The United Arab Emirates (UAE)’s rapid adoption of IT and operational technology (OT) has significantly increased their attack surface, with nearly 155,000 remotely accessible assets recently discovered and left vulnerable due to misconfigurations and unsafe applications.
Vulnerable resources include remote access points, network administration interfaces, insecure network devices and open file sharing systems, according to findings just published in the “UAE Cybersecurity Report 2024”. While exploitable public-facing applications account for a smaller share of the attack surface, insider threats have increased their share, according to the report published by cybersecurity firm CPX.
To strengthen defenses, policymakers, businesses and citizens must work together to strengthen the nation’s infrastructure and improve overall cybersecurity, Hadi Anwar, executive director of strategic programs at CPX, said in a statement.
“The economic fallout from cyber incidents, as detailed in our analysis, requires a unified approach to strengthen our national defenses,” he said. “This involves not only adopting advanced technologies and practices, but also promoting a culture of cyber awareness and resilience.”
The UAE has undertaken a number of cyber initiatives, including smart city projects, digital transformations and efforts to stimulate its digital economy. In 2017, Dubai established the Dubai Electronic Security Center (DESC) and created Dubai’s cybersecurity strategya second version of which it was released in 2023. Following this initial effort, the national government created its National Cybersecurity Strategy in 2019, which called for new laws and regulations and an ecosystem to support cybersecurity.
Superficial spread of cyber attacks
As more organizations expand the use of cloud computing and OT and incorporate AI and machine learning into their business operations, the country’s cyber attack surface is also growing, according to Mohamed Al Kuwaiti, chief of the UAE Cyber Security Council. .
“This evolution gives threat actors more opportunities to illegally infiltrate systems,” he said, pointing to ransomware as a significant threat. “Additionally, we are seeing an increase in distributed denial-of-service (DDoS) attacks against UAE organisations, particularly against our critical infrastructure, amid a challenging geopolitical climate that amplifies cyber threats.”
In the first nine months of 2023 the government identified and blocked more than 71 million cyber attacks, and the vast majority of businesses in the UAE have done so have suffered cyber attacks in the last two years.
DDoS unleashed
Over a quarter (27%) of incidents handled by CPX’s Security Operations Center (SOC) involved misconfigurations, while another 22% were caused by malware and 10% started with email fraud and phishing. Fifteen percent of incidents involved an investigation or attempted access, while another 15 percent were the result of an individual accessing data or a system without authorization.
Additionally, more than 58,000 denial of service attacks targeted the country’s network space in 2023, with the maximum bandwidth for an attack exceeding 260 Gbps.
Overall, the SOC considered 3% of incidents to be critical in severity, while nearly a quarter (23%) of incidents were classified as high in severity. According to the report, the rapid adoption of AI technologies is also expected to expand the collection of applications that organizations need to protect.
This is also cybercrime
In 2023, according to CPX, the North Korea-linked Lazarus Group, also known as Hidden Cobra and Sapphire Sleet, actively conducted espionage operations and destructive attacks in the region, undermining the commonly held belief that attacks against the United Arab Emirates they are motivated by regional geopolitics.
In fact, nearly a third of attackers (29%) appeared to be financially motivated cybercriminals, while 21% were insider threat actors. While national attackers and the region’s geopolitical tensions tend to get the most coverage, only 14% of attacks are attributed to nation-states, according to the CPX report.
“This activity challenges the prevailing belief that the nation is only targeted by regional adversaries, highlighting the global scope of the threats the UAE faces,” the report said.
Investments by companies and public bodies in cybersecurity, however, are bearing fruit. In 2023, two-thirds of attackers were detected within days and 93% identified within weeks, a significant improvement over 2022, when only 56% of attacks were identified within weeks.
“UAE organizations must establish comprehensive cybersecurity programs that go beyond technical defenses to include awareness campaigns,” the report said. “These initiatives should aim to educate employees about the potential cyber threats they face, encouraging vigilance and timely reporting of suspicious activity.”