Positive Technologies, a result-driven cybersecurity company, unveiled alarming findings regarding cyber threats in the Middle East during its participation at GITEX 2024. The study highlights a significant rise in hacktivist attacks amid escalating geopolitical conflicts, with the region increasingly targeted by Advanced Persistent Threat (APT) groups. As of Q2 2024, data breaches emerged as the most frequent consequence of cyberattacks, with every second successful attack against organizations resulting in compromised data.
Experts indicate that the number of successful cyberattacks in the Middle East doubled in Q4 2023 compared to the same period the previous year, with a tripling of attacks in Q1 2024.
Irina Zinovkina, Head of Information Security Analytics Research at Positive Technologies, stated, “The surge in hacktivist attacks in the Middle East indicates a shift in modern conflict strategies, with cyberattacks becoming an inherent component. Our forecasts suggest that rising tensions in the region can lead to more DDoS attacks on media and government institutions. Additionally, if groups form alliances, they could execute large-scale cyberattacks with greater destructive potential.”
The study reveals that APT groups in the region have been executing complex and prolonged cyberattacks aimed at stealing data, gathering intelligence, or disrupting organizational operations. Nearly all cybercriminal groups analyzed targeted government institutions at least once, with 69% focusing on the energy sector, signaling a clear intent to disrupt critical infrastructure.
The public sector was identified as the most targeted industry, accounting for 24% of all cyberattacks. Government institutions, which handle vast amounts of confidential data, have become prime targets for cybercriminals. In the first half of 2024, 16% of dark web listings for information from government entities were linked to Middle Eastern countries.
The manufacturing sector followed closely as the second most targeted area, comprising 17% of attacks. Notably, this sector faced threats from wipers—malware designed to erase data on compromised industrial control systems (ICS), leading to significant disruptions. The BiBi wiper was particularly notorious in attacks on Israeli companies, rendering targeted systems’ data inaccessible.
Malware continued to be the primary tool for cyberattacks in the region, while cybercriminals also employed social engineering tactics, accounting for 54% of attacks. The rise of generative AI technologies has fueled a surge in malicious content, with email phishing attacks soaring by 222% in H2 2023 compared to H2 2022.
Positive Technologies reported that the primary consequence of successful cyberattacks in the Middle East is data breaches, which represented 35% of incidents in Q3 2023 and increased to 49% by H2 2024. The average damage from these cyberattacks is nearly double the global average.
In light of the escalating cyber threats, experts recommend that organizations adopt result-driven cybersecurity, a proactive strategy focused on building cyber resilience. This approach aims to establish a comprehensive automated defense system against non-tolerable events—consequences of cyberattacks that could hinder operational or strategic goals.
Key components of result-driven cybersecurity include:
– SIEM Systems: For continuous monitoring of cybersecurity events and rapid attack detection.
– Traffic Analysis Solutions: To identify suspicious activities in industrial control systems, crucial for manufacturing companies.
– EDR Systems: Protecting endpoints from sophisticated attacks.
– Advanced Sandboxes: Detecting complex and unknown malware.
– NTA Products: Proactively hunting cyberthreats within networks.
– VM Systems: Automating IT asset management and swiftly addressing vulnerabilities.
Additionally, result-driven cybersecurity emphasizes ongoing security assessments, including bug bounty programs and employee training initiatives, to enhance organizational defense against the evolving landscape of cyber threats.