24 Jul Positive Technologies Cyber-Threat Landscape-Report
83% of successful cyberattacks in the Middle East had a targeted nature, according to a new report by Positive Technologies.
According to Positive Technologies’ cybersecurity threatscape report, Middle Eastern government entities are especially appealing targets to cybercriminals: 22% of total attacks on organizations targeted government agencies, and 56% of these were perpetrated by APT groups. Armed with various malware and exploits, malicious actors penetrate the victims’ networks and linger to conduct cyber espionage.
Industrial companies feel the pressure of cyberattacks, with 16% of companies being threatened, as they possess valuable information, represent components of critical infrastructure, and make a significant contribution to the regional economy.
Malware is critical in cyberattacks on institutions, with it taking many forms as a means of damaging industrial companies at all levels of cyber-capability. Malware was utilized in 58% of attacks on organizations and 70% of attacks on individuals. RATs, which enable attackers to assume control over a compromised device, are the most widely used type of malware. Additionally, spyware, often masquerading as legitimate applications, is extensively used against individuals.
Attacks in the Middle East are notable for the use of wipers, which delete files on compromised devices. Wipers are extremely dangerous when penetrating industrial control systems (ICS), as this can disrupt production processes and lead to accidents.
Experts are particularly concerned about the increasing activity of ransomware groups, which have turned into one of the biggest threats. In Q1 2023, the number of ransomware incidents in the world increased by 77% year-on-year. The most prominent victims of ransomware in the Middle East are GCC countries including the UAE, Saudi Arabia, and Kuwait.
“According to our data, 83% of successful cyberattacks in the Middle East countries have a targeted nature. A majority of attacks in the Middle East rely on social engineering, malware, or exploitation of software vulnerabilities. In 2023, the most relevant cybersecurity threats to the Middle East countries are cyberattacks on government institutions and critical infrastructure, as well as attacks that employ phishing and social engineering techniques,” commented Fedor Chunizhekov on the report.