Man
Professional
- Messages
- 3,153
- Reaction score
- 700
- Points
- 113
Following economic growth, Middle Eastern countries are undergoing a period of digital transformation. For many countries, this is not just a matter of convenience of service delivery, but a far-reaching strategy to reduce dependence on energy exports.
The concentration of large amounts of finance and the expansion of IT infrastructure attract not only investments, but also hackers. Some of them join the confrontation between states in the region, others are looking for material gain - one way or another, cybercriminals pose a serious threat. What are the goals of the attackers, what methods they use and how the Middle East countries are trying to contain the growing flow of attacks - read in our report below.
Naturally, huge resources and volumes of data attract attackers, so special attention is paid to protecting IT infrastructure. For example, the United Arab Emirates (UAE) has included information security costs in its budget, and Saudi Arabia is funding cybersecurity startups. In addition, companies such as Saudi Aramco are investing millions of dollars in developing artificial intelligence and machine learning to detect threats in order to reduce the costs of attacks.
In addition, from the end of 2023 to the second half of 2024, our experts observed a significant impact of the geopolitical situation in the region on the activity of cybercriminals. This confirms the thesis that cyberattacks are becoming a full-fledged part of modern conflicts. Thus, the escalation of hostilities between Israel and Hamas led to a twofold and then a threefold increase in the number of cyberattacks compared to last year.
As the conflict escalated, the situation changed, and other states began to become victims of cybercriminals more often:
Some of the leaks were caused by insiders – internal users who intentionally or accidentally violated security measures. According to a report by CPX, insider activity was the cause of 23% of incidents in UAE organizations.
The most dangerous attacks were on automated process control systems (APCS). Such threats can lead to failures in the operation of critical facilities and man-made disasters.
The Operation Soft Cell campaign, which targeted several Middle Eastern telecom operators at once, attracted particular attention during the period under review . The attackers had been preparing the attack since 2012, but the threat was neutralized in time - and the hackers did not achieve their goals.
Members of the APT34 group created a fake website of an IT company to obtain data from its government clients. The cybercriminals placed a malicious file on the page under the guise of a job application. When the victim opened the document, the malicious code was launched, and the attackers gained access to confidential information.
In the fourth quarter of 2023, we recorded a surge in attacks on water systems in Israel, and in Iran, hackers disrupted the operation of 70% of gas stations.
Hacktivists, politically motivated hackers, also took part in the conflict between Israel and Hamas.
Mysterious Team Bangladesh announced that it was preparing attacks on Israeli organizations and called on other groups to cooperate. In addition, it put pressure on those who, from its point of view, did not take a tough enough position in the confrontation. For example, the Organization of Islamic Cooperation fell victim to a DDoS attack by Mysterious Team Bangladesh.
Another hacktivist group made confidential data of Israeli companies and government agencies publicly available . The victims of the attacks were the Ministry of Welfare and Social Affairs, the Securities Authority, the state payment gateway, and the national archive.
Most often, cybercriminals used remote control tools in attacks on organizations (33% of cases). In second place was spyware, which was used in every fifth successful attack. In third place, with a small gap and a share of 19% of cases, were encryptors. Government agencies (31%), industrial companies (25%) and medical organizations (13%) suffered the most from the actions of extortionists.
In September 2023, the Kuwaiti Ministry of Finance fell victim to ransomware. The attackers interfered with the payment and payroll systems - the threat was so serious that they had to be temporarily disabled.
During the study period, members of the MuddyWater APT group carried out more than 50 phishing campaigns against Israeli municipalities, airlines, travel agencies and media outlets.
According to the National Institute of Standards and Technology (NIST), 14% more vulnerabilities were discovered in 2023 than in 2022, and 42% more than in 2021. As the UAE Computer Emergency Response Team (aeCERT) found, in 32% of cases, criminals exploited the Hikvision camera vulnerability (CVE-2021-36260) to take control of the device.
Companies in the Middle East are aggressively deploying so-called smart devices to improve efficiency and automate manufacturing. Many of these gadgets are vulnerable and have other security issues, increasing the attack surface.
Hackers are increasingly developing malware and exploits not for themselves, but for sale. This makes cyberattacks massive and accessible to a wide range of interested parties.
Thus, one of the largest retail chains in the UAE, Lulu Hypermarket, suffered from a data leak. Hackers compromised more than 200 thousand customer records - email addresses and phone numbers. The public sector was attacked by the INC Ransom group: its target was the US-Saudi Arabian Business Council. According to the attackers, they got their hands on 200 GB of data, including financial documents, email correspondence, confidential agreements and contracts.
Most cyber attacks on individuals were carried out using malware (77%). Most often, the attackers used the following types of malware:
Spyware was used by hackers both to steal personal and financial data and to spy on political activists and journalists. Against the backdrop of heightened geopolitical tensions and internal conflicts, its use increased by 13%. The well-known Pegasus Trojan was also involved , with independent researchers recording activity in Jordan.
Another spyware program for Android smartphones was discovered by McAfee Mobile Research Team. The Trojan pretended to be an official application of a Bahraini government agency and was distributed via social networks and SMS messages, and the purpose of the attack was financial fraud. During the same period, researchers from Zimperium found more than 200 fake applications of major Iranian banks on Google Play.
Apparently, the widespread use of smartphones for financial transactions attracts hackers' attention. If in the same period last year the shares of cyberattacks on mobile devices and computers were comparable, then in the third quarter of 2023 - second quarter of 2024, in 62% of known cases, it was mobile devices that were hacked.
As a result of the digitalization of the financial industry, companies are faced with numerous challenges: vulnerabilities, remote work of employees, risky behavior of clients. All this creates fertile ground for the growth of cyberattacks.
For example, during the period under review, the Rain exchange confirmed a hack that resulted in losses of about $15 million.
To be prepared for attacks, organizations need to assess their assets and identify those that are most important to the business. They then need to identify events that could lead to critical failures and conduct a security audit. The results of the audit will show which nodes and systems require the most attention to avoid irreparable damage.
For more information on our Middle East cyber threat research and protection recommendations, read the full report.
Source
The concentration of large amounts of finance and the expansion of IT infrastructure attract not only investments, but also hackers. Some of them join the confrontation between states in the region, others are looking for material gain - one way or another, cybercriminals pose a serious threat. What are the goals of the attackers, what methods they use and how the Middle East countries are trying to contain the growing flow of attacks - read in our report below.
Digitalization and countries' efforts to strengthen cyber defenses
The states of the region are interested in developing IT initiatives as a strategic measure to diversify the economy and reduce dependence on energy exports.Naturally, huge resources and volumes of data attract attackers, so special attention is paid to protecting IT infrastructure. For example, the United Arab Emirates (UAE) has included information security costs in its budget, and Saudi Arabia is funding cybersecurity startups. In addition, companies such as Saudi Aramco are investing millions of dollars in developing artificial intelligence and machine learning to detect threats in order to reduce the costs of attacks.
Specifics of cyber threats: who attacks whom and how
Cybercriminal attacks in the Middle East are more destructive. According to research by IBM, the average loss to organizations as a result of an incident is almost twice the global average, at $8.75 million.In addition, from the end of 2023 to the second half of 2024, our experts observed a significant impact of the geopolitical situation in the region on the activity of cybercriminals. This confirms the thesis that cyberattacks are becoming a full-fledged part of modern conflicts. Thus, the escalation of hostilities between Israel and Hamas led to a twofold and then a threefold increase in the number of cyberattacks compared to last year.
Which countries have been the most frequent targets of cyber attacks?
If at the beginning of the conflict the hackers' targets were mainly Israel and Palestine, then the actions of the attackers spread to other countries. At the end of 2023, the distribution of attacks looked like this:As the conflict escalated, the situation changed, and other states began to become victims of cybercriminals more often:
The most attacked industries
The most common victims of attacks among organizations during the period under review were:- government agencies - 24% of cases;
- industrial companies - 17%;
- telecommunications - 7%;
- IT companies – 7%.
Government institutions
In the first half of the year, the largest number of offers for the sale of these state institutions came from countries in the Middle East (16%). The reason for this is that the activity of APT groups, including politically motivated ones, has increased in the region.Some of the leaks were caused by insiders – internal users who intentionally or accidentally violated security measures. According to a report by CPX, insider activity was the cause of 23% of incidents in UAE organizations.
Industry
Most often, industrial enterprises in the region were attacked using malware. Hackers were especially active in using ransomware, which accounted for 28% of all incidents, and wipers (among them, the BiBi wiper stands out, which targeted technology companies in Israel).The most dangerous attacks were on automated process control systems (APCS). Such threats can lead to failures in the operation of critical facilities and man-made disasters.
Telecommunications companies
Hackers often target telecommunications companies to steal subscriber data and use it for blackmail, identity theft, and other targeted campaigns. Another option is to distribute malware through the operator's networks. The Operation Soft Cell campaign, which targeted several Middle Eastern telecom operators at once, attracted particular attention during the period under review . The attackers had been preparing the attack since 2012, but the threat was neutralized in time - and the hackers did not achieve their goals.IT companies
IT companies serve a wide range of organizations, including large corporations and government agencies , and store large amounts of critical and confidential information. This makes them a desirable target for attackers who want to compromise their clients’ infrastructure or obtain valuable data for sale. Members of the APT34 group created a fake website of an IT company to obtain data from its government clients. The cybercriminals placed a malicious file on the page under the guise of a job application. When the victim opened the document, the malicious code was launched, and the attackers gained access to confidential information.APT groups and hacktivist attacks
The vast majority of groups targeted government institutions at least once, and 69% targeted the energy sector. The cybercriminals appeared to be aiming to disrupt critical infrastructure and destabilize the region. In the fourth quarter of 2023, we recorded a surge in attacks on water systems in Israel, and in Iran, hackers disrupted the operation of 70% of gas stations.Hacktivists, politically motivated hackers, also took part in the conflict between Israel and Hamas.
Mysterious Team Bangladesh announced that it was preparing attacks on Israeli organizations and called on other groups to cooperate. In addition, it put pressure on those who, from its point of view, did not take a tough enough position in the confrontation. For example, the Organization of Islamic Cooperation fell victim to a DDoS attack by Mysterious Team Bangladesh. Another hacktivist group made confidential data of Israeli companies and government agencies publicly available . The victims of the attacks were the Ministry of Welfare and Social Affairs, the Securities Authority, the state payment gateway, and the national archive.Attack methods and arsenal of cybercriminals
Attacks on Middle Eastern organizations were most often carried out by intruders using malware; 86% of incidents involved the compromise of workstations, servers, and network equipment.Most often, cybercriminals used remote control tools in attacks on organizations (33% of cases). In second place was spyware, which was used in every fifth successful attack. In third place, with a small gap and a share of 19% of cases, were encryptors. Government agencies (31%), industrial companies (25%) and medical organizations (13%) suffered the most from the actions of extortionists.
In September 2023, the Kuwaiti Ministry of Finance fell victim to ransomware. The attackers interfered with the payment and payroll systems - the threat was so serious that they had to be temporarily disabled.Social engineering
Attackers used social engineering methods in more than half of the attacks (54%). Notably, hackers actively used AI and machine learning to create malicious messages: as a result, the number of email attacks in 2023 increased by 222% compared to the second half of 2022. During the study period, members of the MuddyWater APT group carried out more than 50 phishing campaigns against Israeli municipalities, airlines, travel agencies and media outlets.Vulnerabilities
Vulnerability exploitation accounted for 35% of attacks in the region during the period under review, due to the increasing number of system flaws, the growth in the number of connected devices, and the transformation of cybercrime into a business.According to the National Institute of Standards and Technology (NIST), 14% more vulnerabilities were discovered in 2023 than in 2022, and 42% more than in 2021. As the UAE Computer Emergency Response Team (aeCERT) found, in 32% of cases, criminals exploited the Hikvision camera vulnerability (CVE-2021-36260) to take control of the device.
Companies in the Middle East are aggressively deploying so-called smart devices to improve efficiency and automate manufacturing. Many of these gadgets are vulnerable and have other security issues, increasing the attack surface.
Hackers are increasingly developing malware and exploits not for themselves, but for sale. This makes cyberattacks massive and accessible to a wide range of interested parties.
Consequences of attacks: increase in number of leaks
The most common outcome of a successful attack in the period under review was a leak of confidential information. This trend accelerated in Q2 2024 and we believe will continue into the future. The victims of data breaches were primarily trade and financial organizations, the public sector, and individuals. We recorded the highest number of publications about leaks and announcements of data sales in the UAE (34%), Israel (29%), and Iran (14%). Thus, one of the largest retail chains in the UAE, Lulu Hypermarket, suffered from a data leak. Hackers compromised more than 200 thousand customer records - email addresses and phone numbers. The public sector was attacked by the INC Ransom group: its target was the US-Saudi Arabian Business Council. According to the attackers, they got their hands on 200 GB of data, including financial documents, email correspondence, confidential agreements and contracts.Threats to individuals
Against the backdrop of the worsening geopolitical situation, the number of attacks against individuals fell by half, to 10%. Apparently, during the period in question, attackers were more interested in targeted campaigns against specific organizations. On the other hand, hacking corporate systems and government agencies increased the effectiveness of phishing and social engineering attacks: stolen data allowed hackers to create more believable fake messages.Most cyber attacks on individuals were carried out using malware (77%). Most often, the attackers used the following types of malware:
- Spyware - 55%.
- Remote administration programs - 18%.
- Banking Trojans - 9%.
Spyware was used by hackers both to steal personal and financial data and to spy on political activists and journalists. Against the backdrop of heightened geopolitical tensions and internal conflicts, its use increased by 13%. The well-known Pegasus Trojan was also involved , with independent researchers recording activity in Jordan.
Another spyware program for Android smartphones was discovered by McAfee Mobile Research Team. The Trojan pretended to be an official application of a Bahraini government agency and was distributed via social networks and SMS messages, and the purpose of the attack was financial fraud. During the same period, researchers from Zimperium found more than 200 fake applications of major Iranian banks on Google Play.Apparently, the widespread use of smartphones for financial transactions attracts hackers' attention. If in the same period last year the shares of cyberattacks on mobile devices and computers were comparable, then in the third quarter of 2023 - second quarter of 2024, in 62% of known cases, it was mobile devices that were hacked.
Forecasts
Aggravation of the geopolitical situation
Hacker groups in the region have already shown that they can unite and coordinate their actions to carry out complex DDoS attacks. Further aggravation of the geopolitical situation will only intensify this trend, especially the pressure on the media and government agencies. To achieve their goals, attackers can attract volunteers to use their resources to disable target systems. At the same time, campaign participants do not need to have special knowledge and skills, only desire.Attacks on critical infrastructure
Middle Eastern countries import up to 85% of their food, and water for their population and industries depends on desalination systems. Due to the hot climate in summer, some countries spend up to 70% of their electricity on cooling and air conditioning. Therefore, cyberattacks on the region’s critical infrastructure can lead to supply disruptions and cause not only an economic crisis but also humanitarian problems.Shifting motivation towards financial gain
Hacktivists are currently politically motivated, but later they may begin to use their skills for financial gain. Criminals are motivated by the presence of markets for stolen information and other valuable assets. Examples of successful cyberattacks and ransom payments further whet the hackers' appetite.As a result of the digitalization of the financial industry, companies are faced with numerous challenges: vulnerabilities, remote work of employees, risky behavior of clients. All this creates fertile ground for the growth of cyberattacks.
Cyber attacks on cryptocurrency
The cryptocurrency market in the region is developing at one of the fastest rates in the world. The segment is estimated to be worth $389.8 billion, and this inevitably leads to an increase in cyber threats. For example, during the period under review, the Rain exchange confirmed a hack that resulted in losses of about $15 million.Cyberattacks on Industrial IoT and Smart City Infrastructure
Another rapidly growing market in the region is the Internet of Things (IoT) devices segment. According to analysts, by the end of 2024, the annual growth rate (CAGR) of the market will exceed 10%, and revenue will approach $ 12 billion. As in the case of the cryptocurrency segment, this creates a number of challenges in the field of information security. The problems are mainly due to insufficient protection at both the hardware and software levels, the lack of device security standards, and underestimation of risks by consumers.Cyberattacks on government service systems
As a result of the digitalization policy of public services, so-called super apps are emerging — services similar to the domestic State Services. Gartner predicts that by 2027, more than 50% of the world's population will use them. Of course, such services also exist in the Middle East. For example, on Hukoomi, the official portal of the e-government of Qatar, residents can receive about 1,500 services online. Since such applications store a huge amount of personal data, they are an attractive target for cybercriminals.To be prepared for attacks, organizations need to assess their assets and identify those that are most important to the business. They then need to identify events that could lead to critical failures and conduct a security audit. The results of the audit will show which nodes and systems require the most attention to avoid irreparable damage.
For more information on our Middle East cyber threat research and protection recommendations, read the full report.
Source
