Muscat: Oman and the Middle East need to be prepared for cyber attacks during the holy month of Ramadan and the holiday of Eid, according to experts at Ernst & Young.
Working hours during Ramadan have been lowered to six for those fasting, while the advent of Eid will witness thousands of residents escape their daily routine using long holidays. Cyber security specialists believe this is an ideal time for malicious cyber activities and caution is advised.
“It is a trait of hackers to attack during off hours when vigilance is least. This has happened in other places during long weekends or holidays,” Mohammed Nayaz, partner- IT Risk and Resilience at EY, said during a conference on “Organisational preparedness on cyber resilience risks.”
“At the end of Ramadan when the holidays start, we can expect cyber attacks intensifying in Oman and the Middle East as the hackers are aware of the off hours employees get. With cyber security employees off and less surveillance, it is an ideal time to launch an attack.”
He recommended that companies not only need prepare with necessary updates among other provisions, but also keep IT staff on standby in case of any emergency.
The warning comes only a week after WannaCry, a new variant of ransomware, forced government IT systems to shut down to protect against a potential attack.
Evolving further, reports of another variant of ransomware that uses seven exploitation tools have surfaced. Comparatively, WannaCry uses only two. EternalRocks, the new ransomware worm is expected to be less dangerous at the outset, but will be sneakier and more complex, experts believe.
“I think there is a high possibility of these new variants of ransomware being used to attack systems during the Eid holidays. They are busy developing new variants and will strike as soon as they are strong enough to cause considerable damage. People are getting vigilant and companies are updating systems, so before all systems are patched and the exploits rendered redundant, we expect hackers to strike and cash in on the resources they have,” Nayaz explained.
To combat such cyber security threats, EY plans to get their Digital Operations Security Centre (DOSC) in Oman online by September this year. It is expected to be a comprehensive cyber security solution for organisations in the Sultanate, monitoring IT systems, Operations Technology (OT) systems and IoT (Internet of Things) of organisations on a 24x7 basis in Oman and the Gulf Cooperation Council region.
The conference also recommended a cyber security framework that encompasses all corporate sectors, which would enforce base level security, something companies ignore even now. It also highlighted the step by step implementation of security systems for organisations in the country.
According to unconfirmed reports released earlier last week, Oman was a target of a May 12 ransomware attack, with three separate systems being breached. However, this has not been confirmed yet.