Number of successful cyberattacks in the Middle East tripled in Q1 2024, study shows

The number of successful cyberattacks in the Middle East tripled in Q1 2024 compared to the same period the previous year, a report showed on Wednesday.

According to a study by Positive Technologies, a leader in result-driven cybersecurity, as of Q2 2024, every second successful attack against organisations resulted in a data breach — the most frequent consequence of cyberattacks in the region during the studied period.

The report noted a significant increase in hacktivist attacks amidst the escalation of geopolitical conflicts. Moreover, the Middle East was a frequent target of APT groups.

Irina Zinovkina, head of information security analytics research at Positive Technologies, said: “The surge in hacktivist attacks in the Middle East indicates a shift in modern conflict strategies, with cyberattacks becoming an inherent component. Our forecasts suggest that rising tensions in the region can lead to more DDoS attacks on media and government institutions. Additionally, if groups form alliances, they could execute large-scale cyberattacks with greater destructive potential.”

APT groups in the region conducted complex and prolonged cyberattacks to steal data, gather information, or disrupt organizational operations. Nearly every cybercriminal group studied targeted government institutions at least once. Additionally, 69 per cent of these groups focused on the energy sector, indicating their intent to disrupt critical infrastructure.

The public sector was the most targeted industry, making up 24 per cent of all cyberattacks on organizations. Government institutions store and process vast amounts of confidential data, which can be a goldmine for cybercriminals. In the first half of 2024, 16 per cent of dark web listings for information from government companies were related to Middle Eastern countries.

The manufacturing sector comes in second among the most targeted sectors (17 per cent) and also faces cyberthreats involving wipers. Wipers erase data on compromised ICS devices, causing major disruptions to critical infrastructure. In attacks on Israeli companies, the BiBi wiper was used, rendering the data of targeted systems inaccessible or unusable. Overall, malware remained the most popular tool for attacking organizations in the region.

Cybercriminals also targeted institutions using social engineering tactics (54 per cent), even leveraging AI technologies. With the advancement of generative AI systems, the amount of malicious content surged, and email phishing attacks skyrocketed by 222 per cent in H2 2023 compared to H2 2022.

Experts found that the primary consequence of successful cyberattacks on organizations in the Middle East was data breaches. In Q3 2023, these accounted for 35 per cent, and by H2 2024, they surged to 49 per cent. The average damage from cyberattacks on organizations in the region is almost double the global average.

Given the heightened activity of cybercriminals in the region, experts recommend that companies adopt result-driven cybersecurity, a proactive approach to building cyber resilience. Result-driven cybersecurity helps build a comprehensive automated defense system against non-tolerable events—consequences of cyberattacks that could prevent an organization from achieving its operational or strategic goals.

According to Zinovkina, companies and government institutions in the UAE are facing diverse challenges that require comprehensive security measures and rapid response. “The government recognizes the importance of protecting critical infrastructure and data amidst growing cyberthreats, and is implementing legislative initiatives to bolster cybersecurity. For example, the UAE increased investments in cybersecurity as part of a new budget plan,” she added. Moreover, to enhance cybersecurity, local companies are investing heavily in cutting-edge technologies like AI and machine learning.

Combating attacks requires a special approach based on the concept of result-driven cybersecurity, Zinovkina said. “If this approach is successfully implemented, the infrastructure and processes are built in such a way that even if attackers penetrate the organization’s network, they cannot inflict non-tolerable damage. In other words, the primary goal becomes eliminating the possibility of non-tolerable events — incidents that prevent an organization from achieving its operational or strategic goals or lead to significant disruption of its core business due to a cyberattack,” she added.