- API Penetration Testing

Top 10 Cybersecurity Breaches in Gulf Cooperation Council

Learn about the state of cybersecurity in Gulf Cooperation Council and the 10 biggest breaches in this region.
Cyberattacks are happening regardless of organization type or size. Big, middle-sized, and small businesses, governmental organizations, apps, healthcare, and media all become targets of criminals online. Sometimes its aftermaths are minor and sometimes they may cause international conflicts.

Countries of the Gulf Cooperation Council, meaning Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates, often become targets of ransomware and state-sponsored cybercriminals. Some of the incidents had real-life consequences like diplomatic conflicts and threats of catastrophes. Therefore, they had to take care of their cybersecurity in order to survive in such harsh conditions.

Some of the countries have already landed in the top-10 for cybersecurity efforts in the world while others continue to explore their resources, teach their citizens about best security practices and establish their cybersecurity centers. The countries also cooperate to enhance cybersecurity in the region overall and host major cybersecurity events to attract masterminds all around the world.

Yet, there is still a long way to go. Meanwhile, we collected the top-10 cybersecurity breaches in the Gulf Cooperation Council to discover and learn from.
#1 The United Arab Emirates. The Airline Emirates Leaked Customer-Related Data
It became a great scandal when the Airline Emirates was caught leaking customer data to third parties. Emirates is the biggest airline in the country and the entire Middle East, and it is also the largest Boeing 777 operator in the world. Throughout their 36 years of experience, they accumulated a fleet size of 252 vehicles and unlocked 157 destinations.

One of their clients, a cybersecurity engineer, was trying to book a vacation for his family and found out how the airline leaks data to Crazy egg, Boxever, Coremetrics, Google, and Facebook, and other 9 third-party trackers. He noticed that the company used 300 data points to make a single booking which is way more than it should be. After a closer inspection, he also discovered that they used non-secure protocols and had from little to no encryption on most pages.

Now, 15,8 million people will have used the airline in 2020 alone and their data was disclosed without their permission and there was a high risk of the breach. If hackers decided to misuse the vulnerabilities, they would not have to even try too hard - all info is accessible. It is surprising that the company did not put up the simplest security measures.
#2 The United Arab Emirates. Hackers Exposed Customer Data After UAE Invest Bank Refused to Pay Ransom
Ransomware is a really big problem in the UAE - 42% of businesses had to give up their existence to pay off the debt.

However, there are also businesses that just decide to roll with it, as the UAE Invest Bank did. One of the largest banks in the country, they were attacked by a hacker who stole customer records and wanted about $3 million of a ransom in bitcoin. It was not a typical case of ransomware though - it did not involve the malware that pushes the company out of the system. They just siphoned data from SQL databases: transactions, credit card numbers, amount of purchase, and authorization codes.

The hacker used the data to write emails to customers and threaten them as well as the company. The Invest Bank refused to pay and the information of clients ended up on Twitter. It is estimated that there were over 50,000 clients involved. In the end, there were no financial losses on any side.
#3 Saudi Arabia. World's Largest Oil Producer Saudi Aramco Became a Victim of Ransomware Attack
Unfortunately, it is not enough to invest in the company's protection. You also have to make sure that all your partners and contractors are doing well in cybersecurity too. Especially if you are the biggest oil company in the world like Aramco.

They have had bad experiences in the past when the Shamoon virus destroyed 30,000 computers. They did work with their cybersecurity but were betrayed by the weak protection of one of their contractors. Hackers stole 1,000 gigabytes of data and put it up on the dark web. Customers and invoices suffered the most - there were passport scans in there. The hackers offered the company a chance to buy it for $50 million in cryptocurrency or for anyone to get it just for $5 million. It has been 5 months since the incident and nobody knows whether they paid.
#4 Saudi Arabia. Saudi Petrochemical Plant Suffered a Cyber Attack
Sometimes cyberattacks may have bad real-life consequences if hackers mess up with power plants. It happened in 2018.

The target of the attack became the Saudi Petrochemical Plant. Hackers wanted to shut down its safety controllers with the help of software but something did not work in the very last stage. If it had functioned as intended, the country would have seen a massive explosion. Instead of this, the plant had randomly stopped working during the day and then shut down completely which was also quite dangerous.

It is possible that the attack was state-sponsored because the malware involved was too complex and sophisticated. Regular hackers also do not normally want to cause physical damage like that.
#5 Qatar. National Gas Company RasGas Hit with Virus During the Series of Attack on Energy Sector
The countries of the Gulf Cooperation Council often suffer from the attacks on gas and oil businesses since they are the backbone of their economy. Qatar has faced some complications as well.

RasGas was the second biggest liquified gas producer until they emerged with Qatargas, the first biggest producer. In 2012, they faced a Shamoon virus that had previously hit other big energy companies like Saudi Aramco and an American company. In comparison, Qatar did not suffer much. They had to shut down all their computers and isolate them from the web to stop the spread of the virus. Their website was not up for several days, as well as their IT infrastructure overall. It did not stop their liquified gas-producing activity.
#6 Qatar. National Domain Registry Compromised by Syrians
There are numerous cyberattacks initiated because of the political motifs. Sometimes they go as far as to cause a conflict and sometimes they serve as a reminder about the existence of some political group.

That is exactly what happened to the Qatar domain registry. The Syrian Electronic Army who supported the Syrian president and attacked rebels decided to deface a range of Qatar domains. Some international websites like Google and Facebook were affected, as well as Qatar media outlets, a couple of ministries, and other high-profile websites. The hackers claimed that Qatar supports terrorism in Syria and that is why they attacked the country's registry.
#7 Bahrain. National Oil Bapco Becomes a Target of Iranian Hackers
The Bapco attack that happened in 2021 was sponsored by the state as well. Iran actively attacks energy companies in the Gulf Cooperation Council and outside. The Shamoon virus that we have mentioned earlier was launched by this state as well.

A national oil company Bapco faced Dustman, a new virus from Iran that deletes the computer's essential data. As a result, the systems slow down significantly. If the virus reaches the admin panel, it deletes files on all the computer hosts. Bapco was compromised over the summer and while hackers were leaving the system, they tried to hide forensic evidence of their presence. They made numerous mistakes along the way and decided to wipe away the entire system to cover everything up. It did not work well - the virus did not spread much, worked badly because the attackers were in a hurry, and was overpowered by an antivirus that Bapco had.
#8 Bahrain. Government Computers and Critical Infrastructure Became a Subject of Attack of Iranian Hackers
It is yet another attack backed up by Iran. The state-sponsored hackers were discovering what systems to hack, what vulnerabilities are out there, and how they may use it to their own advantage.

Along the way, they shut down several systems and gained control over small parts of some. All-in-all, the Electricity and Water Authority, the National Security Agency, the first deputy prime minister's office, and the Ministry of the Interior were targeted. It was a small part of the other 6 million attacks that the country experienced that year but it was the most massive one.

Since they were only exploration attacks, the country concluded that there will be more severe attacks in the future and started to actively grow their cybersecurity power. Sometimes you just need a little push to start working, huh?
#9 Oman. Turkish Hacker Intruded into the Bank Muscat System
More often than not, money is the only drive of hackers. They attack businesses, especially banks, rather than governmental organizations.

Bank Muscat in Oman was an ambitious goal and it was reached, in the end. The Turkish hacker logged into prepaid debit cards, stole 12 of them, added a couple of zeros to the balance, and deleted the withdrawal limit. He sent data to hackers around the world and they needed only 10 hours to withdraw 39 million dollars. They quickly exchanged them for luxury watches, cars, and other expensive items.

It was a massive hit for the bank since it was more than 10% of their entire earnings that year.
#10 Kuwait. National Bank Suffered a Phishing Attack
It is not only the organizations that need to learn more about cybersecurity but the individuals themselves. Humans oftentimes fall victims to phishing attacks that could have been avoided - they are always so obvious and yet users easily fall into the trap. In such cases, there is nothing that organizations can help with.

Back in 2008, hackers created an URL that was very similar to the original link of the Kuwait National Bank. The login page looked very real too. They were later asked to fill in their ATM pin and Civil ID which was normal for those days as well. At the moment, these attacks are easily avoided with link blockers and some cybersecurity literacy.
As you can see from the top 10 cyber incidents discussed in this article, even big and reputable organizations may become a victim of cyberattacks. Thus, it's important to constantly improve the state of your IT infrastructure and stay on top of the latest cybersecurity trends.

Cybersecurity has to be enforced on all levels: to the organization itself, its third-party contractors, and individual users. It is the only way to not fall victim to either simple phishing attacks or sophisticated state-sponsored malware. Team