Cyberthreats in the Middle East H1 2024

The Kaspersky Digital Footprint Intelligence team conducted an in-depth analysis of cybersecurity threats emanating from dark web activities that specifically targeted businesses and governments in the Middle East during the first half of 2024. The research identifies critical threats and their potential repercussions while also proposing defensive strategies to mitigate these risks.

The report addresses threats faced by several countries and territories within the region, including Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Oman, Palestine, Qatar, Saudi Arabia, Syria, and the United Arab Emirates. It outlines five predominant cybersecurity threats that have marked this period, each stemming from distinct cybercriminal activities.

Firstly, the rise of ideological pirates, or hacktivists, is noted to have surged dramatically, driven by ongoing geopolitical tensions. Their activities are increasingly destructive, showcasing a worrying trend in the use of cyber tactics for ideological purposes.

Secondly, the initial access broker market, referred to as the “shadow jewelry fair,” presents a grave threat. These brokers specialize in acquiring and selling access to corporate networks, making them attractive targets for hackers and broader cybercrime factions, which can lead to large-scale breaches.

The report further discusses the prevalence of ransomware gangs, termed “deadly sandworms.” In this context, at least 19 ransomware gangs were reported to have operated within the Middle East in early 2024, executing various attacks that typically resulted in significant fallout for the affected entities.

Another critical issue pertains to malicious whistleblowers or information stealers, who play a pivotal role in feeding adversaries timely data for subsequent attacks. Astonishingly, nearly 10 million lines of stolen credentials from Middle Eastern organizations surfaced on the dark web during this period, including 4.4 million lines specifically from key government entities. This underscores the vulnerability of sensitive information systems in the region.

Lastly, the report highlights the activities of “cave raiders,” a term used to describe individuals who extract sensitive data from diverse targets and share it with criminal networks. Alarmingly, around 25% of all data breaches impacted various government organizations, emphasizing the ongoing risks to government cybersecurity.

To effectively combat these threats, it is crucial for organizations and governments to remain vigilant against the potential risks posed by the dark web. This awareness can serve as a proactive measure in thwarting possible attacks or fraudulent activities that could jeopardize network integrity and operational functionality.

The insights provided in the report are particularly beneficial for C-level managers, corporate security personnel, risk management experts, cyber threat intelligence analysts, incident response teams, and researchers focused on open-source intelligence and darknet activities. Such stakeholders can utilize this information to inform their security strategies and operational protocols.

For those looking to dive deeper into the findings and recommendations, access to the full report is available by filling out a form, allowing interested parties to engage further with the data and analyses presented.