Cyber attackers and hacktivists are increasingly targeting the United Arab Emirates, the Kingdom of Saudi Arabia, and other countries in the Gulf Cooperation Council (GCC) region. The region is a center of commerce and trade, and a rich economy abounds, making it likely to be a favored target. and because of the positions of regional countries on certain geopolitical issues.
That’s according to 18 months of dark web data compiled by Moscow-based threat research firm Positive Technologies. The number of distributed denial of service (DDoS) attacks in the region increased by 70% in the first half of this year compared to the same period last year, the report said.
Hacktivists use forums both as a way to galvanize like-minded hackers to action and as a way to publish evidence of success against specific targets, said Anastasia Churushina, a threat analyst at Positive Technologies. .
“We believe this trend will continue and the number of hacktivist attacks will increase,” she says. “At the same time, the level of other attacks will increase, increasing the number of risks and negatively impacting businesses in the region.”
In March, an analysis of two years of attacks in the region found that both Saudi Arabia and the UAE were the top targeted countries. The UAE government’s cybersecurity chief said earlier this year that the UAE alone faces an average of 50,000 cyberattacks every day, while the country’s attack surface area is rapidly expanding.
More attacks have also been made public, including in July when the pro-Palestinian hacktivist group BlackMeta targeted banks in the United Arab Emirates with a DoS campaign that lasted more than 100 hours over six days. And in April, Saudi Arabia was added to the list of organizations targeted by Solar Spider, an organization suspected of having ties to China.
More cyber attackers coming online?
Rather than web defacement or system compromise, an increase in DoS attacks may indicate an influx of new threat actors. Positive Technologies’ Chursina said the tactics an attacker chooses depend on their skill and knowledge, and that DDoS attacks can be carried out by even novice hackers.
“A hacktivist’s primary goal is to draw public attention to a particular political, social, or religious issue,” she says. “DDoS attacks are the most popular because they do not require advanced expertise or resources and can be carried out by even novice hackers.”
Positive Technologies’ treasure trove of forum posts and text messages totals 277 million from 380 Telegram channels and dark web forums. In its GCC report, the company focused on six major countries in the region: UAE, Saudi Arabia, Bahrain, Oman, Qatar, and Kuwait.
Data theft and unauthorized access was the topic of more than half (54%) of posts, with the majority of users selling or buying access. These posts focused on five sectors: trade, services, manufacturing, IT, and government.
About 12% of posts included calls to action for hacktivists or evidence of successful hacktivist attacks, the report said. Approximately 9% of hacktivist posts also promoted free credentials for use in attacks.
“Access benefits represent an emerging trend in the region that first emerged in the second half of 2023,” the report said. “Most access benefits (70%) included government employee credentials.”
Cyber domains favored for attacks and espionage
Cyberattacks have become a favorite battleground for many groups in the region, both nation-states and opposition organizations. Risks are also rapidly increasing, from the increasing pace of Iranian cyber espionage to Israeli cyber-physical attacks leveraging supply chain compromises to compromises of regional naval information systems.
As the UAE and Saudi Arabia increase investment in digitalisation, AI development and the transition to a knowledge-based economy, organizations in both countries, and across the Middle East, need to focus on strengthening their cybersecurity posture, Positive Technologies said. There is.
“Dark web forums are filled with offers and services tailored to the region,” the company’s report said. “Posts related to selling access are plentiful and often low-cost, allowing attackers to gain initial access to a company and waste time looking for new entry points to the infrastructure. The gift of access makes it easier for low-level hackers to carry out attacks and raise public awareness about social and political issues, a new trend on the part of hacktivists. is now possible.”