UAE: Top targets of cyber crime groups in Middle East revealed in new study

According to the report, two of the five most-attacked sectors, targeted by half of all groups, were telecommunications and the military-industrial complex

Read more...
by

Waheed Abbas

Published: Wed 27 Mar 2024, 5:09 PM

Last updated: Thu 28 Mar 2024, 12:21 AM

Government, manufacturing, energy and telecom industries in the UAE and the Middle East are more likely to be targeted by cyber attacks. These groups penetrate using carefully planned multi-stage attacks aimed at specific economic sectors, a new study has revealed.

Released by Positive Technologies on Wednesday, the study revealed that the military-industrial complex, finance, mass media, IT and science and education were the other sectors that were mostly targeted by the cybercrime group.

Advertising
Advertising

Among the countries, Saudi Arabia, UAE, Israel, Jordan, Egypt, Kuwait and Lebanon were mainly targeted by the group through phishing emails and exploited vulnerabilities in public-facing applications.

Yana Avezova, a senior analyst with the Positive Technologies research team, said an overwhelming majority of groups active in the Middle East attacked governments and industry at least once. “It is worth noting that government agencies were the most attractive targets for all malicious actors in 2022–2023. These accounted for 22 per cent of total attacks on organisations in the Middle East,” said Avezova.

According to the report, two of the five most-attacked sectors, targeted by half of all groups, were telecommunications and the military-industrial complex.

Compared with other regions of the world, the study said Middle Eastern media, too, have often found themselves a target of cyberattacks and historically have ranked high on the list.

“Complex, targeted attacks begin with reconnaissance. Attackers may conduct extensive network scanning to identify suitable targets. This gives them enough information for the initial stage of penetration. The information may include a list of applications installed on the target server and its versions containing known vulnerabilities. After reconnaissance comes the preparation of tools for the attacks. Cybercriminals may register fake domains and create email or social media accounts for spear phishing,” said Alexander Badaev, an information security threat researcher at Positive Technologies Expert Security Centre.

According to Badayev, after successfully gaining initial access, the attackers seek to establish a foothold in the infrastructure. To do this, 69 per cent of groups leveraged the task scheduler, an OS component that runs applications or scripts at a predefined time or in response to a certain event, as in the case of a campaign that targeted the UAE government, where a group named OilRig created a MicrosoftEdgeUpdateService scheduled task that ran every five minutes, launching malware. Most attackers – 56 per cent – configured malware to auto-run. A third of groups – 31 per cent – gained a foothold in victim companies' systems by setting up malware to run on a certain event, said the report.

ALSO READ:

Waheed Abbas

Published: Wed 27 Mar 2024, 5:09 PM

Last updated: Thu 28 Mar 2024, 12:21 AM

Recommended for you