Over 130 registered entities in the DIFC have joined the Cyber Threat Intelligence Platform (TIP) of DFSA since it was launched in January.
The platform is available at no cost to all DFSA authorised and DIFC registered companies.
The platform provides members with information and technical indicators on a multitude of cyber threats, with an average of 160 new threats per week, according to a DFSA statement.
Since its launch, TIP has collected information on threat actors targeting the MENA region, especially the UAE.
The most prominent threats affecting the finance sector fall into three primary categories. The categories include:
- the direct targeting of banking customers in order to obtain credit card data and banking credentials;
- ransomware attacks; and
- the targeting of the finance sector by cyber criminal syndicates.
The DFSA has observed an increase in attacks leveraging known and new malware and a soaring number of newly registered malicious domains referencing COVID-19 since March.
At the same time, many financial institutions were forced to rapidly implement remote working practices at an unprecedented scale. Consequently, there was an increase in attacks targeting remote access and teleworking infrastructure in the hope of exploiting hastily deployed systems.
Phishing attacks through email, SMS, and other messaging applications remain a common attack vector targeting financial institutions and their customers. Detailed technical information on recent cyber threats that can affect firms operating in the DIFC and around the world can be found on TIP.
DFSA COO Waleed Saeed Al Awadhi said, “We strongly encourage firms to cooperate and share information about cyber threats. Cyber security is a shared responsibility, which we believe can best be addressed through public-private partnerships. We understand that our involvement with firms and other regulatory and professional associations is essential for building cyber security awareness among our stakeholders.”
Weakest link
In the context of cybersecurity, people tend be any organisation’s weakest link and cyber criminals design their campaigns using a variety of social engineering techniques. IT departments may implement a range of technical controls and systems to reduce the risk of a successful cyber attack. However, these alone may not be effective without sufficient employee cyber awareness.
Therefore, education to increase the cyber awareness is one of the most important methods to reduce the risk of falling victim to a cyber attack.
TIP, launched on 21 January 2020, is the first financial services regulator-led cyber threat intelligence platform in the region, delivered in collaboration with leading government entities the Dubai Electronic Security Centre (DESC), the National Computer Emergency Response Team for the UAE (aeCERT) and the Computer Incident Response Centre Luxembourg (CIRCL). M