In this day and age, the Middle East has witnessed a significant surge in cyberattacks, especially ones that pose a serious threat to organizations in the region.
According to Fedor Chunizhekov, Information Security Analyst at Positive Technologies, “The threat to the Middle East is very much real. Rapid advancement in technology and the growing independence on the internet means that attackers have novel and innovative ways to exploit vulnerabilities”. Positive Technologies has identified the ten worst cyberattacks that happened in the Middle East in the last 18 months –
- Adalat Ali
In early 2022, an Iranian group hacktivists that go by the name “Adalat Ali” successfully managed to interfere with Telewebion, a streaming service from the Islamic Republic of Iran (IRIB). They were able to broadcast their 50-second messages calling for protests. They urged Iranians to rise up in nationwide protests against the ruling Khamenei regime.
- Bezeq and Cellcom DDoS attack
According to Israeli defence sources, this attack was the largest cyberattack ever launched against Israel. In March of 2022, a state of emergency was declared due to a powerful and prolonged DDoS leading to the inaccessibility of web resources of Israeli government agencies by targeting telecommunications companies Bezeq and Cellcom. Some of the affected agencies were the Ministry of Health, Internal Affairs, the Prime Minister’s Office, as well as some major media outlets.
- Public address systems in Palestine
In June of 2022, the public address systems in Jerusalem and Eilat were compromised by unnamed attackers that Sunday. Residents heard the sounds of false air raid sirens for an hour while the attack took place.
- Iranian Steel Plants Attack
In June of 2022, there was a major attack on three Iranian steel plants by a hacktivist group that goes by the name Goneshke Darande, meaning “Predatory Sparrow”. They were able to disrupt processes, and collapse a ladle of liquid pig iron in one of the plants, resulting in a fire that stopped production.
- GamkenBot Scalper Bots
GamkenBot is an appointment scheduling bot developed by Israel to expedite the appointment scheduling with government agencies. However, the developers made the source code available to the public, which led to attackers making scalper bots that found and booked all available appointments. This was then monetized by selling appointments to citizens, resulting in the provision of services to the public being significantly hindered.
- Cellebrite Data Breach
An Israeli company that provides digital data collection, analysis and management services called Cellebrite was targeted by hackers. They were able to steal 1.7 TB of data from the company in a massive data breach. The data contained proprietary software for device diagnostics, backup, transfer, content recovery, licensing tools and accompanying documentation have been made public. It has not been revealed who carried out the attack or the techniques they used.
- Iranian News Agency Attack
Iran’s state-run news agency, Fars News, was subject to a cyberattack in November of 2022. The group of hacktivists known as the Black Reward Team managed to steal nearly 250 TB of confidential information, were able to deface the site and gain access to CCTV footage. Despite the event being widely covered in the Middle East and the footage going viral on Iranian social media, the news agency denies the attack.
- Vice Society attack on IKEA
Vice Society, a ransomware group, targeted IKEA in Morocco and Kuwait in November 2022. The IKEA outlets experienced a data breach and their data was posted on Vice Society’s website. The attack indicated that Vice Society had gained access to sensitive employee data through phishing emails. IKEA has stated that this was not an isolated attack, and emails continue to arrive at IKEA’s suppliers’ and partners’ emails.
- Pro-Palestine attacks on Israeli companies
In January of 2023, a hacktivist group called Electronic Quds Force launched a massive campaign targeting Israeli chemical production companies. The message sent to chemical company employees from the hacktivist group was to “Leave their employment. Look for a new one”. The hackers also posted screenshots with the interfaces of the automated control system on their Telegram channel, which confirmed the compromise of one of the chemical plants. A similar attack occurred in September of 2022 by another pro-Palestine hacktivist group by the name of GhostSec. They targeted Israeli organisations and platforms, and successfully breached 55 Berghof PLC devices to publish a message.
- Irrigation System Disruption
Farm irrigation systems in the Jordan Valley, and wastewater treatment control systems that are operated by the Galil Sewage Corporation were targeted by hackers. The attack appears to have been part of OpIsrael, an anti-Isreal hacktivist campaign. The attack was successful due to weak authentication and vulnerabilities in programmable logic controllers (PLC), which allowed for remote access.
In light of such attacks, Positive Technologies urge companies to adopt the latest technology and techniques to safeguard their people, data and networks against sophisticated cyberattacks.