Cyber-attacks on Middle Eastern entities continued to rise throughout 2021. Most of this rise came from threat actors connected to 5 known clusters outside the region that were targeting critical infrastructure, manufacturing, utilities, and oil and gas infrastructure. These attacks were characterized by:
- The exponential increase in the degree of sophistication in targeting and breach formulation
- A strong geopolitical connect; extensive involvement of APT actors has been confirmed
- The timing of the attacks was designed to coincide with major offline events including the onset of holidays, reopening of offices, and even government to government discussions
- Malware deployed in the region showed higher levels of new codes and segments indicating that the hackers may be working towards exclusively targeting entities in the region or using the region as testing grounds
- Attacks on manufacturing registered a 200 percent rise
- Cyberattacks are carried out in waves on targets with increasing intensity and loss of data registered in each wave
- New APT clusters have sprung up within the region and are now targeting strategic sectors of the economy in countries like Saudi Arabia, UAE, and Oman
As we investigate the emerging threats in the region, three themes stand out:
- Hackers are focusing on maximizing disruption by targeting industrial control systems, supply chains and IoT networks
- Ransom is the ultimate objective; the attacks are being carried out by well-organized cyber-criminal gangs. Regional ransom rates have also gone up
- Lack of visibility into operations and involuntary insider activity are both turning into major weaknesses. In converged networks that are connected with IoT, OT and IT, threat actors are finding it easier to breach and load their malware payload
Sectoral updates on IoT and OT Security
Attacks on oil and gas entities and manufacturing sectors continue to rise disproportionately. Through infrastructure optimization measures, many new devices and systems were introduced into the networks of companies in these two sectors in 2020 and 2021. Some of these devices were introduced without adequate levels of security testing and this has led to the emergence of new vulnerabilities that hackers are exploiting. With widened gaps, cyber threats will find it easier to spread across these two sectors and beyond.
In industries such as cement and food and beverage manufacture, we have seen the emergence of specialized threats. These are targeting certain production aspects including assembly lines, manipulation of proprietary formulation, and production processes.
A large number of digital transformation projects have taken off in countries like UAE, Saudi Arabia, Oman, and Qatar in 2021. Most of the projects involve a phased transition to technologies such as IoT, AI, blockchain, and others. Due to this transition as well as the increased infusion of automation, an increasing number of enterprises and business units are now functional with a diverse array of infrastructure subsystems, sub-networks, and connectivity flavors that enable cyberattacks by stealthy malware that move laterally across networks.
Extensive use of social engineering
Hackers are also deploying a wide variety of social engineering and insider luring means to attack and engage targets. These include forged official emails from vendors, government, and other entities and messages from instant messaging and other platforms to deceive the recipient. We also came across some instances of reply phishing as well.
UAE firms lost the maximum amount of data per cyber-attack as compared to other countries in the region. Other countries also lost data in proportion to the volume of cyberattacks experienced by them. Such data is turning up in all sorts of places. We are not sure about the amount of ransom that could have been paid by companies in the region but by looking at the volume of data leaked so far, significant amounts of ransom could possibly have exchanged hands in 2021.
The above is an extract from Sectrio’s Threat Landscape Assessment and Analysis Report 2022. To access the full report, visit this link: The 2022 IoT and OT Global Threat Landscape and Assessment Report
Wish to learn about simple measures to improve your cybersecurity posture? Meet our cybersecurity experts at GISEC 2022. Book your complimentary meeting slot now.
Get access to enriched IoT-focused cyber threat intelligence for free for 15 days