Businesses, governmental and non-governmental organisations in the region, especially in Saudi Arabia and the United Arab Emirates, have been the targets of sophisticated cyberattacks that aimed to steal sensitive data. Last week, Aramco confirmed that some company files were leaked after hackers reportedly demanded a $50 million ransom from the world’s most valuable oil producer.
According to a Ponemon Institute and IBM Security study, data breaches in the MENA region are known to be particularly costly affairs, with average damage of $6.53 million, more than twice the global average of $3.86 million.
Between April and June of 2020, the region experienced 2.57 million phishing attacks against individuals. The increase in phishing attacks is of particular concern, as these attacks are often precursors of worse incidents, including ransomware attacks.
Sophos reports that 28 per cent of organisations in the Middle East that were hit by ransomware paid the ransom last year. According to a report by the Dubai Future Foundation, phishing attacks in the MENA region rose by 600 per cent in the first quarter of 2020.
Here’s an overview of the major data breaches and cyberattacks in the region in the last few years:
Aramco facing $50 million cyber extortion over leaked data (July 2021)
Saudi Aramco’s data was leaked by one of its contractors. The files are now reportedly being used in an attempt to extort $50 million from the company.
In 2012, the oil giant was hit by the Shamoon computer virus, which erased hard drives and was forced to shut down its network and destroy over 30,000 computers after the attack.
SolarWinds opened the door for cybercriminals (December 2020)
A compromised update to SolarWinds’ Orion network monitoring software led to a breach of government systems by a group of cyber attackers believed to be Russia’s “Cozy Bear”. Apart from US and European government systems, the attack affected systems in the UAE and Israel.
As hackers use third-party software as gateways to breach critical systems and infrastructure, supply chain attacks like the SolarWinds incident can be particularly challenging to flag and track.
Tech conferences targeted by Phosphorus (October 2020)
Two major conferences were reportedly targeted by an Iranian group called Phosphorus, according to a post released by Microsoft after the Microsoft Threat Intelligence Center (MSTIC) detected unusual activity. It is alleged that the campaign also affected the Think 20 (T20) Summit in Saudi Arabia.
T20 participants received spoofed invitations in the form of an email to an event meant to inform policymaking efforts for the G20 nations. Despite the emails appearing legitimate and written in perfect English, it was revealed to be a phishing attack.
Also Read: Impersonation Attacks are on the Rise
Data from UAE police sold online (July 2020)
Security firm CloudSek said a web database marketplace was selling the personal information of nearly 25,000 UAE police officers. According to CloudSek, the seller also had Abu Dhabi police data with 31,878 files and six folders. A sample image showed that the data on offer included police officers’ mobile phone numbers, email addresses, and even addresses.
Kuwaiti and Saudi government-affiliated entities targeted (May 2020)
Bitdefender reported that attacks targeted air transport and government agencies in Kuwait and Saudi Arabia to steal sensitive information.
The group used various tools, including “living off the land tools” — applications used by hackers to further their criminal agenda. It was not clear which organisations were attacked, but some signs indicate the attack began in 2018.
MENA policymakers targeted by a phishing scam (February 2020)
Security firm Cybereason reported an espionage campaign targeting Middle East political leaders. This attack was the result of an advanced persistent threat that was sent by the cybergang The Gaza Cyber gang, a group that has been operating since 2012 and uses politically themed emails to trick leaders in the UAE, Egypt and Turkey, among others
Bahrain’s oil company hacked (January 2020)
“Dustman” malware-infected Bahrain’s national oil company, Bapco. The data wiper malware did not appear to have much of an impact on the company. The hackers gained access to the Bapco network and were able to load the data wiper into the central anti-virus software, from where it was distributed to all machines.
Dustman was allegedly destroyed by Saudi Arabia’s National Cybersecurity Authority
Also Read: AI Risks We Should Know About
Arab countries targeted by malicious office documents (January 2020)
Cisco Talos announced the existence of a new Remote Access Trojan (RAT) called ”JhoneRAT”. This malware is used to gather information on the target’s computer via malformed Microsoft Office documents.
Cisco said that the RAT, developed in Python, also tried to download other payloads from the Internet and upload the collected data from the reconnaissance phase. The JhoneRAT targeted Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain and Lebanon.
A white-hat hacker infiltrated Dalil, Saudi Arabia (March 2019)
Data breaches of more than 5 million users affected the largest Saudi Kingdom phone directory, Dalil. An investigation conducted by vpnMentor, a privacy website, found the breach in the company’s database. They also found that the app stored all user data on an unsecured MongoDB database that was unmonitored.
Despite the company’s security measures, white-hat hackers could access millions of customer records without requiring authentication.
Data breach in Careem (January 2018)
Careem, a ride-hailing app in the Middle East, was hit by a data breach, hackers stole client data, including names, email addresses, phone numbers, and data about trips.
Reuters reports that 78 cities were affected in the region when the cyberattack occurred, with 14 million customers and 558,000 drivers using the travel app affected.
A government database hacked in Turkey (April 2016)
The Turkish Citizenship Database was hacked, and personal data, including full names, addresses, national ID numbers, parents’ full names and dates of birth of about 50 million Turkish citizens (two-thirds of the population), were leaked.