Notes from the Field • 10 MIN READ
Rising Cyber Threats in the Middle East – A Virtual Battleground
In this article, we focus on the middle eastern nations, their current cybersecurity challenges and what they are doing to help combat it.
Disputes for Regional Power
As one example, the conflict between Israel and Gaza has intensified to new heights over the past few weeks, gaining global attention. This escalation of tensions has brought about a new battle line, one that only in recent years has become a pillar to modern day warfare. Read more about this, here.
But disputes between some of the major regional powers, poses a never-ending and continuously evolving atmosphere. This geopolitical and religious rivalry, along with the nuclear ambitions of Iran has only intensified an already unfriendly relationship.
Additionally, the Israeli-Palestinian struggle is one deeply rooted in the region, with centuries of periodic escalations. Drastic military operations and failed peace negotiations have only further shaped the landscape. Not to mention the conflicts in Libya, Syria, Iraq, and Yemen continuing to aggravate the hostility.
In recent decades, tensions have once again risen across the sub-continent which, combined with the new digital era, gives political adversaries new angles and increased reasons to exploit vulnerabilities online, transforming the virtual landscape into a new frontline.
The Digital Frontier for the Middle East
By 2030, the CTI (Cyber Threat Intelligence) market in the Middle East is set to reach upwards of $31 Billion (Frost & Sullivan). This shows a clear need and intention to combat the drastic increase in targeted cyber-attacks across the region. The oil and gas industries in the region have emerged as prominent targets for many Advanced Persistent Threats (APTs) and other malicious groups around the globe, being pushed into the spotlight as prime targets thanks to their booming economies and increased digitization.
As outlined in IBM’s 2023 study, cybersecurity incidents in the Middle East have soared to a record average of $8.07 Million per data breach, up from 2022 which was $7.46 Million and not to mention a notable increase compared to the global average of $4.45 Million per incident. This puts the Middle East in second place to the USA for regions with the highest average cost per data breach (IBM Cost of a Data Breach Report 2023).
Targeted Industries for Maximum Impact
Globally the Middle East is one of the most naturally abundant oil and gas regions, which in turn means critical infrastructure will always be targeted. Not to mention the regions geopolitical tensions which have always given way to skilled and motivated APT groups to carry out well planned and highly sophisticated attacks.
Iran’s Cyber Games and APTs
Iran funds a large variety of state sponsored groups to harass institutions belonging to non-allied nations, mainly the UAE, KSA and Israel.
Different from your average hacktivist or ransomware attacker where monetary gain is priority, these groups aim to not only gain insider intelligence, but destroy and disrupt critical infrastructure required to successfully run a nation.
Through pattern identification (similar code, targeted sectors, TTP’s and more) these groups have been organized into groups with designated names and aliases. The most prominent groups associated with Iran are as follows:
- APT 33 (Refined Kitten)
- APT 34 (OilRig)
- APT 35 (Charming Kitten)
- APT39 (Remix Kitten)
- Fox Kitten
- Static Kitten
While not as sophisticated as most of the groups coming out of China or Russia, Iranian APT’s have slowly been raising their standards. Their combination of custom-built software that is unfamiliar to the masses and strong social engineering techniques means that many fall victim.
But why? Well, there are a number of reasons. The first is that they aim to maintain surveillance over the region’s political movement, with its everchanging domestic and international allegiances. The second, is to preserve their strong hold on the region, which previously was conducted through paramilitary groups, but can now be done through cyber warfare. The third is to obtain foreign technologies and intelligence for various state, scientific, military, and economic benefits through cyber espionage efforts, (SCADAfence).
Many of the Middle Eastern nations have recognized the need for cybersecurity with the Middle East expected to see a compound annual growth rate of 20% (Frost & Sullivan) over the next few years.
Israel has always prioritized security no matter the industry. Their location in the Arabian peninsula, surrounded by countries which historically have not been favourable to their cause, drastically increased their need to ensure total control over their lands and those around them. This has inevitably turned the small nation on the Mediterranean coast into a well secured fortress. With the online revolution taking place worldwide, Israel noticed the need to protect its new vanguard.
Impact of Cyber Security Education
With its current international relations continuously teetering on the edge, Israel needed to invest not only into infrastructure but also human capital. Offering the first ever high school cybersecurity course and cybersecurity PHD, thus providing nationals the academic option and education early on.
After a recent cyber-attack in June of 2023, the UAE Cyber Council announced a joint collaboration with the Israeli National Cyber Directorate and Microsoft Israel to become a member of their ‘Crystal Ball’ platform, the backbone of many other nations cyber defence programs. The interstate Counter Ransomware Initiative (CRI) program developed by the US is a 40-nation strong alliance to collaboratively share information and further defend against cybercrime. These recent formal ties with Israel have put many Middle Eastern nations in the sights of Iranian APT groups, who see the association as more than just a cyber defence collaboration.
General updates within nations like the UAE, Bahrain, and Qatar where Data Protection Laws were improved to hold stricter security on user data. Along with that, the UAE Central Bank recently implemented a Networking and Cyber Security Operations Centre to manage increasing vulnerabilities and security threats (CBUAE). As well as the Saudi Central Bank which issued a cybersecurity framework to help guide risk management, protection, compliance and more for financial institutions (SAMA).
What Can be Done?
Organizations are confronted by growing threats posed by APT groups and other cyber criminals, leveraging sophisticated strategies to exploit vulnerabilities and breach digital assets. In order to protect company digital information, corporations must implement a double pronged approach to cyber security. Including an internal team as well as guidance from experienced external professionals. A Managed Security Services (MSSP) like SecurityHQ is well versed in this scenario, with expertise in cutting-edge technology, and robust infrastructure to accommodate a variety of customer needs. Helping to reduce costs and complexity of employing large internal security management teams. Having access to a multitude of clients allows MSSP’s to better visualize the threat landscape, predict the next attack, counteract it, and develop technologies/techniques to minimize risk in the future.
With the growing need for cyber defence in the region, SecurityHQ’s elite team at our Dubai SOC can be your eyes and ears, 24/7, to detect threats, to manage and respond to them, and put in place actions to prevent future vulnerabilities.
To speak with a cyber expert today, contact us here.