Threats grow in Saudi Arabia’s cyber sector

Saudi Arabia's wealth makes it an attractive target for cyber criminals, but what have been the recent trends in cyber crime?

This article can also be found in the Premium Editorial Download: CW Middle East: CW Middle East: How women can fill the tech skills gap

Saudi Arabia is an attractive country for investors and criminals alike. As the world’s largest producer of oil, it has a robust economy with some of the biggest organisations in the region, a large population, strategic geographical location and strong consumer spending power.

But most recently, it is cyber criminals that have taken a particular interest in the country, prompting the government to establish the Saudi National Cyber Security Centre (SNCSC), which was launched officially in February this year.

Saleh Ibrahim Al-Motairi, director-general of the SNCSC, told local news outlets that Saudi Arabia had suffered almost 1,000 cyber attacks in 2016, with targets including infrastructure and intellectual property.

Ransomware is the most common type of cyber attack used in the country and across the Middle East.

According to Symantec’s Internet security threat report, Saudi Arabia is the most “impacted” country in the Middle East and Africa (MEA) region in terms of ransomware and ranks 31st globally.

“We have seen that organisations in Saudi Arabia faced a significant amount of malware attacks, ranking fourth within MEA,” said Eyas Hawari, country manager for Saudi Arabia at Symantec.

Perhaps the country’s most worrying vulnerability is in the field of cyber espionage. “More recently, we have seen notable cases of organisations in the country targeted by spear phishing campaigns, including Shamoon and Greenbug, which are carefully crafted and targeted attacks designed to steal data, spy or sabotage an organisation,” said Hawari.

These attacks have not just caused large financial losses, they have also undermined and damaged the country’s reputation. “Criminals tend to target organisations that are huge in scale and are state-owned,” said Arthur Dell, director of technology and services, Middle East, at Citrix. The energy sector is especially at risk, he said.

Read more about cyber security in the Middle East

  • In the wake of the Shamoon and Shamoon 2.0 malware attacks, a new wiper called StoneDrill is targeting organisations in the Middle East and Europe.
  • As the Middle East IT industry continues to transform and embrace digitisation, what are the greatest threats it faces today?
  • Cyber security issues will be a major theme at this month’s Gitex Technology Week 2016 conference in Dubai.
  • Hot on the heels of the Qatar National Bank breach comes a campaign employing advanced social engineering techniques.

Shamoon is the most notorious attack to have hit Saudi Arabia. The malware first made headlines in 2012 when it was used against energy companies in Saudi Arabia, wiping the master boot records and replacing them with an image of a burning US flag. It destroyed 35,000 computers at state-owned oil company Saudi Aramco in the space of a few hours and compromised strategic information, forcing the company to invest heavily to update its IT infrastructure.

The malware was unleashed when a computer technician unwittingly opened an email containing a suspicious link.

Shamoon resurfaced in November 2016, disrupting operations at about 15 Saudi state bodies and corporations, including Sadara Chemical Co – a joint venture between Saudi Aramco and the US’s Dow Chemical – and the country’s General Authority of Civil Aviation. The difference this time was that the attackers used a photograph of the body of Syrian-Kurdish refugee Alan Kurdi, who drowned in the Mediterranean in 2015.

Stonedrill, another cyber espionage attack linked to Shamoon, was discovered in Saudi Arabia in March 2017, according to Kaspersky Lab, which did not identify the specific target. This is a similar wiper malware that destroys everything on the infected computer and is intended to cause maximum damage.

Most observers believe Iran is behind these attacks, highlighting the longstanding political tensions between the two oil producers, who are currently fighting a proxy war against each other in Yemen.

Saudi Arabia has also recently fallen victim to Greenbug, a cyber espionage group that has targeted a range of organisations in the region in the aviation, energy, government, investment and education sectors.

“It was a simple type of attack, but effective in causing the damage it intended,” said Symantec’s Hawari. The security software maker believes Greenbug could be linked to Shamoon.

Cyber security strategy

The threat-laden cyber landscape has pushed Saudi Arabia to give greater consideration to its national cyber security strategy as the country embarks on its Vision 2030 plan, which aims to diversify its economy. Technology will play a significant role in facilitating the vision and the digitising of almost all government data will inevitably make it more vulnerable to hackers.

“Saudi Arabia’s Vision 2030 will rely heavily on technology to be successful,” said Citrix’s Dell. “Mobile working practices will see an increase in adoption rates throughout the public and private sectors.”

However, digital transformation is also driving the rise in cyber attacks. Big data, smart city initiatives and some of the world’s highest mobile and internet penetration rates make Saudi Arabia and the wider Gulf Co-operation Council area an attractive target for cyber criminals.

“One major type of threat on the rise is attacks on cloud services,” said Hadi Jaafarawi, managing director of Qualys Middle East. “More enterprises are utilising the cloud due to its many benefits, but what is often overlooked is the security aspect.”

These attacks are becoming more frequent and more sophisticated. “Hackers are increasingly looking towards targeting data warehouses that contain valuable information, which they can then hold for either ransom or exploit for blackmail and other purposes,” said Jaafarawi.

Hospitals targeted

The industries most at risk tend to be finance and banking, a trend reflected across the region. Healthcare organisations are also increasingly under threat. According to Jaafarawi, entire hospital IT systems have been locked out by targeted ransomware attacks, forcing patients to be transferred to other treatment facilities.

“Saudi Arabia has tremendous wealth, making its organisations obvious targets for transnational crime groups,” said Tom Patterson, chief trust officer at Unysis. “But I have been very pleased with what I’ve seen in the country – it has been really forward-thinking in creating cyber security sectors.”

Saudi Arabia is one of the world’s highest spenders on cyber security technology, with the market expected to grow to $3.5bn by 2019 – an annual growth rate of 14.5%, according to the National Cyber Security Centre.

But there is still a long way to go. Despite this high expenditure, the Middle East region as a whole ranks in the bottom 50 globally for cyber education and training, according to a report from PricewaterhouseCoopers.

“With cyber criminals constantly honing their skills, it is everyone’s responsibility to secure the country,” said Qualys’ Jaafarawi. “There is a need now, more than ever, for there to be constant dialogue and collaboration between the public and private sector, to discuss the challenges and come up with solutions together.”

Read more on Hackers and cybercrime prevention