More discreet than traditional warfare but equally capable of wreaking havoc, cyberspace has become an increasingly favoured battleground in the Middle East, as states and other regional actors vie for a new cyber supremacy.
Cyberattacks in recent months have increasingly targeted civilians, for example when Iran’s national fuel distribution network was paralysed in October 2021. By disrupting the smart payment system that the government uses to distribute subsidised petrol, hackers forced almost all of Iran’s petrol stations to close, which further aggravated social and political discontent in the country.
Shortly after the attack, for which Iranian authorities blamed Israel, the Iran-affiliated hacker group Black Shadow leaked the personal data of Israeli users of the LGBTQ dating app Atraf. Hila Peer, chairwoman of The Aguda, an association that fights for LGBTQ rights, told AFP that the hackers had “chosen the right target if they wanted to cause panic,” as the leaks could put the lives of some users “in danger.”
Chris Kubecka, chair of the Middle East Institute’s cyber programme, is one of many experts who warn that attacks on civilians are becoming more systematic and their consequences more devastating. “Attacks on civilians, whether for money or for other reasons, including because they hold sensitive information, have become frequent. It’s very difficult for individuals to effectively defend themselves against cyberattacks of this magnitude. Their vulnerability makes them easy targets,” she tells Equal Times.
The cybersecurity company Kaspersky reported a 17 per cent increase in malware attacks in the Middle East in the first half of 2021. The primary reason for this increase in attacks targeting individuals is the coronavirus pandemic, which has forced many people to work remotely without the real means or knowledge required to protect themselves against cybercriminals.
Another reason is the rapid digital transformation taking place in the region, accelerated by the pandemic. As Kubecka explains, the lack of time and skilled labour required to digitise IT systems has resulted in loopholes that cybercriminals can exploit to attack companies, organisations and governments.
It should come as no surprise that the healthcare sector has seen the greatest increase in cyberattacks during the coronavirus pandemic – a 97 per cent increase according to the 2022 Global Threat Landscape Report issued by the cybersecurity company Sectrio. Cybercriminal groups were able to adapt to the crisis and take advantage of the large-scale digitisation of personal data that occurred during the pandemic, particularly of sensitive medical data, which can be sold at a very high price.
“Applications designed to help fight Covid-19, as well as laboratories and hospitals, have been subject to systemic cyberattacks, often accompanied by ransom demands,” says Kubecka.
Following a resumption of tensions with Tehran, Israel reported several dozen attacks on its hospitals and medical centres between October and December 2021. Even the International Committee of the Red Cross and the Red Crescent were recently the targets of a major global attack that compromised personal data and confidential information on more than 515,000 highly vulnerable people, including individuals separated from their families due to conflict, migration and disaster, as well as people in detention.
The “cyber pandemic” and massive cybersecurity investments in the age of Covid-19
Speaking in front of a panel at the Gulf Information Security Expo and Conference in Dubai, Mohamed al-Kuwaiti, head of government cybersecurity for the United Arab Emirates (UAE), said that the Middle East was facing a “cyber pandemic.” The wealthy Gulf States have been the main targets for attacks in the region as they currently are transitioning to technologies such as the Internet of Things, artificial intelligence and blockchain, which can be infiltrated by malware.
In addition to the health sector, other critical infrastructure such as energy plants, oil and gas transport networks, ports and large manufacturing plants have been targeted. Last year, hackers launched a ransomware attack against oil producer Saudi Aramco, the world’s largest exporter of crude oil, which resulted in a data leak and an attempted extortion of US$50 million.
In response to the increase in cyberattacks, several countries in the region have invested heavily in sophisticated security systems. According to Research and Markets, the size of the Middle East cybersecurity market is expected to grow from US$19 billion in 2021 to US$29 billion in 2026, at an annual growth rate of 7.9 per cent.
Despite the competitive nature of the sector, these new investments are expected to primarily benefit Israel, the clear leader in cybersecurity. Now that Israel has normalised relations with the Gulf countries, Kubecka even foresees an increase in cyber cooperation.
“Now that the United Arab Emirates and Bahrain have signed the Abraham Accords [with Israel], the Israeli cyber market has opened up to the Gulf states. Before the treaty was signed, we would never have seen Israeli IT security tools, like the supplier Check Point, in these countries.”
At the same time, the region’s other heavyweight, Iran, has moved closer to its strategic partner – Russia. In January 2021, the two countries signed a joint agreement on cybersecurity cooperation, including technology transfer, information sharing and mutual cooperation during global events. China and Iran have also strengthened their long-term partnership by signing a 25-year strategic cooperation agreement, which includes a range of joint cybersecurity projects.
The dangers of lacking legislation in the age of cyber warfare
Cyberattacks and cyber cooperation in the region are deeply geopolitical in nature and depend on the tensions and rapprochement between the various state and non-state actors.
Faced with the growing normalisation between Turkey and countries such as the United Arab Emirates, Saudi Arabia and Israel, Iran escalated its cyber campaign against Ankara last February. The increase in cyberattacks and the associated dangers for the population are a cause for concern among experts such as Loic Guezo, secretary general of French cybersecurity association Clusif. He worries that excessively complex legal frameworks prevent cyberspace activities from being regulated.
“One of the major challenges of regulating cyberspace is to limit its use against vital infrastructure such as hospitals, public buildings and sensitive industries. Cyberspace already plays a major role in today’s conflicts and it will only increase in the future, which is why we need better regulation.”
Some countries, such as the UAE, recently passed a series of new laws in February 2022 aimed at curbing such wide-ranging practices as hacking, identity theft, electronic armies and cryptocurrencies on their soil, while increasing penalties – both criminal and financial – for violations. Thirteen Arab countries have passed similar laws on cybercrime. But according to Kubecka, while cyberspace is increasingly being regulated at the national level, there is still far too little coordination at the international level.
“In the context of a conflict, you can’t [according to the laws of war] physically attack a hospital, but there is nothing stopping an entity from launching a cyberattack on medical centres,” he says. “Without regulation, we can expect cyberattacks on critical infrastructure that can be very deadly and kill thousands of civilians.”