150K+ UAE Network Devices & Apps Found Exposed Online

The rapid adoption of IT and operational technology (OT) by the United Arab Emirates (UAE) has dramatically increased its attack surface, with nearly 155,000 recently discovered remotely accessible assets left vulnerable due to misconfigurations and insecure applications.

The vulnerable assets include remote access points, network administration interfaces, insecure network devices, and open file sharing systems, according to newly published findings in the "State of the UAE Cybersecurity Report 2024." While exploitable public-facing applications account for less of the attack surface, insider threats have increased their share, according to the report, published by cybersecurity firm CPX.

To shore up defenses, policymakers, businesses, and citizens need to work together to harden the nation's infrastructure and improve overall cybersecurity, Hadi Anwar, executive director of strategic programs at CPX, said in a statement. 

"The economic fallout from cyber incidents, as detailed in our analysis, necessitates a unified approach to bolster our national defenses," he said. "This involves not just adopting advanced technologies and practices but also fostering a culture of cyber awareness and resilience."

The United Arab Emirates has embarked on a bevy of cyber initiatives, including smart city projects, digital transformations, and efforts to spur its digital economy. In 2017, Dubai established the Dubai Electronic Security Center (DESC) and created the Dubai Cyber Security Strategy, a second version of which was released in 2023. Following that initial effort, the national government created its National Cyber Security Strategy in 2019, which called for new laws and regulations, and an ecosystem that supported cybersecurity.

Cyberattack Surface Spreads

As more organizations expand their use of cloud computing and OT, and incorporate AI and machine-learning into their business operations, the country's cyberattack surface is also growing, according to Mohamed Al Kuwaiti, the head of the Cyber Security Council for the United Arab Emirates.

"This evolution offers threat actors more opportunities to infiltrate systems illegally," he said, pointing to ransomware as a significant threat. "Additionally, we are witnessing a rise in distributed denial-of-service (DDoS) attacks against UAE organizations, particularly against our critical infrastructure, amid a challenging geopolitical climate that amplifies cyber threats."

In the first nine months of 2023, the government detected and blocked more than 71 million cyberattacks, and the vast majority of companies in the UAE have faced cyberattacks over the past two years. 

DDoS Unleashed

More than a quarter (27%) of incidents handled by CPX's security operations center (SOC) involved misconfigurations, while another 22% were caused by malware and 10% started with email fraud and phishing. Fifteen percent of incidents involved a probe or attempted access, while another 15% were the result of an individual gaining access to data or a system without authorization.

In addition, more than 58,000 denial-of-service attacks targeted the country's network space in 2023, with the maximum bandwidth for an attack exceeding 260 Gbps. 

Overall, the SOC considered 3% of incidents to be of critical severity, while nearly a quarter (23%) of incidents were designated as high severity. The rapid adoption of AI technologies is also expected to expand the collection of applications that need to be secured by organizations, according to the report.

It's Cybercrime, Too

In 2023, the North Korean–linked Lazarus Group — also known as Hidden Cobra and Sapphire Sleet — actively conducted espionage operations and destructive attacks in the region, undermining the common wisdom that attacks against the UAE are motivated by regional geopolitics, according to CPX.

In fact, nearly one-third of attackers (29%) appeared to be financially motivated cybercriminals, while 21% were insider threat actors. Though nation-state attackers and the region's geo-political tensions tend to get the most coverage, only 14% of attacks are attributed to nation-states, according to the CPX report. 

"This activity challenges the prevailing belief that the Nation is only targeted by regional adversaries, highlighting the global scale of threats the UAE faces," the report stated.

Businesses and government agencies' investments in cybersecurity are paying off, however. In 2023, two-thirds of attackers were detected within days and 93% identified within weeks, a significant improvement compared to 2022, when only 56% of attacks were identified within weeks.

"UAE organizations must establish comprehensive cybersecurity programs that extend beyond technical defenses to include awareness campaigns," the report stated. "These initiatives should aim to educate employees on the potential cyber threats they face, encouraging vigilance and prompt reporting of suspicious activities."