SOCRadar® Cyber Intelligence Inc. | Exploring Cyber Threats During the Hajj Season
Home

Resources

Blog
Jun 26, 2023
8 Mins Read

Exploring Cyber Threats During the Hajj Season

“More than 2 million cyber attacks were recorded from all over the world within a month”

That is the summary of the cyber struggle during the last Hajj season, according to the statement delivered directly by the Deputy Minister of Hajj and Umrah, Dr. Abdul Fattah Mashat.

Millions worldwide embark on a deep spiritual journey known as Hajj every year. This annual pilgrimage is a religious obligation for all adult Muslims with the physical and financial capabilities to make the journey. The Hajj is one of the world’s largest and most revered religious events, attracting believers from all nationalities, backgrounds, and walks of life.

Although the number of pilgrims changes yearly, it is usually around 2 million people. About 2.6 million people made the pilgrimage in 2019, the last year before the pandemic outbreak. The kingdom only allowed a limited number of its residents to enter in 2020 and 2021. In 2022, when 2 million cyber attacks were reported, the number of pilgrims was limited to 1 million due to the COVID-19 outbreak.

The kingdom has announced lifting COVID-19 restrictions for the 2023 pilgrimage season and is gearing up to welcome numbers of pilgrims reminiscent of the pre-pandemic era. This year Hajj occurs from approximately June 26, 2023, to July 1, 2023. 

Dr. Mashat stated that e-attacks have doubled during the 2022 Hajj season due to the opening of Hajj to the world, as attacks arrived worldwide. Since the expected number of pilgrims in 2023 will be at least twice that of 2022, cyber attacks can be predicted to increase.

(Generated using Bing Image Creation powered by Dall-E)

The Crucial Significance of Cybersecurity During the Hajj Season

Ensuring cybersecurity during the Hajj season is crucial due to several compelling reasons. Considering the magnitude and complexity of the Hajj, involving the movement of millions of people, it becomes potentially a target for cyberattacks such as phishing attempts and denial-of-service attacks.

Moreover, processing private personal data, including passport information and travel details, makes the Hajj event an attractive target for threat actors seeking to exploit sensitive information for identity theft and other malicious activities.

The Hajj season also presents a vulnerable time for pilgrims of various ages and sociocultural statuses as they navigate unfamiliar places and utilize unknown devices and e-tools, making them more susceptible to cyberattacks.

Dr. Abdul Fattah Mashat, the Deputy Minister of Hajj and Umrah, has highlighted that the Ministry of Hajj and Umrah, heavily reliant on technology, has become a primary target for cyber attacks. The Hajj has recently evolved into a high-tech event with an expanding attack surface. The major technological evolutions that have emerged in recent years are listed below:

  • The Ministry offers more than 121 e-services to over 30 million individuals in Saudi Arabia and millions of pilgrims from different countries. 
  • Mobile apps are designed to assist pilgrims in navigating their experience, such as guidance in Mecca and the surrounding area, access to medical services, and proper adherence to religious rituals.
  • In 2021, the Kingdom announced the distribution of 5,000 IoT-enabled smart bracelets to monitor the health conditions of pilgrims, including blood oxygen levels and heart rate. These bracelets also facilitate emergency medical and security assistance, ensuring swift response times and enabling rescue operations. Additionally, they deliver awareness messages to pilgrims throughout their journey.

All technological solutions to facilitate pilgrims’ journeys require cyber solid security measures to protect pilgrims’ data and information from various cyber threats.

A primary digital innovation for the last years is the electronic hajj visas delivered online without a consulate visit. The e-registration of Hajj is still subjected to attempts to disrupt the e-systems. Saudi authorities caution worshippers planning Hajj about the rising threat of online registration scams, urging them to use official apps.

Warning post of Ministry of Hajj and Umrah

E-Registration Systems

The Ministry of Hajj and Umrah launched the e-registration system for the first time, exclusively authorizing and accrediting an external company named Motawif to handle Hajj applications from applicants in the Americas, Europe, and Australia in 2022. Motawif’s online platform replaced the traditional method of booking trips and accommodations through travel agents. Western pilgrims were required to use the Motawif platform and participate in an “automated lottery” draw to secure a spot for the Hajj.

The platform was designed to make booking Hajj easier and more convenient for pilgrims; however, it was received with significant criticism, notably over data protection standards, because of spam emails that users received hours after signing up for the Motawif service.

Saudi Arabia’s Haramain Twitter account, which manages social media for Mecca and Medina holy sites, tweeted a message instructing prospective pilgrims to contact Motawif immediately if they receive spam emails.

Warning post about compromised database

SOCRadar XTI Platform, Threat Hunting Module “motawif.com.sa” search results are bellows:

Threat Hunting Module: ‘Motawif.com.sa’  Stealer Logs results (Source: SOCRadar)
Threat Hunting Module: ‘Motawif.com.sa’  Breached Datasets results (Source: SOCRadar)

For more details for “motawif.com.sa” search result, click here.
It is possible to check ‘motawif.com.sa’ over SOCRadar free tools. SOCRadar Labs Account Breach module search result is below:

SOCRadar Labs/ Account Breach Module: “Motawif.com.sa” results (Source: SOCRadar)

For more details, click here

Motawif has been closed down and replaced by a similar platform called Nusuk. Nusuk was launched in November 2022 by the Saudi Ministry of Hajj and Umrah in collaboration with the Saudi Tourism Authority and the Ministry of Tourism. The Nusuk app and website – nusuk.sa, international pilgrims plan their entire journey, Assisting pilgrims in obtaining the proper visas and permits.

Nusuk is the only platform officially approved by the Saudi Ministry of Hajj and Umrah to provide Hajj services for the year 2023. With the Nusuk platform, pilgrims from more than 58 countries, including Europe, the United States, Australia, and others, can register, book, and pay online using a simple and convenient online process. They can also select service packages like accommodation, food service, flights, assistance, and transportation.

Similar cyber risks that apply to Motawif are also valid for the Nusuk platform. SOCRadar XTI Platform, Threat Hunting Module “nusuk.sa” search results are bellows:

Threat Hunting Module: “nusuk.sa”  Stealer Logs results (Source: SOCRadar)
Threat Hunting Module: one of the  “nusuk.sa” search results (Source: SOCRadar)

SOCRadar Labs/SOC Tools Phishing Radar module search result is below:

SOCRadar Labs/ SOC Tools/ Phishing Radar Module: “nusuk.sa”  results (Source: SOCRadar)

For more details, click here

Recent Scam Attempts

Millions of Muslims seek to perform Hajj yearly, but only a limited number are accepted. Since it is a highly desired and multi-participant event, it is also an attractive title for phishing campaigns.

One of the recent scams is an offer of free Hajj sponsorships. With the shares spread via Facebook and WhatsApp, believers are directed to the hoax website and asked to fill out forms with their personal information.

Facebook post about scam hajj sponsorship (Source: www.kompas.com)
Whatsapp message about scam hajj sponsorship (Source:dailytrust.com)

The hoax site impersonates the Crown Prince of the Kingdom of Saudi Arabia, Mohammed bin Salman Al Saud’s foundation (MISK Foundation). Saudi authorities highlighted that the Saudi non-profit Misk Foundation would not organize trips for Hajj and Umrah pilgrims without collaborating closely with the Ministry of Hajj and Umrah and relevant Saudi Embassies.

Hoax Site impersonates MISK Foundation (Sources: pesacheck.org)

Saudi Arabia takes the responsibility of creating a secure cyber environment for pilgrim data seriously. The Ministry works on ensuring cyber security to safeguard the data and information of pilgrims against various types of attacks. 

To address this, the National Cyber-Security Authority conducted a cyber-security exercise on May 28th and 29th, specifically for the 2023 Hajj season. Over 100 national organizations participated in the practice, represented by more than 350 cybersecurity personnel. The exercise simulated different cyber-attack types and implemented response mechanisms for urgent cyber incidents. This comprehensive approach encompassed readiness, detection and analysis, containment, recovery, post-incident procedures, information sharing, and lessons learned.

What Should be Done to Protect From Cyber Attacks During the Hajj Season?

Cyber threats pose significant risks during the Hajj season, highlighting the need for robust cybersecurity measures. The vast number of visitors and the increasing reliance on technology make the Hajj a prime target for various cyber attacks. From phishing attempts and identity theft to fraudulent services and disruption of e-systems, pilgrims face potential dangers that can undermine their safety, privacy, and overall experience.

Saudi authorities take foreseeing steps that prioritize cybersecurity, such as conducting special exercises and simulations. Such visionary measures demonstrate a commitment to protecting pilgrims’ data, preserving the sanctity of the Hajj, and providing a secure environment for all participants. Meanwhile, deploying extended threat intelligence (XTI) solutions that include Attack Surface Management, Digital Risk Protection, and dark web monitoring stands out as a proactive measure that the Saudi authorities can take.

On the other hand, individuals need to remain vigilant and take personal responsibility for their cyber hygiene. Pilgrims should exercise caution when accessing online services, avoid suspicious links or emails, and regularly update their devices and passwords.