- API Penetration Testing

Top-7 Cybersecurity Breaches in Bahrain

Learn about the state of cybersecurity in Bahrain and the 7 biggest breaches in this country.
As we know, the major goal of cybercrime is to damage a business by hacking, obtaining, or destroying critical information. Another important reason for the data breaches is getting the financial profits, and the more valuable data they've managed to receive, the higher prices they will require for its deletion.

Which areas the hackers are mostly focused on? According to the report by ResearchGate, data and finances are the largest and most vulnerable cybercrime sectors in Bahraini organizations. Because of this, businesses can experience notable decreases in different perspectives, including reputational loss (29%), delays in time (26%), customer loss or churn (16.4%), and more.

Analyzing the most famous cybersecurity incidents and data breaches in Bahrain is one of the top priorities businesses should focus on. These case studies can provide an overall idea of different cybercrime cases, detect the possible weak points of a certain organization and develop an effective strategy to combat the possible attacks and how to combat them.

In this article, we'll uncover the various cyberattacks in Bahrain you should certainly learn from to protect your business from data breaches.

Let's start right now!
#1 Bahrain's National Oil Company Bapco: A Major Cyberattack by Iranian Dustman Malware
On December 29, 2021, several sources reported on a major cyberattack on Bapco, Bahrain's national oil company. According to the report announced, the attack has been organized by Iranian state-sponsored hackers, who deployed a new strain of data-wiping malware called Dustman. Once it's launched on a computer, this malware can delete the data on the infected computers, thus possessing serious threats to the company's performance. The core component of Dustman is EldoS RawDisk, a legitimate software toolkit for working with files, disks, and partitions. By using different tactics and techniques, this malware can gain access to the admin level where it unpacks and launches the EldoS RawDisk to delete data on all the hosts infected.

Luckily, this incident has impacted only a portion of Bapco's computer system, so the company continued to operate after the malware's detonation. Additionally, they have sent the alert to Bahrain's local companies working within the energy market to urge them to secure their internal network system.

In general, that's not the first data-wiping cyberattack on energy companies linked to the Tehran regime: in 2012 the Shamoon malware (also known as Disttrack) has impacted over 32,000 machines at the Saudi Aramco oil company in Saudi Arabia. A few years later the two more versions of Shamoon were detected during the series of attacks in 2016-2017 and 2018-2019.
#2 Electricity and Water Authority Are At Risk: Hackers Gained Control Of the System
At the same time, wiping the internal data of critical infrastructure is not the only issue security managers should know about. In August 2019, the authorities of Bahrain has reported a series of cyberattacks on the government computers and critical infrastructure in Bahrain. Analysts and experts suspect this criminal activity is related to the Iranian government, who's escalating its cyber activity recently.

As a result of this, in July 2019, there was a major cyberattack on the world's biggest aluminum smelters – Alba company (also known as "Aluminium Bahrain"), according to the report from Wall Street Journal on August 8, 2019. Additionally, the authorities in Bahrain discovered a number of intrusions into the Electricity and Water Authority, with some systems being shut down by hackers, as well as gaining limited control of parts of the system. It is suspected that Iranian hackers want to find out which systems they can hack, which aspects they need to the extent, and how to make use of this further.

These intruders indicate the criminals are going to bring massive disruptions to the most important infrastructure of Bahrain, so the companies have to strengthen their cybersecurity strategies to confront the further large-scale cyberattacks.
#3 Bahrain Center for Human Rights Meets the "Zero-Click" Attack
However, not only Bahrain's companies can be at risk. In August 2021, the Bahrain Center for Human Rights har reported a serious zero-click attack on one of their activists. According to the internet watchdog Citizen Lab, the hackers took advantage of the iPhone's unknown security vulnerability in Apple's iMessage with the use of a zero-click cyber attack.

The core feature of the zero-click attack implies the "zero" interaction with users for infecting their devices. Similar tactics were earlier applied in pushing the Pegasus spyware, developed by Israeli firm NSO Group.

This hack is important not solely because it circumvents Apple's security in iOS 14.4 and iOS 14.6. Moreover, the new tactics avoid the powerful built-in security software of all versions of iOS 14, also known as BlastDoor. Originally, this system was designed to eliminate receiving the malicious data sent over the iMessage app.

In Apple company, it wasn't clearly said if they have found and fixed this vulnerability the NSP is exploiting, and in their boilerplate later re-released the statement that the "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals", thus not a threat to the overwhelming majority of Apple users.
#4 The Major APM Terminals Suffered From a Large-Scale Cyber Attack
In June 2017, Transportation and Telecommunications Ministry under-secretary for ports and maritime affairs Hassan Ali Al Majed claimed the APM Terminals had been subjected to a large-scale cyber attack compromising its IT systems. According to the Cisco Cyber Security Leader for the Middle East and Turkey Scott Manson, the malware used for this attack was able to lock down the machine or system and take control under the data it contains. Once the system is being entered, it uses three different ways to spread within the network.

The main target of criminals wasn't revealed, as the cyberattack had been contained and the company started working on the system recovery. However, the company's performance still had been impacted, with some customers experiencing delays in the transit of shipments. Particularly, it impacted the inter-continental or non-EU European deliveries, as the IT department was to resolve the system security.

Because of this accident, the TNT Bahrain company announced they were temporarily "experiencing interference with some of our systems within the TNT network" and reassured the issue will be remediated as soon as possible.
#5 Facebook Data Leak Affects Over 1.4 Million of Users in Bahrain
Social media platforms have also become a powerful data source the cybercriminals would like to make use of for personal profit. The most infamous user data leak which occurred in April 2021 has impacted over half a billion Facebook users, including 1.4 m from Bahrain. In general, the personal information posted included the phone numbers, email credentials, locations, and birthdates.

The experts say the attack put user safety at risk, as their accounts could be easily hijacked and their personal information used for gaining bank card details, business accounts, and more. Some of the scammers could also use the user information to contact them directly for blackmailing, make the calls on their mobile phone numbers and ask for OTP or PIN text messages in return.

In fact, that's not the first case of Meta's (ex. Facebook) data leak. Earlier, in 2020 the vulnerability that enabled seeing the user's phone number linked to every account on Facebook was uncovered, which resulted in generating a database containing the critical information of millions of users from any part of the world.
#6 Major Hacking of the Bank of Bahrain
As we've mentioned before, the financial industry is one of the most critical branches that require increased cyber protection to prevent crime breaches. One of the breaks that prove this fact happened on August 14-15, 2021, when the Nigerian Cyber Fraud gang hacked the Bank of Bahrain and Kuwait's server, defrauding Rs 5.5 crore (around $739,000) on their accounts.

The incident was revealed the next day when the bank opened, so the officials approached the Mumbai Crime branch and lodged a complaint. According to the official sources, the kingpin of the gang, identified as Martin, a Nigerian, claimed that he has dozens of agents across the country. The costs gained as a result of a cyberattack were transferred to his agents on around 87 different bank accounts from Delhi, Madhya Pradesh, and Assam. Apparently, his accomplices from the Cyber Fraud gang worked for a certain percentage.

Such a major system breach, once again, proves the necessity of constantly improving the bank security and digital system of the financial industry in general.
#7 Iranian State Cybercriminals Targeted Microsoft's IT Sector
In November 2021, the Iranian cybercrime organizations hit Microsoft security systems, aiming to obtain the credentials for further compromising of the customer networks. According to the expert review at Microsoft Threat Intelligence Center (MSTIC) and Digital Security Unit (DSU), this cyberattack is a key step towards hacking the critical organizations of interest to the Iranian government.

Due to the research by BleepingComputer, so far over 40 IT services organizations have received more than 1,600 alerts conducted by Iran-based Advanced Persistent Threat (APT) gangs. To compare, there were 48 as for 2020 and only 15 security notifications throughout 2019, which indicates a significant increase in the number of attacks.

A vast number of these hackings were noticed in the various IT services companies, located in the Middle Eastern countries, including Israel, United Arab Emirates, and Bahrain. The recent reports for July and September have uncovered two Iranian cybercrime gangs known as DEV-0228 and DEV-0056 responsible for extending their attacks and compromising the list of defense, energy, legal, and IT organizations in Israel and Bahrain.
Wrapping Up
Having analyzed all these cases, we can conclude that being aware of the various cyberattacks, as well as analyzing the crime tactics used to break into the system are the most important preventive measures each business should pay attention to. As a result, you can significantly strengthen the digital security of your business and build an effective strategy on how to act when being attacked by cybercriminals, which means better protection of the most important data, brilliant business reputation, and increased customer flow.

If you want to evaluate the security of your IT infrastructure and develop a robust security strategy, feel free to contact Cyberlands and use our penetration testing services. Team