Cyberattackers and hacktivists have been increasingly setting their sights on the United Arab Emirates, the Kingdom of Saudi Arabia, and other countries in the Gulf Cooperative Council (GCC) region. The motives behind this targeting have been identified as the region’s significance as a hub for commerce and trade, its affluent economies, and the geopolitical stances of the regional nations. This trend has been highlighted in a comprehensive report compiled by Moscow-based threat research firm Positive Technologies, which delved into 18 months of Dark Web data.
According to the report, the first half of the year witnessed a significant uptick in distributed denial-of-service (DDoS) attacks in the GCC region, showing a 70% increase compared to the previous year. Anastasiya Chursina, a threat analyst with Positive Technologies, pointed out that hacktivists utilize forums as platforms to galvanize like-minded hackers to action and showcase their achievements against specific targets. She also expressed concerns that the trend of escalating cyberattacks, especially by hacktivists, is likely to persist, leading to heightened risks and negative repercussions for companies operating in the region.
Saudi Arabia and the UAE emerged as the primary targets for cyberattacks in a recent analysis of two years’ worth of incidents. The UAE alone faces a staggering average of 50,000 cyberattacks daily, as disclosed by the country’s cybersecurity chief earlier this year. Furthermore, the country’s attack surface is rapidly expanding, indicating an increased vulnerability to malicious cyber activities.
Recent incidents have also shed light on the growing threat landscape in the region. In one instance, a pro-Palestinian hacktivist group mounted a sustained DoS campaign lasting over six days against a bank in the UAE. Similarly, Saudi Arabia was targeted by the suspected China-linked group Solar Spider, highlighting the diverse array of cyber adversaries operating in the region.
The rise in DDoS attacks, as opposed to web defacements or system breaches, suggests an influx of new threat actors taking advantage of this tool due to its accessibility to novice hackers. Chursina explained that DDoS attacks are favored by hacktivists as they require minimal technical expertise and resources, making them an attractive option for individuals seeking to amplify their causes through disruptive means.
Positive Technologies’ extensive data collection from Dark Web forums and Telegram channels revealed a predominant focus on trade, services, manufacturing, IT, and government agencies in the GCC region. Stolen data and unauthorized access were recurrent themes in these discussions, with a notable emphasis on buying and selling access credentials. The emergence of access giveaways, particularly targeting government agency employees, showcased a concerning trend in the region.
As cyberattacks and espionage continue to escalate, organizations in the UAE, Saudi Arabia, and the wider Middle East are urged to bolster their cybersecurity defenses. With a growing emphasis on digitization, AI development, and transitioning to knowledge-based economies, these nations face heightened cyber risks that necessitate proactive measures to safeguard critical infrastructure and sensitive data.
Positive Technologies emphasized the abundance of cyber threats tailored to the region on Dark Web forums, underscoring the need for heightened vigilance and robust cybersecurity measures. The prevalence of low-cost access offerings poses a significant threat, enabling attackers to exploit vulnerabilities and launch malicious campaigns with ease. Access giveaways represent a new facet of hacktivism, enabling less experienced hackers to participate in cyberattacks and raise awareness about social and political issues through illicit means.