Hacktivism-related DDoS attacks in the region have surged by 70%, primarily targeting the public sector, with stolen data and access offers being prevalent on the Dark Web.
Cyberattackers and hacktivists are increasingly focusing on the United Arab Emirates, the Kingdom of Saudi Arabia, and other Gulf Cooperative Council (GCC) nations. The region is likely a prime target due to its role as a commercial and trade hub with wealthy economies, as well as its stance on certain geopolitical matters.
This insight comes from 18 months of Dark Web data collected by Moscow-based threat research firm Positive Technologies. According to the report, the first half of the year saw a 70% increase in distributed denial-of-service (DDoS) attacks in the region compared to the same period last year.
Hacktivists frequently use forums to rally like-minded hackers and showcase their successful attacks against specific targets, according to Anastasiya Chursina, a threat analyst at Positive Technologies.
“We expect this trend to continue, with an increasing number of attacks carried out by hacktivists,” she notes. “At the same time, other types of attacks will also rise, leading to heightened risks and negative consequences for companies in the region.”
Both Saudi Arabia and the UAE were the most targeted nations in a March analysis of two years’ worth of attacks in the region. The UAE alone faces an average of 50,000 cyberattacks daily, according to the head of cybersecurity for the UAE government, who also highlighted the nation’s rapidly expanding attack surface.
The number of publicly disclosed attacks is also on the rise. In July, the pro-Palestinian hacktivist group BlackMeta launched a denial-of-service (DoS) attack on a bank in the United Arab Emirates, which lasted over 100 hours across six days. Additionally, in April, Saudi Arabia was targeted by Solar Spider, a group believed to have ties to China.
More Cyber Threat Actors Coming Online?
The rise in DoS attacks, as opposed to website defacements or system breaches, may suggest the involvement of new threat actors. According to Positive Technologies’ Chursina, attackers tend to choose tactics based on their skills, and DDoS attacks are often favored by novice hackers due to their simplicity.
“The primary goal of hacktivists is to attract public attention to political, social, or religious issues,” Chursina explains. “DDoS attacks are the most popular because they require minimal expertise and resources, making them accessible even to beginner hackers.”
Positive Technologies’ extensive dataset, including 277 million items from 380 Telegram channels and Dark Web forums, was used to compile its GCC report. The report focused on six key nations in the region: the UAE, Saudi Arabia, Bahrain, Oman, Qatar, and Kuwait.
Stolen data and illicit access made up more than half (54%) of the posts, with the majority involving users buying or selling access. These posts primarily targeted five sectors: trade, services, manufacturing, IT, and government agencies.
Around 12% of the posts featured calls to action for hacktivism or showcased evidence of successful hacktivist attacks, while about 9% of hacktivist posts offered free credentials for use in attacks.
“Access giveaways are a new trend in the region that first emerged in the second half of 2023,” the report noted, adding that 70% of these giveaways involved government agency employee credentials.
Cyber Domain Favored for Attacks, Espionage
Cyberattacks have emerged as the favored battleground for both nation-states and dissident groups in the region. The stakes are rising quickly, with Iran accelerating its cyber espionage efforts, Israel carrying out cyber-physical attacks by compromising supply chains, and naval information systems in the region being breached.
As the UAE and Saudi Arabia increasingly invest in digitization, AI development, and transitioning to knowledge-based economies, organizations in these nations—and across the Middle East—must prioritize enhancing their cybersecurity defenses, according to Positive Technologies.
“Dark Web forums are filled with offers and services specifically geared toward this region,” the company’s report highlighted. “The large volume of posts related to the sale of access, often at low prices, enables attackers to quickly gain initial access to a company and launch attacks without spending time searching for new vulnerabilities in the infrastructure. A new trend among hacktivists is access giveaways, which allow inexperienced hackers to carry out attacks and draw attention to social and political issues.”
