Positive Technologies, a leader in result-driven cybersecurity, analyzed current cyberthreats in the Middle East1 and noted a significant increase in hacktivist2 attacks amidst the escalation of the conflict between Israel and Palestine. Moreover, the Middle East was a frequent target of APT groups. As of Q2 2024, every second successful attack against organizations resulted in a data breach—the most frequent consequence of cyberattacks in the region during the studied period.
Experts note that in Q4 2023, the number of successful cyberattacks in the Middle East doubled compared to the same period the previous year, and in Q1 2024, it tripled.
Irina Zinovkina, Head of Information Security Analytics Research at Positive Technologies, commented: “The surge in hacktivist attacks in the Middle East indicates a shift in modern conflict strategies, with cyberattacks becoming an inherent component. Our forecasts suggest that rising tensions in the region can lead to more DDoS attacks on media and government institutions. Additionally, if groups form alliances, they could execute large-scale cyberattacks with greater destructive potential.”
APT groups in the region conducted complex and prolonged cyberattacks to steal data, gather information, or disrupt organizational operations. Nearly every cybercriminal group studied targeted government institutions at least once. Additionally, 69% of these groups focused on the energy sector, indicating their intent to disrupt critical infrastructure.
The public sector was the most targeted industry, making up 24% of all cyberattacks on organizations. Government institutions store and process vast amounts of confidential data, which can be a goldmine for cybercriminals. In the first half of 2024, 16% of dark web listings for information from government companies were related to Middle Eastern countries.
The manufacturing sector comes in second among the most targeted sectors (17%) and also faces cyberthreats involving wipers. Wipers erase data on compromised ICS devices, causing major disruptions to critical infrastructure. In attacks on Israeli companies, the BiBi wiper was used, rendering the data of targeted systems inaccessible or unusable. Overall, malware remained the most popular tool for attacking organizations in the region.
Cybercriminals also targeted institutions using social engineering tactics (54%), even leveraging AI technologies. With the advancement of generative AI systems, the amount of malicious content surged, and email phishing attacks skyrocketed by 222% in H2 2023 compared to H2 2022.
Experts at Positive Technologies found that the primary consequence of successful cyberattacks on organizations in the Middle East was data breaches. In Q3 2023, these accounted for 35%, and by H2 2024, they surged to 49%. The average damage from cyberattacks on organizations in the region is almost double the global average.
Given the heightened activity of cybercriminals in the region, experts recommend that companies adopt result-driven cybersecurity, a proactive approach to building cyber resilience. Result-driven cybersecurity helps build a comprehensive automated defense system against non-tolerable events—consequences of cyberattacks that could prevent an organization from achieving its operational or strategic goals. The approach based on result-driven cybersecurity leverages cutting-edge security tools, including:
- SIEM systems (security information and event management) for continuous monitoring of cybersecurity events and rapid detection of cyberattacks
- Specialized solutions for traffic analysis and detection of suspicious activity in industrial control systems—essential for manufacturing companies
- EDR systems (endpoint detection and response), designed to protect your endpoints from sophisticated and targeted attacks
- Advanced sandboxes for detecting complex and unknown malware
- NTA products (network traffic analysis) for proactive cyberthreat hunting in your network
- VM systems (vulnerability management) for automated IT asset management, as well as rapid detection and elimination of current vulnerabilities
Moreover, result-driven cybersecurity involves continuous security assessment of infrastructure, including through bug bounty programs and employee training initiatives.
- The term “Middle East” in this report refers to the following countries: Bahrain, Cyprus, Egypt, Iran, Iraq, Israel, Jordan, Kuwait, Lebanon, Oman, Palestine, Qatar, Saudi Arabia, Syria, the United Arab Emirates (UAE), and Yemen. The study spans from Q3 2023 to Q2 2024.
- Hacktivists are criminals who carry out cyberattacks to draw attention to social or political causes.