- A majority of successful cyberattacks in the Middle East rely on social engineering, malware, or exploitation of software vulnerabilities
- Attacks on Middle Eastern government agencies are mainly carried out by APT groups (56%), covertly establishing themselves in the victim's infrastructure for the purpose of cyberespionage
- The main consequences of cyberattacks on state institutions are the disruption of core activities (36%) and the leakage of confidential information (28%)
Positive Technologies analyzed threats to information security in the Middle East1, discovering a significant increase in cyberattacks on critical IT infrastructure from 2022-2023. Most of these were targeted attacks, and the most frequently affected organizations were government institutions. Ransomware attacks are skyrocketing.
According to Positive Technologies' cybersecurity threatscape report, Middle Eastern government entities are especially appealing targets to cybercriminals: 22% of total attacks on organizations targeted government agencies, and 56% of these were perpetrated by APT groups. Armed with various malware and exploits, malicious actors penetrate the victims' networks and linger to conduct cyber espionage.
Industrial companies feel the pressure of cyberattacks, with 16% of companies being threatened, as they possess valuable information, represent components of critical infrastructure, and make a significant contribution to the regional economy. Malicious actors often use social engineering to gain access to victims' systems (33% of cases), and the tools most frequently used in attacks on this sector are remote access trojans (RATs, 62%) and data-wiping malware (31%).
According to analysts, 78% of cyberattacks on organizations in the Middle East target computers, servers, and network equipment. Threat actors compromise systems by deploying malware or exploiting vulnerabilities to steal confidential information or to disrupt the operation of devices.
Malware is critical in cyberattacks on institutions: it was utilized in 58% of attacks on organizations and 70% of attacks on individuals. RATs, which enable attackers to assume control over a compromised device, are the most widely used type of malware. Additionally, spyware, often masquerading as legitimate applications, is extensively used against individuals.
Attacks in the Middle East are notable for the use of wipers, which delete files on compromised devices. Wipers are extremely dangerous when penetrating industrial control systems (ICS), as this can disrupt production processes and lead to accidents.
Experts are particularly concerned about the increasing activity of ransomware groups, which have turned into one of the biggest threats. In Q1 2023, the number of ransomware incidents in the world increased by 77% year-on-year. The most prominent victims of ransomware in the Middle East are GCC countries including the UAE, Saudi Arabia, and Kuwait.
Fedor Chunizhekov, Information Security Analyst at Positive Technologies, says: "According to our data, 83% of successful cyberattacks in the Middle East countries have a targeted nature. A majority of attacks in the Middle East rely on social engineering, malware, or exploitation of software vulnerabilities. In 2023, the most relevant cybersecurity threats to the Middle East countries are cyberattacks on government institutions and critical infrastructure, as well as attacks that employ phishing and social engineering techniques. Activities of hacktivists2 pose a threat as well: their actions can lead to leaks of confidential data, disrupt enterprise operations and even influence important decisions."
Fedor Chunizhekov says this growth in the number of cybercriminal groups and cyberattacks in the Middle East has necessitated increased organizational cybersecurity: according to a forecast by International Data Corporation (IDC), security spending will increase by 8% in 2023, with most (41%) of these funds to be allocated for software. The governments of several countries realize the gravity of these threats and are taking steps to regulate cyberspace. For example, Qatar and Bahrain adopted laws to protect personal data, while the United Arab Emirates established more stringent privacy and data protection standards. These measures are designed to ensure security and raise awareness about the importance of data protection.
Positive Technologies recommends that industrial companies and government institutions take the necessary measures to protect their IT systems, including implementing a comprehensive results-oriented cybersecurity approach aimed at establishing an automated security system that provides uninterrupted protection against non-tolerable events. This approach entails defining and verifying organization-specific non-tolerable events, keeping software up to date, raising employees' cybersecurity awareness, and ensuring constant cyberthreat monitoring and detection by introducing advanced information security tools such as the following:
- Web application firewalls
- SIEM (security information and event management) systems for monitoring and analysis of security events
- XDR (extended detection and response) solutions for timely response
- NTA (network traffic analysis) solutions for deep traffic analysis and detection of malicious activity
- Advanced sandboxes for static and dynamic analysis of threats, including APTs
- VM (vulnerability management) systems for automation of asset management and correctly prioritized detection and remediation of infrastructure vulnerabilities depending on their importance
Besides, organizations can use bug bounty platforms to build a continuous service security assessment process and optimize their security spending.
The study is available on the Positive Technologies website.
- The term "Middle East" in this report refers to the following countries: Bahrain, Egypt, Israel, Jordan, Iraq, Iran, Yemen, Qatar, Cyprus, Kuwait, Lebanon, the United Arab Emirates (UAE), Oman, the State of Palestine, Saudi Arabia, Syria.
- Hackers who use cyberattacks to draw attention to social or political causes.
