Connect with us

Cyber Security

Geopolitical Tensions Have Given Rise to Targeted Attacks in the MEA Region

Published

3 months ago

on

Michael Hoffman, the Certified Instructor at SANS Institute, says cyber attacks targeting critical infrastructure were sparse 15 to 20 years ago

Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The MEA region is largely focused on energy. It has invested significantly in oil and gas across upstream, midstream, and downstream functions and the utilities to support these environments and communities. This region has also seen one of the most threatening cyber attacks on equipment and human life, with the Trisis attack in 2017, which targeted a Triconix Controller at a refinery in Saudi Arabia. Therefore, there has been a significant focus on cybersecurity across the region. Due to this, governments such as Saudi Arabia have taken extensive measures to ensure critical infrastructure receives the needed cybersecurity focus from the OTCC controls.

What are the most notable trends in cyber attacks targeting these systems?
Cyber attacks targeting critical infrastructure were sparse 15 to 20 years ago, and control systems used to be more customized per facility. Many control and automation systems were starting to incorporate operating systems and network equipment similar to those on the IT side. Still, connectivity was limited, and the adversary’s capability of affecting these systems was also limited. Fast forward to today, SCADA and DCS systems are designed off more of a “standard template,” and the equipment used in one plant often closely resembles another plant. We now face a time when critical infrastructure is more homogenous, allowing adversaries to build complete ICS/OT-focused toolkits, such as PIPEDREAM, to compromise critical infrastructure across verticals.

Which sectors in the MEA region are most vulnerable to cyber attacks, and why?
Much focus has been placed on the energy sector, and rightly so, as the MEA region benefits from its significant oil and gas reserves. Even here, however, there are areas of focus to work on, such as increasing visibility into the industrial networks themselves. Nevertheless, from experience in the MEA, utilities and manufacturing sectors are the most vulnerable. Many of the utilities are undergoing upgrades to replace legacy equipment, and the newer systems are now more homogenous to other automation systems.

Utilities are embracing more remote monitoring and support and AI capabilities for energy loading and modelling. These new capabilities all increase the attack surface of the industrial systems. Manufacturing, by design, is tightly connected to IT and cloud systems to receive, produce, and fulfil orders. The data connectivity in manufacturing makes this sector vulnerable to IT and ICS/OT-focused attacks.

What are the primary motivations behind cyber attacks on critical infrastructure in the MEA region?
Geopolitical tensions have given rise to targeted attacks in the MEA region over the last number of years and increased significantly. Many conflicts brought about targeted attacks on the utilities, transportation, and energy sectors. The conflict also brought about an increase in hacktivism, where the Cyber Av3ngers group targeted Unitronics programmable logic controller (PLC) devices worldwide.

Numerous food and water systems outside of the MEA region in the US, Ireland, and other countries were disrupted due to these attacks. Ransomware is still a profitable business for adversary groups, and this threat will continue to earn significant income by targeting sectors, such as manufacturing, that are more susceptible to IT systems causing ICS/OT outages.

How important is employee training and awareness in preventing cyber attacks on critical infrastructure?
Employees are the front line of defence in critical infrastructure. These environments have skilled operations and maintenance personnel who are the eyes and ears of the process. Yet, having inherent process knowledge does not directly translate to cyber knowledge and the ability to decipher between a system disruption or cyber-physical attack. Therefore, the importance of providing awareness training to asset leadership, the boots-on-the-ground operations, and maintenance staff is more significant than ever in understanding the threats from a high level and who to call or what to do in the event of a suspect condition.

Those tasked with maintaining ICS/OT need specific training, such as provided in the SANS ICS Curriculum, to ensure they have a level of knowledge to prevent, respond to, and recover from adversaries targeting their environments. Without this training, individuals will struggle to maintain or understand the value of various security controls required to keep a defensive posture in their environments.

What role does proactive threat intelligence play in securing critical infrastructure systems?
Consuming threat intelligence for an owner/operator-specific requirement and use case is fundamental to understanding what threat groups have done in the past and what capabilities they could leverage to disrupt an environment. Understanding cybersecurity threats helps build preventative, detective, and recovery controls specific to the operational vertical. Threat intelligence helps to answer questions and look ahead at what is potentially coming vs. looking behind at standards and control frameworks, which are often more generic and lacking in specific tactics, techniques, and procedures (TTPs) that adversaries are currently using.

A cybersecurity program should include consuming threat intelligence and using those insights to drive detection capability and implement cybersecurity controls. Then, threat intelligence is used to go back and verify that existing controls can prevent and detect adversarial activity. Organizations that do not consume threat intelligence are operating without the situational awareness needed to defend their critical environments.

Are there any technologies being deployed to safeguard critical infrastructure in the region?
The push for AI is happening across both IT and OT products and markets. Anyone who has attended GISEC Global in Dubai over the last few years has seen a significant uptake in vendors offering AI capabilities. For ICS/OT, AI has found its way into endpoint detection, network anomaly detection, SIEM analysis and detection, and incident response playbook generation, among other areas. MEA governments strongly advocate for adopting AI for cybersecurity and using AI to increase how businesses operate more effectively and efficiently. However, this requires more data connectivity to IT and cloud systems, with ample storage and compute capabilities needed to make better-informed operational changes.

This increase in IT/OT connectivity is a stark contrast from the previous mindset of isolating these environments entirely or partly using controls, such as data diodes between OT and IT, so traffic can only physically flow from operational systems to enterprise environments. Thus, AI is helping to secure these environments better while at the same time driving change, albeit potentially increasing ICS/OT cybersecurity risk, for more IT/OT data interconnectivity requirements.

What are the biggest challenges companies face in securing critical infrastructure in the MEA region?
The MEA region’s challenges in securing ICS/OT environments are not unique to the region for the most part. The public and private sectors are constantly updating outdated infrastructure, deploying new cybersecurity technologies, implementing new technologies, such as AI, merging with or acquiring organizations, divesting assets, etc. These changes bring about re-organizations, new roles and responsibility mappings, and technical skill reevaluation, among others.

Keeping up with these changes and the constant influx of new technologies within the automation and control equipment requires constant workforce training and skills building. Replacing outdated DCS and SCADA systems brings about new opportunities for optimization and reliability but also brings about completely different sets of technology stacks that must be defended against. Thus, a strong focus is needed towards investing in people to ensure they have the right technical acumen within ICS/OT cybersecurity.

What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
Governments are actively involved and play a significant role in securing their country’s critical infrastructure. UAE, for instance, has developed the UAE National Cybersecurity Strategy, Federal Cybersecurity Law, The National Information Assurance Framework, and Critical Information Infrastructure Guideline. Saudi Arabia has a strong focus in this area and created the Saudi Cybersecurity Law, National Cybersecurity Strategy, and National Cybersecurity Authority (NCA. The NCA Operational Technology Cybersecurity Controls (OTCC) controls, in particular, focus on critical infrastructure and are in place to ensure those facilities achieve a minimum set of baseline security controls.

It is one of the region’s more well-known and referenced ICS/OT cybersecurity control frameworks. Qatar has created the Qatar National Cybersecurity Strategy, Qatar Computer Emergency Response Team (Q-CERT), and the recent Qatar Cybersecurity Framework (QCF) in response to the FIFA 2022 World Cup. Bahrain has created the National Cybersecurity Strategy and Bahrain Cybersecurity Framework. Many other MEA countries have or are in the process of creating similar standards and frameworks for protecting their critical infrastructure.

How can companies ensure business continuity while recovering from a cyber attack on their critical systems?
As companies in the region continually grow their cybersecurity maturity, many have created incident response plans and capabilities or have outsourced these to the region’s few dedicated ICS/OT cybersecurity companies. The SANS Five ICS Cybersecurity Critical Controls have also been discussed at many conferences and events, and the importance of developing an ICS-specific Incident Response Plan (IRP) is starting to take hold and resonate with owners and operators. Still, there is an existing need for asset owners and operators to develop a workable strategy for systematic recovery, reconstitution, and operational resumption in the event of a cyber attack. To develop such capabilities, asset owners and operators need to perform the following activities in their environments:

  • Specifying disaster criteria
  • Identifying cyber-specific loss scenarios that cause those disasters
  • Specifying recovery team responsibilities starting from the activation phase followed by recovery and reconstitution
  • Identifying automation and control system function recovery priority
  • Performing a dependency analysis of recovery priority
  • Documenting reconstitution steps to correct for any data deviation that has been introduced during recovery
  • Developing assurance and handover qualifications for process restart

Critical infrastructure assets can be prepared to respond to cyber-attacks and resume operations quickly and effectively by performing such activities.

Related Topics:
Continue Reading

Cyber Security

Positive Technologies Reports 80% of Middle East Cyberattacks Compromise Confidential Data

Published

4 days ago

on

May 16, 2025

By

A new study by cybersecurity firm Positive Technologies has shed light on the evolving cyber threat landscape in the Middle East, revealing that a staggering 80% of successful cyberattacks in the region lead to the breach of confidential information. The research, examining the impact of digital transformation, organized cybercrime, and the underground market, highlights the increasing exposure of Middle Eastern nations to sophisticated cyber threats.

The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

Continue Reading

Cyber Security

Axis Communications Sheds Light on Video Surveillance Industry Perspectives on AI

Published

1 week ago

on

May 12, 2025

By

Axis Communications has published a new report that explores the state of AI in the global video surveillance industry. Titled The State of AI in Video Surveillance, the report examines the key opportunities, challenges and future trends, as well as the responsible practices that are becoming critical for organisations in their use of AI. The report draws insights from qualitative research as well as quantitative data sources, including in-depth interviews with carefully selected experts from the Axis global partner network.

A leading insight featured in the report is the unanimous view among interviewees that interest in the technology has surged over the past few years, with more and more business customers becoming curious and increasingly knowledgeable about its potential applications.

Mats Thulin, Director AI & Analytics Solutions at Axis Communications

“AI is a technology that has the potential to touch every corner and every function of the modern enterprise. That said, any implementations or integrations that aim to drive value come with serious financial and ethical considerations. These considerations should prompt organisations to scrutinise any initiative or investment. Axis’s new report not only shows how AI is transforming the video surveillance landscape, but also how that transformation should ideally be approached,” said Mats Thulin, Director AI & Analytics Solutions at Axis Communications.

According to the Axis report, the move by businesses from on-premise security server systems to hybrid cloud architectures continues at pace, driven by the need for faster processing, improved bandwidth usage and greater scalability. At the same time, cloud-based technology is being combined with edge AI solutions, which play a crucial role by enabling faster, local analytics with minimal latency, a prerequisite for real-time responsiveness in security-related situations.

By moving AI processing closer to the source using edge devices such as cameras, businesses can reduce bandwidth consumption and better support real-time applications like security monitoring. As a result, the hybrid approach is expected to continue to shape the role of AI in security and unlock new business intelligence and operational efficiencies.

A trend that is emerging among businesses is the integration of diverse data for a more comprehensive analysis, transforming safety and security. Experts predict that by integrating additional sensory data, such as audio and contextual environmental factors caught on camera, can lead to enhanced situational awareness and greater actionable insights, offering a more comprehensive understanding of events.

Combining multiple data streams can ultimately lead to improved detection and prediction of potential threats or incidents. For example, in emergency scenarios, pairing visual data with audio analysis can enable security teams to respond more quickly and precisely. This context-aware approach can potentially elevate safety, security and operational efficiency, and reflects how system operators can leverage and process multiple data inputs to make better-informed decisions.

According to the Axis report, interviewees emphasised that responsible AI and ethical considerations are critical priorities in the development and deployment of new systems, raising concerns about decisions potentially based on biased or unreliable AI. Other risks highlighted include those related to privacy violations and how facial and behavioural recognition could have ethical and legal repercussions.

As a result, a recurring theme among interviewees was the importance of embedding responsible AI practices early in the development process. Interviewees also pointed to regulatory frameworks, such as the EU AI Act, as pivotal in shaping responsible use of technology, particularly in high-risk areas. While regulation was broadly acknowledged as necessary to build trust and accountability, several interviewees also stressed the need for balance to safeguard innovation and address privacy and data security concerns.

“The findings of this report reflect how enterprises are viewing the trend of AI holistically, working to have a firm grasp of both how to use the technology effectively and understand the macro implications of its usage. Conversations surrounding privacy and responsibility will continue but so will the pace of innovation and the adoption of technologies that advance the video surveillance industry and lead to new and exciting possibilities,” Thulin added.

Continue Reading

Artificial Intelligence

CyberKnight Partners with Ridge Security for AI-Powered Security Validation

Published

2 weeks ago

on

May 8, 2025

By

The automated penetration testing market was valued at roughly $3.1 billion in 2023 and is projected to grow rapidly, with forecasts estimating a compound annual growth rate (CAGR) between 21% and 25%. By 2030, the sector is expected to reach approximately $9 to $10 billion. The broader penetration testing industry is also expanding, with projections indicating it will surpass $5.3 billion by 2027, according to MarketandMarket.

To support enterprises and government entities across the Middle East, Turkey and Africa (META) with identifying and validating vulnerabilities and reducing security gaps in real-time, CyberKnight has partnered with Ridge Security, the World’s First Al-powered Offensive Security Validation Platform. Ridge Security’s products incorporate advanced artificial intelligence to deliver security validation through automated penetration testing and breach and attack simulations.

RidgeBot uses advanced AI to autonomously perform multi-vector iterative attacks, conduct continuous penetration testing, and validate vulnerabilities with zero false positives. RidgeBot has been deployed by customers worldwide as a key element of their journey to evolve from traditional vulnerability management to Continuous Threat Exposure Management (CTEM).

“Ridge Security’s core strength lies in delivering holistic, AI-driven security validation that enables organizations to proactively manage risk and improve operational performance,” said Hom Bahmanyar, Chief Enablement Officer at Ridge Security. “We are delighted to partner with CyberKnight to leverage their network of strategic partners, deep-rooted customer relations, and security expertise to accelerate our expansion plans in the region.”

“Our partnership with Ridge Security is a timely and strategic step, as 69% of organizations are now adopting AI-driven security for threat detection and prevention,” added Wael Jaber, Chief Strategy Officer at CyberKnight. “By joining forces, we enhance our ability to deliver automated, intelligent security validation solutions, reaffirming our commitment to empowering customers with resilient, future-ready cybersecurity across the region.”

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.