Gulf Countries Threat Landscape Report: Cyber Security Posture of the GCC Countries

“Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates constitute the Cooperation Council for the Arab States of the Gulf, generally known as the Gulf Cooperation Council (GCC), a regional, intergovernmental, political, and economic association. The council’s secretariat is in Riyadh, the Saudi Arabian capital. On May 25, 1981, the Charter of the GCC was signed, thereby founding the organization.”

The Gulf Cooperation Council (GCC) is a consortium made up of the wealthiest countries in the Arab region, and their combined economy is among the largest in the world. The Gulf Cooperation Council (GCC) countries, the world’s top oil and gas exporters, have developed digitalized and competitive economies that enable the continuance of infrastructure projects. Governments have paved the way for development by investing in transportation, logistics, healthcare, retail, real estate, education, tourism, and finance. Thus, the wealth derived from oil and gas was portrayed to the public as a prosperous life.

In addition to developments of local industries, the unexpected global digitalization that came with the COVID-19 pandemic created opportunities for cybercrime actors. Especially the GCC countries Saudi Arabia, UAE, and Kuwait became a target of millions of cyber attacks each month.

SOCRadar published the ‘Gulf Countries Threat Landscape Report’ to provide insight into the Cyber Threat Landscape of GCC countries and their cyber preparedness. This report investigated various types of cyber incidents that SOCRadar dark web team relates to GCC, between March 2022 and February 2023.

Cyber Security Posture of the GCC Countries

In recent years, the GCC countries have seen a rise in cyber threats and attacks, leading to increased investments in cybersecurity infrastructure and capacity building. Thus, the GCC countries have made significant strides in developing their cybersecurity capabilities, including establishing cybersecurity agencies and implementing cybersecurity regulations and standards to protect critical infrastructureand sensitive data.

The UAE has implemented the Dubai Cyber Security Strategy, establishing Dubai as a global cybersecurity leader. Saudi Arabia has also implemented a Cybersecurity Strategy to strengthen cybersecurity across all sectors, from government facilities to critical infrastructure. Along with government initiatives, several GCC countries have invested in forging partnerships with global organizations to augment their cybersecurity capabilities.

A significant example of the cybersecurity regulations in the region is covering the financial institution. The Saudi Arabian Monetary Authority (SAMA) has developed a Cybersecurity Framework (CSF) for Banks and Financial Institutions based on international best practices and standards. As part of the CSF, SAMA announced the Cyber Threat Intelligence (CTI) Principles in March 2022. Implementing CTI principles has become a requirement for Saudi financial institutions to achieve SAMA Cybersecurity Framework Compliance.

The SOCRadar & SAMA CTI principles compliance chart, which demonstrates how SOCRadar assists SAMA member organizations in achieving SAMA CTI principles, is provided at the end of the ‘Gulf Countries Threat Landscape’ report.

GCC Cyber Threat Landscape

The GCC countries have seen a rise in cyber threats and attacks and dark web threats also increase in parallel. SOCRadar’s dark web team has conducted comprehensive research, with the help of SOCRadar DarkMirror data, on dark web threats targeting GCC organizations to bring you insight into GCC cyber threat landscape. During this research, the SOCRadar dark web team analyzed 309 dark web posts related to GCC countries between the time scope of March 1, 2022 to February 28, 2023.

The SOCRadar dark web team has analyzed the dark web shares by post types. The analysis shows that data exposure was the most common dark web post type. 98% of the post aims to sell or share data without compensation. SOCRadar DarkMirror data shows the highest number of posts were in December 2022.

According to SOCRadar DarkMirror data, “Public Administration” was the most targeted industry in the GCC region, followed by E-commerce and Information Services. The countries most targeted by threat actors were the UAE, Saudi Arabia, and Kuwait.

SOCRadar detected 41 ransomware incidents targeting countries in the GCC. LockBit3.0 is the top ransomware group in the region. AlphVM/Blackcatand Mallox groups were also quite active.

According to the SOCRadar dark web team, 755 phishing attacks against the GCC religion were recorded. Almost 60% of the phishing websites were hosted on HTTPS domains using a valid SSL/TLS certificate.

Recent Cyber Attacks Targeting GCC Countries

SOCRadar Gulf Countries Threat Landscape Report details cyberattacks on GCC countries and trends among attackers. Some examples of attacks SOCRadar detected on leak sites and dark web forums are below.

Database of Dubai Residents is on Sale:

Threat actors posted a new alleged ownership database sale for Dubai in a hacker forum monitored by SOCRadar on March 02, 2023. The alleged database has information about the property ownership in the following districts: Marina, JBR, Palm, Business Bay, Downtown, Greens, Tecom, and Dubai Hills. Threat actors claim the following information on the database: Apartment, Size, Name, Phone number, Nationality, Passport number.

Unauthorized Access Sale for a Saudi Arabian Petroleum Company:

An unauthorized access sale is detected allegedly belongs to a petroleum company that operates in Saudi Arabia in a underground forum monitored by SOCRadar in February 06, 2023.

Data of Qatar Oil and Gas Companies are Leaked:

A new alleged data leak is detected allegedly belonging to Qatar Oil and Gas companies In a Telegram channel monitored by SOCRadar in Jan 03, 2023. Threat actors claimed to have more than 25TB of data.

Cyber Crime During the World Cup

Cybercriminals have set up many ways to collect personal information and defraud individuals of their money during the World Cup. The Hayya Card system, which is required for World Cup visitors to enter Qatar and to access tickets and other services like transportation, was found to have numerous potentially compromised accounts.

To learn more about Qatar World Cup and cyber crime you can visit SOCRadar’s detailed blog post. You can also search for major events like the World Cup on the “Campaign” page on the SOCRadar platform.

SOCRadar users can obtain such findings on Dark Web News, where posts of malicious activities are shared in underground forums. Threat posts are searchable by filtering country, category, industry and other tags.