A recent report by Positive Technologies reveals a surge in cybercrime across the Middle East between 2024 and Q1 2025, with social engineering identified as the primary initial access method. Threat actors leveraged malware, DDoS attacks, and exploitation of unpatched vulnerabilities to target government, defense, industrial sectors, and individuals. The report, covering 14 countries, highlights that underreporting driven by reputational concerns and social stigma likely conceals the true extent of the threat landscape. Dark web activity shows the UAE, Saudi Arabia, Israel, and Qatar as frequently targeted nations, with mentions tied to stolen data and compromised infrastructure.

Technical Description

A recent threat intelligence report published by Positive Technologies highlights a sustained wave of cybercrime activity across the Middle East between 2024 and Q1 2025. The findings underscore the prevalence of social engineering as a leading initial access vector, with adversaries leveraging phishing, impersonation, and psychological manipulation techniques to exfiltrate sensitive user data. This tactic facilitated a high rate of successful intrusions across regional targets.

The report further identifies a diverse threat landscape, with adversaries employing malware, distributed denial-of-service (DDoS) attacks, and exploitation of unpatched vulnerabilities in web-facing applications and network services. These attack methods were observed targeting a broad spectrum of verticals, including government agencies, defense organizations, industrial and manufacturing entities, and individual users.

Research team conducted a cross-regional assessment involving Bahrain, Egypt, Israel, Jordan, Iraq, Yemen, Qatar, Kuwait, Lebanon, the UAE, Oman, Palestine, Saudi Arabia, and Syria. Despite the extensive geographic coverage, analysts noted that the data underrepresents the true scale of malicious activity due to underreporting, driven largely by reputational concerns and societal stigma.

The report also details increased threat activity emanating from dark web ecosystems. Intelligence gathered indicates that the UAE, Saudi Arabia, Israel, and Qatar are among the most referenced countries on underground forums, often linked to listings of stolen credentials, sensitive documents, and compromised infrastructure. These nations, noted for their aggressive digital transformation initiatives, are viewed by cybercriminals as high-value targets.

Cybercrime groups specializing in data theft and disruption of critical infrastructure were among the most active actors in the region. Listings of breached government and private sector data suggest systemic gaps in security governance amid rapid digitization efforts.

Security research teams warns that advancements in AI and the proliferation of high-performance computing resources are lowering the technical barriers to entry for cybercriminals. This democratization of offensive capabilities is expected to result in a measurable uptick in regional threat activity.

The report concludes with strategic recommendations, urging Middle Eastern governments to prioritize the protection of critical infrastructure, financial institutions, and public sector entities. The potential compromise of these sectors presents significant risks to national security and sovereignty.

‍

Impact

The rise in cybercrime across the Middle East is creating major risks for national security, important services, and the economy. Countries with advanced digital systems are especially vulnerable to data leaks and service outages. Many attacks go unreported, making it harder to understand the full threat and build strong cybersecurity defenses.

IOC and Context Details

‍

Recommended Actions

1. Measures for Prevention of Denial of Service (DoS/DDoS) Attacks:

• Implement rate limiting, traffic shaping, and connection throttling on network edge devices.
• Use Content Delivery Networks (CDNs) and cloud-based DDoS mitigation services
• Configure firewalls, intrusion prevention systems (IPS) and routers to detect and drop malicious traffic patterns.
• Enable SYN flood protection, UDP flood filters and anomaly-based detection on network appliances.
• Apply GeoIP filtering and blackhole routing for traffic originating from known malicious regions or IPs.

2. Measures for Prevention of Malware Attacks:

• Enforce endpoint detection and response (EDR).
• Deploy network segmentation to limit lateral movement in case of infection.
• Regularly update anti-malware signatures, operating systems, and applications.
• Enable application whitelisting and script execution controls (e.g., PowerShell Constrained Language Mode).
• Use sandboxing and email security gateways to inspect email attachments and links for malicious behavior.

3. Measures for Prevention of Web Intrusion and Defacement Attacks:

• Regularly perform web application vulnerability scans and penetration testing.
• Deploy Web Application Firewalls (WAFs) to block common attack vectors like SQLi, XSS, and LFI.
• Implement secure coding practices and conduct static/dynamic code analysis during development.
• Use multi-factor authentication (MFA) and least privilege principles for CMS/admin interfaces.
• Monitor for unauthorized file changes using file integrity monitoring (FIM) tools.

4. Infrastructure and Server Hardening Recommendations:

• Disable unused ports, services, and protocols; apply default-deny policies in firewalls.
• Enforce strong access control policies using Role-Based Access Control (RBAC) and MFA.
• Regularly apply vendor-released security patches and firmware updates.
• Implement secure boot, disk encryption, and BIOS/UEFI password protection.
• Configure logging and centralized monitoring (e.g., SIEM solutions) to detect unusual behavior or compromise attempts.

‍

References

https://www.securitymiddleeastmag.com/positive-technologies-report-finds-cyberattacks-intensify-in-uae-ksa/

‍