UAE and Saudi Arabia Become Plum Cyberattack Targets. In recent years, the United Arab Emirates (UAE), Saudi Arabia, and other Gulf Cooperation Council (GCC) countries have become prime targets for cyberattacks.
The surge in both traditional cyberattacks and hacktivism-related attacks underscores the vulnerability of these nations, which are not only economic powerhouses but also play a key role in global geopolitics. The increase in cyber threats is evident, with Distributed Denial of Service (DDoS) attacks rising by 70% in the region, particularly impacting public sector organizations.
Why the UAE and Saudi Arabia are Targeted
The GCC region, led by the UAE and Saudi Arabia, is a hub for international trade and commerce. This economic prominence, combined with the digitization of many industries, makes these nations attractive to cybercriminals. Additionally, their geopolitical stances on various global issues have drawn attention from hacktivist groups looking to make a statement. These attackers aim to disrupt key systems, steal sensitive data, and raise awareness about political or social issues through cyber means.
A report by Positive Technologies, a Moscow-based threat research firm, analyzed 18 months of Dark Web activity and found that both nation-states and hacktivists increasingly focus on this region. The first half of 2024 saw a 70% rise in DDoS attacks in the GCC compared to the previous year. Hacktivist forums have become a meeting ground for like-minded individuals to organize and showcase their successes, particularly against high-profile targets in the UAE and Saudi Arabia.
A Surge in Hacktivism
Hacktivists use cyberattacks as a form of protest, with DDoS attacks being the most commonly employed tactic due to their simplicity and effectiveness. These attacks are designed to overwhelm a target’s network, rendering it unavailable to users, often for extended periods. In many cases, novice hackers can perform DDoS attacks with minimal resources or technical expertise, making them a preferred method for hacktivist groups.
Anastasiya Chursina, a threat analyst with Positive Technologies, noted that this trend is expected to continue. “We anticipate that hacktivist attacks will rise further, and with that, the overall volume of cyberattacks in the region will increase. This creates heightened risks for companies operating within the UAE, Saudi Arabia, and other GCC nations,” she said.
Hacktivists have also targeted financial institutions and critical infrastructure in the UAE. For example, in July 2024, the pro-Palestinian group BlackMeta launched a DoS (Denial of Service) campaign against a UAE-based bank. The attack lasted for over 100 hours across six days, disrupting banking services and causing significant operational difficulties. Meanwhile, Saudi Arabia has been targeted by the suspected China-linked group Solar Spider, which focuses on espionage and cyber infiltration of key national infrastructure.
Dark Web and the Sale of Stolen Data
Positive Technologies’ analysis of Dark Web data has revealed that cybercriminals are actively selling stolen data and access to compromised systems in the region. Over half (54%) of the Dark Web posts related to the GCC focused on selling stolen credentials, with a significant portion of the activity aimed at sectors such as trade, manufacturing, government services, and IT.
The report also uncovered that 12% of the posts included calls for hacktivism or celebrated successful attacks, with about 9% offering free credentials for cybercriminals to use in future attacks. This new trend of “access giveaways” first emerged in the second half of 2023 and has become a significant concern for companies in the region. In fact, 70% of these access giveaways involved credentials belonging to employees of government agencies, increasing the risk of data breaches in sensitive sectors.
As companies in the UAE and Saudi Arabia continue to digitize their operations, the increasing availability of stolen data on the Dark Web poses a critical threat to their cybersecurity.
New Cyber Threat Actors Emerge
The increasing frequency of DDoS attacks suggests that more cyber actors are entering the scene, particularly those with less technical expertise. These types of attacks are often the first step for novice hackers who wish to disrupt systems without engaging in more complex methods like system breaches or web defacements. While DDoS attacks require relatively little skill, they can cause significant disruption, especially in regions with growing digital infrastructures like the UAE and Saudi Arabia.
Hacktivist groups have used DDoS attacks to bring attention to political, social, and religious causes, according to Chursina. “For hacktivists, the primary goal is to make a statement. DDoS attacks are favored because they are simple to execute and can generate headlines without the need for extensive resources,” she said.
Cyber Espionage and Nation-State Attacks
Cyberattacks are not limited to hacktivist activity. Nation-states are also increasingly using the cyber domain as a battlefield for espionage, sabotage, and cyber-physical attacks. In the Middle East, cyber espionage has been on the rise, particularly from state-sponsored actors from nations like Iran, which has ramped up its cyber activities in the region.
In response, both the UAE and Saudi Arabia have been investing heavily in their cybersecurity infrastructure. Their governments have identified cybersecurity as a critical component of national security, especially as they seek to transition to knowledge-based economies driven by digitization and artificial intelligence (AI).
However, these advancements have also created new attack surfaces for cybercriminals. Cyber espionage, such as the compromise of naval information systems, has become an increasing concern. State-sponsored attacks from countries like Iran and Israel have targeted the region’s energy sector, financial services, and critical infrastructure.
Strengthening Cybersecurity in the GCC
With the growing number of cyber threats, GCC countries, particularly the UAE and Saudi Arabia, must strengthen their cybersecurity postures. Cybercriminals are becoming more sophisticated, leveraging Dark Web forums to sell stolen access, launch attacks, and even offer credentials for free to inspire other hackers to join their cause.
Organizations across the region need to invest in advanced cybersecurity measures, focusing on real-time monitoring, threat detection, and incident response strategies. The rise of AI and digitization in the UAE and Saudi Arabia has brought immense economic opportunities, but these advancements also require robust cybersecurity defenses to mitigate the risks of cyberattacks.
Moreover, as cyberattacks become a favored tool for political and economic disruption, the importance of public-private collaboration in cybersecurity cannot be overstated. Governments and private sector organizations must work together to share intelligence, develop stronger defenses, and address vulnerabilities before they can be exploited by cybercriminals.
Conclusion
The rising tide of cyberattacks in the UAE, Saudi Arabia, and the broader GCC region highlights the need for a proactive approach to cybersecurity. With the region’s growing reliance on digital infrastructures, the stakes have never been higher. Whether it’s hacktivism, espionage, or data theft, the region’s public and private sectors must brace for an increasingly volatile cyber landscape.