The UAE Telecommunications Regulatory Authority (TRA), represented by the Computer Emergency Response Team (aeCERT), organized a seminar to discuss the means for combating Zeus/SpyEye Trojans, and other viruses that target financial institutions. The one day seminar was held on 11 August 2011, at the new TRA offices in Dubai, and all financial institutions in the UAE including local and international banks were invited.
The organization of the seminar is congruent with TRA’s efforts to provide a secure cyber space for users in the UAE, and protect them from cyber-attacks. The (aeCERT) team plays a vital role in setting the strategies and mechanisms to be followed for prevention and protection of users from such attacks. The dedication of this seminar by the TRA to financial institutions stems from its firm belief in the importance of protecting these organizations that use ICT services provided in the UAE as they face wider consequences from attacks and also protect the financial information and interests of their clients.
Commenting on the event, H.E. Muhammad Nasser Al Ghanim said: “There is little doubt that the wide spread usage of IT services in the financial spectrum is a welcomed approach, as it provides large scale facilities to financial institutions’ clients; however, it also has its own risks manifested in the attacks by ‘cyber hackers’ who target the accounts and financial information of those clients. It is therefore essential to enhance the means of protecting them, and promote their capabilities in responding and facing such attacks within the shortest period of time, as the element of time in such cases is so important.”
He continued: “Threats have evolved to bypass classical protections adopted by many of these organizations. The landscape of the attacks has shifted from phishing attacks, into malware that mimics users’ behavior to trick the institutions. There is no single solution to mitigate these threats; however, it takes collaboration, knowledge sharing, and joint efforts to eradicate these issues, and this is what we are seeking to achieve from this seminar.”
During the seminar, the aeCERT team provided information about malicious software, in addition to having organized a round table discussion to get input from all participating banks, in order to assist them in protecting their systems and data from being compromised by hackers. In addition, the team gave recommendations related to the prevention and protection from cyber-attacks for specific sectors in the UAE such as the government and financial institutions.
The seminar also discussed issuing early warnings to the banks about malicious attacks, disseminating and sharing recommendations on how to deal with sophisticated attacks, as well as hosting subject specific seminars to get input and feedback from constituents.
Notably, aeCERT aims to sustain a resilient and vigilant ICT infrastructure against a broad range of cyber security threats by encouraging a safe and secure cyber culture in the United Arab Emirates. Furthermore, by enhancing cyber security laws and assisting in the creation of new laws, aeCERT is spreading information security awareness across the UAE. It provides a central trusted point of contact for cyber security incident reports, and is fostering national expertise in information security, incident management, and computer forensics.