State of the UAE — Cybersecurity Report 2024, which was issued by the UAE Cyber Security Council and CPX Holding, emphasises the critical need for advanced cyber security measures in response to the increasing complexity and sophistication of cyber threats.
In combination with the surge in advanced cyber attacks such as ransomware, it says there is an essential need for robust cyber defences, especially in a region such as the UAE, which puts itself at the forefront of both AI-driven technological innovations and geopolitical significance.
Most vulnerable industries
The most targeted by cyber threat actors were named as the government, energy, and information technology sectors.
The report added that, despite the evolving threat landscape, traditional attack vectors such as business email compromise (BEC) and phishing are not only prevalent but continue to pose a significant threat, which shows no sign of abating.
It said: “These methods are likely to become more sophisticated with the integration of AI tools, enhancing social engineering efforts, phishing lures, and the deployment of deep-fake technology to deceive victims.”
There has been just shy of a 30 percent increase in Insider Threat-related incidents since the last annual report, and an 18 percent increase in Drive-by-Downloads.
This, it said, is largely driven by a rise in the use of Infostealing Malware and Spyware to acquire organisational credentials. It added that malicious code, accounts for 22 percent of all cyber incidents in the UAE.
Prime targets
The report identified remote access and network vulnerabilities as prime targets for cyber threat actors, as they allow unauthorised system access without physical network presence.
It added that remote technologies remain a high risk in 2024, and make up 23 percent of attack surface exposures in the UAE.
It also said that network vulnerabilities are particularly susceptible to malware attacks, social engineering, and potential misconfiguration.
Distributed denial of service (DDoS) attacks persist as a significant threat to UAE organisations, with 58,538 attacks recorded during the year.
Diverse motivation
Motivations and methodologies range from nation-state threat actors and eCrime groups, to hacktivists. The report said that nation-state actors are typically motivated by espionage or destructive purposes, investing significant time, money, and manpower to compromise specific targets.
Worryingly, it also said that the majority of incidents (86 percent) targeted large organisations in the UAE.
If you’re concerned that your business may be vulnerable to, or might already have fallen prey to an attack, just get in touch – we can help.