Positive Technologies has analysed the attacks carried out on individuals in Middle Eastern countries between 2022 and 2023, revealing that malware was used in 70% of successful attacks. Over half of these attacks involved spyware and the vast majority used social engineering techniques. In 20% of phishing campaigns, the attack was multi-prolonged, exploiting multiple social engineering channels at the same time.
According to the data obtained by Positive Technologies, cybercriminals employed malware in 7 out of 10 successful attacks on individuals in the Middle East region. More often than not, the attackers infected users’ devices with spyware (three out of five malware attacks). This type of malware collects information from the infected device and then passes it on to the attacker. Depending on the task, spyware can steal personal and financial data, user credentials, as well as files from the device’s memory.
Positive Technologies Information Security Research Analyst Roman Reznikov comments: “By using spyware, attackers can compromise not only personal and payment information and personal accounts, but also corporate credentials, network connection information, and other sensitive data. The stolen data is then offered for sale on the dark web forums. As a result, a skilled attacker can gain access to an organization and carry out a successful attack, leading to non-tolerable consequences: disruption of technological and business processes, theft of funds, leakage of confidential information, attacks on customers and partners.”
In the great majority (96%) of successful attacks on individuals in the Middle East countries, social engineering techniques were employed. Most often, these were mass attacks in which the criminals aimed to reach the maximum number of victims. To achieve this, they actively leveraged current news about significant global and regional events, including the 2022 FIFA World Cup Qatar.
In 20% of phishing campaigns, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously. Criminals led the victims through a series of steps until the device was infected and data stolen. For instance, users could be lured through social media accounts that contained links to a messenger channel from which the victim would install a malicious application.
This report contains information about recent information security threats impacting individuals in the Middle East region, based on Positive Technologies’ own expertise, as well as data from reputable sources. Our study focuses solely on successful cyberattacks or incidents negatively affecting individuals. This report covers incidents in the following countries: Bahrain, Egypt, Israel, Jordan, Iraq, Iran, Yemen, Qatar, Cyprus, Kuwait, Lebanon, United Arab Emirates (UAE), Oman, the State of Palestine, Saudi Arabia, and Syria.
Read more exclusives and news in our latest issue here.
Never miss a story… Follow us on:
Security Buyer
@SecurityBuyer
@Secbuyer
Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com
