Digital Footprint Intelligence Report

[harlan4096]

Introduction

The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Sudan, Syria, Turkey, UAE, Yemen. The data presented in this report was collected through Kaspersky’s own threat research and analysis mechanism and various other open sources during Q3 2020.

The exceptions are Iran, Iraq, Sudan, Syria and Yemen for which only open source data was used. Official entities can request the more detailed results of subsequent research and analysis via dfi@kaspersky.com.

The service is designed to provide customers with an analysis of their footprint in open networks and an overview of the opportunities presented to adversaries.

Assessing a company’s assets from the perspective of an attacker and their possible intentions and potential opportunities were among the key considerations for cyberthreat intelligence analysts when compiling this report.

Scope of report

There are many organizations that belong to the three key verticals – governmental, financial and industrial – across the Middle East region, but this report focuses on critical organizations with vulnerabilities.

Methodological materials

Depending on the complexity of the exploitation and the damage cause, the detected vulnerabilities are divided into five levels:

• Critical – Vulnerabilities that, if exploited, can compromise an infrastructure resource in one step;
  
• High – Vulnerabilities that, if exploited, will give access to infrastructure in two or more steps. Additional data (e.g. credentials) to penetrate the infrastructure may be required;
  
• Medium – Vulnerabilities that allow an attacker to obtain useful information about a resource that can be used to obtain restricted access: e.g. management interfaces of various services, directory listing, protocols used to unencrypt data transfer, etc.;
  
• Low – Vulnerabilities that allow an attacker to collect information about a resource, such as logins used in the system, access as anonymous user to various services, etc.;
  
• Information – Vulnerabilities related to security flaws, such as default and start pages of web services, printer services and various software that can be used to perform DDoS attacks, routing protocols, etc.
  

Importance of vulnerability based on industry vertical

The governmental sector leads the way in critical-level vulnerabilities, whereas the standard cybercriminal target – the financial industry – has mostly low-level vulnerabilities.

Industrial companies fall in the middle of this spectrum, though their share of medium-level vulnerabilities still deserves attention. Most of these vulnerabilities lead to the disclosure of information about a resource that can be used to obtain restricted access.
...

Continue Reading