Cyberattackers and hacktivists are increasingly targeting the United Arab Emirates, the Kingdom of Saudi Arabia, and other nations in the Gulf Cooperative Council (GCC) region. The region is likely a favored target because it’s a hub for commerce and trade, full of rich economies; and because of regional nations’ stance on certain geopolitical issues.
That’s according to 18 months of Dark Web data compiled by Moscow-based threat research firm Positive Technologies. The report stated that the first half of the year, the number of distributed denial-of-service (DDoS) attacks in the region rose 70%, compared with the same period in the previous year.
Hacktivists use forums as both a way to call like-minded hackers to action and to publish evidence of their success against specific targets, says Anastasiya Chursina, a threat analyst with Positive Technologies.
“We believe that this trend may continue and the number of attacks carried out by hacktivists will go up,” she says. “At the same time, the level of other attacks will increase, which will entail an increase in the number of risks and negative consequences for companies in the region.”
Both Saudi Arabia and the UAE topped the chart of targeted nations in a March analysis of two years of attacks in the region. The UAE alone faces an average of 50,000 cyberattacks every day, the head of cybersecurity for the UAE government said earlier this year, while the country also has a rapidly growing attack surface.
More attacks are also being publicly disclosed: In July, pro-Palestinian hacktivist group BlackMeta targeted a bank in the United Arab Emirates with a DoS campaign that lasted more than 100 hours over six days. And in April, Saudi Arabia was added to the list of organizations targeted by the suspected China-linked group Solar Spider.
More Cyber Threat Actors Coming Online?
The increase of DoS attacks — rather than Web defacements or system breaches — may indicate an influx of new threat actors. The attackers’ tactics of choice depend upon their skills and knowledge, and DDoS attacks can be accomplished by novice hackers, says Positive Technologies’ Chursina.
“The main goal of hacktivists is to draw public attention to certain political, social, and religious issues,” she says. “DDoS attacks are the most popular, as they do not require high professional knowledge and resources, and they can be performed by any novice hacker.”
Positive Technologies’ trove of forum posts and text messages totals 277 million items from 380 Telegram channels and Dark Web forums. For its GCC report, the company focused on six major nations in the region: the UAE, Saudi Arabia, Bahrain, Oman, Qatar, and Kuwait.
Stolen data and illicit access accounted for the topic of more than half (54%) of the posts, with the vast majority of of users selling or buying access. These posts focused on five sectors: trade, services, manufacturing, IT, and government agencies.
About 12% of the posts included a call to action for hacktivism or evidence of a successful hacktivist attack, according to the report. About 9% of hacktivist posts also advertised free credentials for use in attacks.
“Access giveaways represent a new trend for the region that first appeared in H2 2023,” the report stated. “Most access giveaways (70%) contained the credentials of government agency employees.”
Cyber Domain Favored for Attacks, Espionage
Cyberattacks have become the preferred battlefield for many groups — both nation-state and dissent organizations — in the region. The stakes are rapidly escalating as well, from Iran’s increasing pace of cyber espionage to Israel’s cyber-physical attacks using compromised supply chains to the compromise of naval information systems in the region.
With the UAE and Saudi Arabia increasingly invested in digitization, AI development, and shifting to a knowledge-based economy, organizations in the two nations — and the Middle East at large — need to focus on strengthening their cybersecurity posture, Positive Technologies says.
“Dark Web forums are full of offers and services tailored to this region,” the company’s report stated. “The abundance of posts related to the sale of access, often low-cost, makes it easier for attackers to gain initial access to a company and carry out an attack without wasting time looking for new entry points into the infrastructure. Access giveaways are a new trend on the part of haсktivists allowing low-grade hackers to carry out attacks and raise public awareness about social and political issues.”