In Q4 2023, the number of successful cyberattacks in the Middle East doubled compared to the same period the previous year, and in Q1 2024, it tripled.
This is according to Positive Technologies, a leader in result-driven cybersecurity, which announced the findings of its latest study on cyber threats in the Middle East during its participation at Gitex 2024.
In this study, it noted a significant increase in hacktivist attacks amidst the escalation of geopolitical conflicts. Moreover, the Middle East was a frequent target of APT (advanced persistent threat) groups. As of Q2 2024, every second successful attack against organisations resulted in a data breach—the most frequent consequence of cyberattacks in the region during the studied period.
Hacktivist attacks
Irina Zinovkina, Head of Information Security Analytics Research at Positive Technologies, commented: "The surge in hacktivist attacks in the Middle East indicates a shift in modern conflict strategies, with cyberattacks becoming an inherent component. Our forecasts suggest that rising tensions in the region can lead to more DDoS attacks on media and government institutions. Additionally, if groups form alliances, they could execute large-scale cyberattacks with greater destructive potential."
APT groups in the region conducted complex and prolonged cyberattacks to steal data, gather information, or disrupt organisational operations. Nearly every cybercriminal group studied targeted government institutions at least once. Additionally, 69% of these groups focused on the energy sector, indicating their intent to disrupt critical infrastructure.
The public sector was the most targeted industry, making up 24% of all cyberattacks on organisations. Government institutions store and process vast amounts of confidential data, which can be a goldmine for cybercriminals. In the first half of 2024, 16% of dark web listings for information from government companies were related to Middle Eastern countries.
The manufacturing sector comes in second among the most targeted sectors (17%) and also faces cyberthreats involving wipers. Wipers erase data on compromised ICS devices, causing major disruptions to critical infrastructure. In attacks on Israeli companies, the BiBi wiper was used, rendering the data of targeted systems inaccessible or unusable. Overall, malware remained the most popular tool for attacking organisations in the region.
Cybercriminals also targeted institutions using social engineering tactics (54%), even leveraging AI technologies. With the advancement of generative AI systems, the amount of malicious content surged, and email phishing attacks skyrocketed by 222% in H2 2023 compared to H2 2022.
Data breaches
Experts at Positive Technologies found that the primary consequence of successful cyberattacks on organisations in the Middle East was data breaches. In Q3 2023, these accounted for 35%, and by H2 2024, they surged to 49%. The average damage from cyberattacks on organisations in the region is almost double the global average.
Given the heightened activity of cybercriminals in the region, experts recommend that companies adopt result-driven cybersecurity, a proactive approach to building cyber resilience. Result-driven cybersecurity helps build a comprehensive automated defense system against non-tolerable events—consequences of cyberattacks that could prevent an organisation from achieving its operational or strategic goals. The approach based on result-driven cybersecurity leverages cutting-edge security tools, including:
•SIEM systems (security information and event management) for continuous monitoring of cybersecurity events and rapid detection of cyberattacks
•Specialised solutions for traffic analysis and detection of suspicious activity in industrial control systems—essential for manufacturing companies
•EDR systems (endpoint detection and response), designed to protect your endpoints from sophisticated and targeted attacks
•Advanced sandboxes for detecting complex and unknown malware
•NTA products (network traffic analysis) for proactive cyberthreat hunting in your network
•VM systems (vulnerability management) for automated IT asset management, as well as rapid detection and elimination of current vulnerabilities
Moreover, result-driven cybersecurity involves continuous security assessment of infrastructure, including through bug bounty programmes and employee training initiatives