, cybercriminals will carry on with their efforts of trying to identify where their next worthy targets may be. With the growing success of advancing their economy and technological capabilities, UAE-related entities must continue to push their cybersecurity efforts as well to ensure that their wealth will not be harmed by lucrative cybercriminals operating in the cybercrime underground ecosystem. This research lays out the major underground digital dangers that KELA’s researchers have identified posing a threat to UAE-related entities.
The research’s highlights include:

  • During the last six months (December 2020-May 2021), KELA observed numerous compromised network access listings to UAE-related private and public entities offered for sale on cybercrime forums, including one that was possibly used in an attack by the Avaddon ransomware gang.
  • Among these, KELA detected several threat actors specifically targeting UAE entities, by selling data and network access related to UAE companies.
  • KELA discovered that UAE-related email addresses were exposed more than 1.2 million times, with more than 200,000 of them being related to employees of government, educational, academic, and nonprofit entities.
  • KELA also identified more than 68,000 compromised accounts related to UAE users on corporate portals, social media, e-commerce stores, and government websites.
26 May 2021

USA Unemployment Fraud: It’s Easier Than You Think

Gilad Shiloach, Threat Intelligence Analyst

Unemployment systems have been challenged with responding to millions of unemployment claims over the last year, with thousands of those being fake claims made by cybercriminals. The US Pandemic Unemployment Assistance (PUA) and other assistance programs that were launched in response to the COVID-19 outbreak opened the doors to many cybercriminals searching for further ways to make money. Nearly 36 billion dollars have been taken away from US citizens in unemployment benefits, and that number will continue to rise as cybercriminals are persistent on taking advantage of those benefits.
The cybercrime underground ecosystem has become an excellent hub for trading various unemployment fraud services. Many of the services that our research has identified capitalize on identity theft basics and methods that have been circulating in underground platforms for years and therefore welcome cybercriminals who do not necessarily possess advanced technical skills. KELA has been closely tracking criminal actors across the cybercrime underground ecosystem and has identified significant levels of interest in PUA fraud schemes, which arm cybercriminals with the necessary information to illegally obtain US citizens’ unemployment benefits.
The top three non-technical services we’ve identified interest for were:
1. Fullz, which are bundles of information that belong to real people and contain personal information that would assist fraudsters in carrying out identity theft.
2. Step-by-step guides (aka “methods” or “sauces”) on how to carry out these attacks.
3. Targeting of the ID.me identity service – used for citizens’ access to digital government services – aiming to bypass it.