(MENAFN - Arab Times) KUWAIT CITY, March 28, (Agencies): Kuwait ranked sixth among Arab countries and 67th globally with a score of 0.600 in the Global Cybersecurity Index published recently. The index measures the commitment of 175 countries to cybersecurity at a global level in order to raise awareness of the importance and different dimensions of the issue.
On the ranking of other Gulf nations, Saudi Arabia ranked first in the Arab region and 13th internationally with a score of 0.881. This achievement reflects the great support provided by the Custodian of the Two Holy Mosques King Salman bin Abdulaziz Al Saud and Crown Prince Mohammad Bin Salman for the plans and programs of the cybersecurity in the Kingdom, according to statement issued today, the National Cybersecurity Authority (NCA) on Wednesday.
The statement, carried by the Saudi Press Agency (SPA), referred to the issuance of the Royal Order establishing the NCA. The NCA affirmed that it seeks to enhance a protection of the Kingdom's cyberspace in collaboration with the relevant bodies, adding that it has launched a number of important initiatives and projects contributing to enhance the cybersecurity. The NCA looks forward to a secure and reliable Saudi cyberspace through a higher level of cybersecurity in all national organizations, the statement added.
Oman came in second regionally and 16th internationally with a score of 0.868, Qatar ranked third in the region and 17th internationally with a score of 0.860, the United Arab Emirates ranked fifth regionally and 33rd globally with a score of 0.807 while Bahrain ranked seventh in the region and 68th globally with a score of 0.585.
Microsoft said it seized 99 websites used by Iranian hackers to steal sensitive information and launch other cyberattacks. The company said the group, which it has been tracking since 2013, has tried to snoop on activists, journalists, political dissidents, defense industry workers and others in the Middle East, including some who were 'protesting oppressive regimes' in the region.
Hackers did so by tricking people in those organizations to click on malicious links disguised to resemble wellknown brands, including Microsoft and its LinkedIn, Outlook and Windows products, Microsoft said in court filings. Wednesday's announcement tied the hackers to the country of Iran but not specifically to its government.
A spokesman for Iran's mission to the United Nations didn't respond to an email and phone call seeking comment Wednesday. Iran has denied involvement in other hacking efforts identified by Microsoft.
Microsoft calls the hacking group Phosphorus, while others call it APT35 or Charming Kitten. Allison Wikoff, a security researcher at Atlanta-based Secureworks, said it is one of the 'more active Iranian threat groups' she has observed. She said Microsoft's takedown was a big win using a practice known as 'sinkholing,' which involves taking over adversary domains and analyzing their traffic to protect against future attacks.
Microsoft sued the hacking group in US District Court in Washington this month and described a hacking operation that 'demonstrates skill, patience and access to resources.' The hackers' malicious software, according to the lawsuit, 'effectively morphs the trusted, Microsoft-trademarked Windows system into a tool of deception and theft.' Microsoft said the group typically tries to infiltrate a target's personal accounts, not their work accounts, by luring them into clicking on a link to a compromised website or opening a malicious attachment. Hackers, the company said, used fake domain names that resembled Microsoft and other well-known brands. They also created fake social media profiles to target people.
Microsoft said hackers were damaging the company by breaking into its customers' online accounts and computer networks. US District Judge Amy Berman Jackson sided with the company in a March 15 ruling, arguing that there was good cause to believe the hacking activity was harming the company, its customers and the public.
The documents were unsealed Wednesday. Microsoft has taken hacking groups to court before. The Redmond, Washington, company used a similar strategy in 2016 to seize fake domains created by Russia-backed hackers who were later found to have been meddling in the US presidential election.