Positive Technologies: most attacks on individuals in the Middle East involve spyware

Positive Technologies analyzed attacks on individuals in Middle Eastern countries between 2022 and 20231. Malware was used in 70% of successful attacks. More than half of these attacks involved spyware. The vast majority of attacks used social engineering techniques. In 20% of phishing campaigns, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously.

According to our data, cybercriminals employed malware in 7 out of 10 successful attacks on individuals in the Middle East region. More often than not, the attackers infected users' devices with spyware (three out of five malware attacks). This type of malware collects information from the infected device and then passes it on to the attacker. Depending on the task, spyware can steal personal and financial data, user credentials, as well as files from the device's memory.

Positive Technologies Information Security Research Analyst Roman Reznikov comments: "By using spyware, attackers can compromise not only personal and payment information and personal accounts, but also corporate credentials, network connection information, and other sensitive data. The stolen data is then offered for sale on the dark web forums. As a result, a skilled attacker can gain access to an organization and carry out a successful attack, leading to non-tolerable consequences: disruption of technological and business processes, theft of funds, leakage of confidential information, attacks on customers and partners."

In the vast majority (96%) of successful attacks on individuals in the Middle East countries, social engineering techniques were employed. Most often, these were mass attacks in which the criminals aimed to reach the maximum number of victims. To achieve this, they actively leveraged current news about significant global and regional events, including the 2022 FIFA World Cup Qatar.

In every fifth (20%) phishing campaign, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously. Criminals led the victims through a series of steps until the device was infected and data stolen. For instance, users could be lured through social media accounts that contained links to a messenger channel from which the victim would install a malicious application.

One of the reasons for the success of social engineering is the numerous data leaks from various organizations. According to our research on the cybersecurity threatscape in the Middle East, 63% of successful attacks on individuals in the region resulted in leaks of confidential information. The majority of stolen information consisted of personal data (30%) and account credentials (30%). Cybercriminals were also interested in payment card data (10%) and user correspondence (8%).

On the dark web, malicious actors sell information about users and also provide stolen data archives for free. Criminals use the compromised information in subsequent attacks on users. For example, a successful attack on a bank could result in fraudulent actions against its customers.

Cybersecurity experts recommend that users follow cyberhygiene rules. Companies also need to ensure the security of employee and customer data. Data breaches cause reputational and financial damage and put at risk users whose information has been compromised. To maintain cyberresilience, it's essential to regularly assess the effectiveness of security measures and pay special attention to verification of non-tolerable events2.

  1. This report contains information about recent information security threats impacting individuals in the Middle East region, based on Positive Technologies' own expertise, as well as data from reputable sources. Our study focuses solely on successful cyberattacks or incidents negatively affecting individuals. This report covers incidents in the following countries: Bahrain, Egypt, Israel, Jordan, Iraq, Iran, Yemen, Qatar, Cyprus, Kuwait, Lebanon, United Arab Emirates (UAE), Oman, the State of Palestine, Saudi Arabia, and Syria.
  2. non-tolerable event is an event, caused by a cyberattack, that prevents the organization from achieving its operational or strategic goals or leads to long-term disruption of its core business.