Israel Aided UAE in Defending Against DDoS Attack

Israel earlier this year aided the United Arab Emirates (UAE) in helping repel a major distributed denial-of-service (DDoS) attack.

Speaking at last week's Cyber Week in Tel Aviv, UAE head of cybersecurity Mohamed Al Kuwaiti said that attacks "continuously come and go" and praised the Abraham Accords, which were ratified in 2020 to strengthen Middle East relations. "Thank God for the partnership, with the relationship that we have; it helped us elevate as well as to prepare an early warning system," he said.

According to Jewish Press, Gaby Portnoy, director general of the Israel National Cyber Directorate, joined Al Kuwaiti onstage at the conference, as did national cyber representatives from Bahrain, Morocco, and the US.

Al Kuwaiti noted that "cybersecurity is an important aspect for us all" and that many of Israel's startups are "helping us as a matter of fact to build up that cyber dome or to extend that cyber dome to defend against cyberattacks," a report by All Israel said.

The DDoS attack declaration by Al Kuwaiti came in the same week as a formal announcement was made to increase intelligence sharing between the UAE and Israel with the so-called Crystal Ball project, a partnership between Israel and the UAE's cyber teams and backed by private industry. Crystal Ball is intended to detect and repel hackers via collaboration and knowledge sharing around national-level cyberthreats.

"It is a well-known fact that criminal gangs are working together to victimize individuals and companies, any improvements in international cooperation between nation-states to tackle these threats is a welcome move," says Brian Honan, CEO of BH Consulting.

No Clarity in MuddyWater?

At CyberWeek, Portnoy reportedly mentioned cyberattacks the group MuddyWater initiated against Israel. He said the MuddyWater group has ties to Iran's Islamic Revolutionary Guard Corps (IRGC), and blamed it for a cyberattack against the Technion Institute of Technology in Haifa. Technion was forced to disconnect its systems to prevent security damage and lose data.

According to a new blog from Deep Instinct's Simon Kenin, a custom-made command and control server was detected in the attack against Technion, and MuddyWater have been using that server since 2021.

"The group doesn't just work against Israel, but rather also hacks civilian targets in many other countries, including Turkey, Saudi Arabia, Egypt, Morocco, India, Bahrain, Oman, Kuwait, and others," Portnoy said.

The MuddyWater group has previously been linked to spear phishing campaigns against employees of Middle East telecom operators, as well as with cyber surveillance activities.