Fraud Day – Saudi Arabia

November 7, 2022

Group-IB teamed up in late October with its partner Versos to host the first ever Fraud Day — Saudi Arabia in Riyadh, an innovative event organized in collaboration with the Saudi Banking Committee for Information Security (BCIS), that brought together thought leaders and representatives from leading Saudi Arabian, Middle Eastern, and global financial institutions to discuss best practices to combat the growing surge in digital fraud in the Middle East and Africa.

The ever-increasing move to digital services, whether it be e-commerce or online banking, has created a multitude of new opportunities for cybercriminals to harness new attack strategies to target companies and individual users. Ever since the start of the COVID-19 pandemic, cybercriminals have launched wave upon wave of phishing and smishing attacks, and threat actors are becoming more adept at impersonating online shopping and banking resources.

Earlier this year, analysts at Group-IB’s Computer Emergency Response Team (CERT-GIB) discovered more than 270 fake domains created by scammers to impersonate more than a dozen leading postage and logistics companies in the Middle East, with the aim to lure users into entering their banking credentials on the scam pages, which the threat actors steal to complete a host of fraudulent transactions.

It is in this context that Group-IB and Versos, in collaboration with the Saudi Banking Committee for Information Security, decided to launch Fraud Day — Saudi Arabia to outline the necessary steps required to counter the rapidly evolving tactics, techniques, and procedures leveraged by digital fraud threat actors, in line with Group-IB’s zero tolerance policy to cybercrime and BCIS’s objectives in raising awareness of modern technologies that can be used by financial institutions to combat digital fraud.

“Group-IB was delighted to co-host the first Fraud Day – Saudi Arabia in Riyadh, an event that we feel has invigorated the financial sector in Saudi Arabia on the need to cooperate to stamp out digital fraud for good. Cooperation between security vendors and financial institutions is essential to achieve this goal, and we are grateful to all our partners who attended the event” Ashraf Koheil, Regional Director, Middle East, Africa and Turkey at Group-IB, said.

The two-day event included a conference track that kicked off with an introductory address by Dmitry Volkov, Group-IB Chief Executive Officer, who detailed how the company assists law enforcement partners in investigating cybercrimes and bringing threat actors to justice, and also how Group-IB’s Fraud Protection solutions leverage the company’s best-in-breed Threat Intelligence platform.

Key insights were also shared by Ziad Odeh, Executive Director of Versos, and this was built on by Rasha Abu AlSaud, the Chief Information Security Officer of the Saudi National Bank (SNB) and the Chairperson of the Saudi Banking Committee for Information Security (BCIS), who outlined several key transformations taking place in the digital banking sphere in Saudi Arabia and the broader Middle East region.

Charting latest digital fraud trends in MEA

The conference also included an insightful presentation delivered by Group-IB’s Lead Anti-Fraud Analyst, MEA, Maxim Baldakov, who outlined some of the key digital fraud trends Group-IB has observed in the Middle East throughout 2022.
By leveraging Group-IB’s sector-leading Fraud Protection platform, which guards nearly 400 mln users of both web resources and mobile apps around the world, Maxim Baldakov outlined how Group-IB identifies every hour multiple new cases originating in the Middle East of potential account takeover, device malware infection, and bot generated connections.

According to Group-IB analysis, the credentials of more than 690,000 users in MEA were stolen by malware in 2022 alone, with Redline Stealer being the most popular source of stolen credentials. Threat actors also targeted several of the region’s top banking applications, leveraging TeaBot, ERMAC, Coper, and Hydra Android malware types.

The final session of the conference track consisted of an enlightening panel discussion touching on the delicate balance between privacy and security in the sphere of digital payments, moderated by Rasha Abu AlSaud from BCIS. The panel included Ibrahim Alsulobi, Acting Manager, Cyber & Information Security Department at Riyad Bank, and Tariq Mostareeh, Head of Cyber Security Intelligence at D360 Bank.

On Day 2 of the event, Group-IB’s Maxim Baldakov led an illuminating workshop outlining the current trends in online fraud, the main aspects of session-based anti-fraud, as well as various ways to detect and counteract digital fraud facing the banking industry. Participants were also briefed on the evolution of fraud protection systems and how to identify signs of compromise on a device or account.

Recommendations for stamping out digital fraud

● Companies and organizations should consider Fraud Protection solutions that combine device fingerprinting, fraud intelligence, and behavioral analysis to protect web and mobile users against advanced digital threats, malware, payment fraud, social engineering attacks, and bad bots. These solutions should act in real-time and across all digital channels.
● Users can create a dedicated disposable virtual banking card with predetermined limits for safe online shopping so that, if it is compromised, the scammers will not be able to access your savings.
● Cybercriminals exploit the lack of adequate monitoring and blocking efforts to create fraudulent sites that abuse the names of legitimate brands. Against such complex threats, businesses must act swiftly. A comprehensive, automated machine-learning Digital Risk Protection platform, fueled by regular updates about cybercriminal TTPs can ensure effective monitoring and blockage of all fraudulent resources created to impersonate your brand.

To read more news and exclusive features see our latest issue here.