As the final month of the Islamic calendar, Dhu al-Hijjah, commenced on June 7, the countdown for millions of Muslims to the annual Hajj pilgrimage began, signaling a time of increased cyber threats and vulnerability for businesses and government agencies due to reduced vigilance and staffing levels.
Cybercriminals and cyber-espionage actors view the Hajj season as an opportune moment to exploit pilgrims and organizations. Experts warn that while pilgrims may be the primary target, a range of businesses, including banks and e-commerce sites, are also at risk of data theft and denial-of-service attacks. Recently, cyberthreat actors claimed a data leak on an underground forum containing personal information of 168 million users from “The Hajj and Pilgrimage Organization in Iran,” as reported by cybersecurity firm Kaspersky on June 3.
Amin Hasbini, the head of global research and analysis team for the Middle East, Turkey, and Africa region at Kaspersky, emphasized the dual threat posed during the Hajj season. He highlighted the need for companies to exercise additional caution during holiday periods like Hajj, ensuring operational continuity and security amid reduced workforce levels. The absence of key employees can create vulnerabilities that threat actors may exploit, underscoring the importance of having the right resources, policies, and plans in place.
The Hajj pilgrimage typically spans four to six days, starting on the eighth day of the Islamic month and attracting about 2 billion Muslims globally. While cyber threats in countries like Saudi Arabia decline by as much as 30% during the week of Hajj, they quickly bounce back post-pilgrimage. In 2022, cyberattacks doubled to over 2 million during the Dhu al-Hijjah month following the reopening of the annual pilgrimage post-COVID-19 restrictions, illustrating the heightened cyber risk associated with the event.
Shilpi Handa, the associate research director for security at IDC’s Middle East, Turkey, and Africa group, noted a recurring trend of increased cybersecurity incidents reported across the region post-Hajj each year, indicating a persistent cyber threat landscape during this period.
The cyber threats linked to the Hajj pilgrimage often begin early in the year, with cybercriminals targeting Muslim adherents planning to travel to Saudi Arabia through various scams. Fake travel agencies, social media scams, and attacker-controlled online registration sites are common tactics used to deceive unsuspecting victims. To combat fraud, Saudi Arabia’s Ministry of Hajj and Umrah launched the Nusuk platform, connecting pilgrims with legitimate operators and reducing instances of fraud significantly.
Advanced threat actors have leveraged messages and notifications related to the Hajj to trick employees into opening malicious links and attachments in emails. For instance, an India-linked threat group known as Sidewinder and Rattlesnake used Hajj-related emails to target users in Asia and Africa from January to May 2024. Companies face a challenge as employees often expose themselves to cyber threats by using business emails on personal websites and social media platforms.
In response to the escalating cyber risks, Resecurity detected and blocked over 630 social media accounts disseminating scams targeting individuals preparing for the Hajj season. The company’s proactive approach aims to safeguard consumers against fraudulent activities during this period.
Saudi Arabia has proactively addressed the cybersecurity threats associated with the Hajj season by conducting comprehensive cyber exercises involving more than 200 agencies and 600 officials and specialists. Such drills ensure preparedness to handle potential cyber incidents and enhance national cybersecurity resilience, setting a positive example for other organizations to emulate.
Kaspersky’s Hasbini emphasized the importance of advance preparation and vigilant response strategies for businesses during the Hajj season. While security incidents may decrease briefly around the pilgrimage period, the reduced staffing levels can lead to slower response times and increased vulnerabilities. Clear delegation of duties, establishing communication protocols, and adherence to cybersecurity best practices are vital to mitigate risks effectively.
As organizations navigate the heightened cyber threats during the Hajj season, maintaining robust cybersecurity measures, employee awareness, and proactive incident response capabilities are essential to safeguard against malicious activities and ensure operational continuity during this vulnerable period.