The Middle East region is facing a “cyber pandemic” with Covid-19 related attacks skyrocketing this year, according to the United Arab Emirates government’s top cyber security chief.
“As we moved into a full online life, we saw a huge increase in many of those attacks,” Mohamed al-Kuwaiti, head of UAE Government Cyber Security, told a CNBC-moderated panel at the Gulf Information Security Expo and Conference in Dubai on Sunday.
The UAE has seen an “at least 250% increase” in cyberattacks this year, Al Kuwaiti said, as the pandemic forced organizations around the world to reconsider how and where they work and hackers and malicious actors took advantage of increased digital adoption.
“There is a cyber pandemic, not only a biological pandemic,” he said.
Al Kuwaiti also said that the United Arab Emirates was the target of “huge attacks” from “activists” against the UAE after it established formal ties with Israel in August.
“The financial sector was one of the most attacked areas, as well as the health sector,” Al-Kuwaiti revealed, without going into specific detail about the nature of the incidents in the UAE or whether they were successful.
The comments offer a snapshot into the increasingly challenging cybersecurity environment in the UAE and the wider Middle East region, where security breaches and attacks are widespread, frequently undetected and often state-sponsored.
Al Kuwaiti said a variety of sources were responsible for the attacks. “We see it coming from the whole region, but one is Iran,” he said, reflecting ongoing tensions in the region. Iran has also said that it has been a victim of hacking. The Iranian Foreign Ministry and Iran’s mission to the United Nations did not respond to a CNBC request for comment.
When asked what type of attacks were occurring most, Al Kuwaiti said “phishing” and “ransomware” were becoming more sophisticated and increasing in frequency. A phishing attack occurs when a cybercriminal masquerades as a legitimate person or business to extract sensitive information from a victim voluntarily. Ransomware occurs when a hacker blocks access to a victim’s files, then demands payment to restore access.
New research by multinational cyber security firm, TrendMicro, says critical public infrastructure and government IT systems were becoming a primary focus for hackers globally, with ransomware being their preferred weapon of choice.
“Current malicious actors have opted to demand heftier ransoms from targets that are more likely to pay, such as healthcare companies and local governments,” the report said.
Al Kuwaiti said the UAE had established a new National Cyber Security Council to develop policies and laws to strengthen cyber security, and ensure the country is not vulnerable to the types of attacks that could easily affect its society, government or businesses.
“The UAE has gone through a whole digital transformation,” he said. “The vision of our leadership is to build on top of that transformation.”
Al Kuwaiti said discussions were ongoing regarding lifting the ban on some Voice over Internet Protocol (VoIP) services in the UAE, such as WhatsApp and FaceTime calling.
“WhatsApp was opened for a specific part of time and it was used for some testing procedures, with the collaboration from WhatsApp themselves. There are some regulations that they still need to adhere to, and they are working on that,” he said, though he did not elaborate on what those regulations were.
“2021, we are optimistic towards that,” he added.
Popular services like Microsoft Teams, Zoom and Skype for Business are now unlocked, allowing remote work and learning, but WhatsApp and Facetime remain blocked for voice and video calls, meaning residents typically have to use fee-based services from one of the state’s telecoms providers, Etisalat and Du.