Connect with us

Cyber Security

UAE Under Siege from Cybercriminals Amid Global Email Attack Surge

Published

11 months ago

on

Acronis has shared new research findings from the first half of 2024 in its biannual cyber threats report by Acronis Threat Research Unit. Titled, “Acronis Cyberthreats Report H1 2024: Email attacks surge 293%, new ransomware groups emerge,” the report leverages over one million unique Windows endpoints from 15 key countries around the world to bring awareness to global trends in the cybersecurity industry. Most notably, the report found that email attacks have seen a 293% surge when compared to the same period in 2023.

The UAE witnessed a notable increase in malware detections with an 11.7% increase from January to May 2024. While the region is facing considerable cybersecurity challenges, these are part of a broader trend affecting many EMEA countries, particularly in terms of rising malware detections and high-profile ransomware attacks. Compared to other EMEA countries, the situation in MENA mirrors broader regional challenges. Bahrain had the highest malware detection rate at 63.2% in April 2024, followed by Egypt with 42.6% of organizations experiencing detections in the same month.

“The insights from Acronis’ H1 2024 Cyberthreats Report highlight the urgent need for heightened vigilance and advanced protective measures,” remarked Ziad Nasr, General Manager for the Middle East at Acronis. “The UAE has been identified as a ‘prime target’ for ransomware attacks, as cautioned by the country’s Cyber Security Council. In 2023, the average cost of a data breach in the Middle East exceeded $8 million.”

“MSPs are particularly vulnerable, facing persistent threats such as phishing, social engineering, and supply chain attacks,” Ziad continued. “Acronis encourages MSPs to adopt comprehensive security strategies, incorporating security awareness training, and leveraging advanced endpoint protection solutions like XDR and multi-factor authentication. Our commitment to delivering actionable insights through the Cyberthreats Report aims to empower organizations and enhance global cybersecurity resilience.”

Ransomware continues to be a major threat to small and medium-sized businesses (SMBs), particularly in critical industries such as government and healthcare. In Q1 2024, Acronis observed 10 new ransomware groups who together claimed 84 cyberattacks globally. Among the top 10 most active ransomware families detected during this time, three highly active groups stand out as the primary contributors, collectively responsible for 35% of the attacks: LockBit, Black Basta, and PLAY. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024.

In support of Acronis’ mission to tailor business initiatives to Managed Service Providers (MSPs), the report is observant of how MSPs are being targeted and compromised. Of note, attack vectors including phishing and social engineering, vulnerability exploits, credential compromises and supply chain attacks were highlighted as the most successful techniques used to breach MSPs’ cybersecurity defences.

“As a result of the increasing volume and complexities of cyber threats we continue to uncover in the current cybersecurity landscape, it is of the utmost importance that MSPs take a holistic approach to securing their customer’s data, systems, and unique digital infrastructures,” said Irina Artioli, report author and Cyber Protection Evangelist at Acronis Threat Research Unit. “To do this effectively, we recommend MSPs adopt a comprehensive security strategy, including mandating security awareness training and incident response planning, as well as deploying advanced endpoint protection solutions like extended detection and response (XDR), multi-factor authentication, and more.”

Additionally, the report focuses on emerging cybersecurity trends, highlighting the increasing use of generative artificial intelligence (AI) and large language models (LLMs) by threat groups. Specifically, it underscores the growing prevalence of AI being leveraged in social engineering and automation attacks. The most common AI-generated attacks that were detected include malicious emails, deepfake business email compromise (BEC), deepfake extortions, KYC bypass, and script and malware generation. Furthermore, Acronis researchers have identified two types of AI threats. The first involves AI-generated threats, in which malware is created using AI techniques but does not utilize AI in its operations. The second is AI-enabled malware, which incorporates AI into its functionality.

Other key findings from the report include:

Middle East Threat Landscape & Trends:

  • UAE’s monthly percentages of global detections remained relatively lower compared to high-risk countries like Germany, France, and Egypt, highlighting a growing but still manageable cyber threat landscape.
  • The UAE had varying monthly percentages of global detections ranging from 0.8% to 1.9% throughout the first half of 2024. In comparison, Germany’s percentages ranged from 6.4% to 9.9%, France’s ranged from 3.6% to 5.5%, and the United Kingdom’s ranged from 4.3% to 6.1%.
  • The UAE experienced a significant rise in the percentage of clients with malware detections. 17.6% of clients with malware detections in January 2024, 18.8% in February, 29.1% in March, and 29.3% in April and May. The sharp increase in malware detections among UAE clients, reflects a concerning trend of escalating cyber threats, emphasizing the urgent need for enhanced cybersecurity measures.
  • Other EMEA countries like Bahrain and Egypt also showed high malware detection rates, indicating a broader regional challenge
  • The ransomware attack on Seven Seas Technologies in the UAE highlights the region’s vulnerability to such threats, similar to high-profile cases in other EMEA countries
  • The emergence of various ransomware groups targeting different sectors across the EMEA region indicates a widespread and diversified threat landscape

Global Threat Landscape:

  • Bahrain, Egypt, and South Korea were the top countries targeted by malware attacks in Q1 2024.
  • 28 million URLs were blocked at the endpoint in Q1 2024.
  • 27.6 % of all received emails were spam and 1.5% contained malware or phishing links.
  • The average lifespan of a malware sample in the wild is 2.3 days.
  • 1,048 cases of ransomware were publicly reported in Q1 2024, a 23% increase over Q1 2023.

Cybersecurity Trends in H1 2024:

  • Ransomware continues to be a major threat to SMBs, and ransomware groups have abused vulnerable drivers to get a foothold in systems and disable security tools.
  • In the first quarter of 2024, PowerShell was the most frequently detected MITRE technique.
  • The number of email attacks detected in H1 2024 surged by 293% compared to the first half of 2023.

Ransomware Trends:

  • In Q1 2024, Acronis researchers observed 10 new ransomware groups that together claimed 84 cyberattacks globally.
  • The number of ransomware detections increased 32% from Q4 2023 to Q1 2024.

Attacks on MSPs:

  • MSPs were under consistent attack from January to May 2024, with data revealing email phishing campaigns were the most used by attackers.
  • The top five most frequently discovered MITRE ATT&CK techniques in the first half of the year included PowerShell, Windows Management Instrumentation, Process Injection, Data Manipulation and Account Discovery.

Phishing and email attacks:

  • Organizations experienced a surge in email communications, with the number of emails per organization increasing by 25%.
  • The rise in email volume coincided with a 47% increase in email attacks targeting organizations.
  • 26% of users encountered phishing attempts through malicious URLs.
  • Social engineering increased by 5% since H1 2023; however, malware attacks decreased from 11% in H1 2023 to 4% in H1 2024.

Leveraging AI:

  • Cybercriminals continue to leverage malicious AI tools like WormGPT and FraudGPT.
  • While AI can assist attackers at every stage of the cyberattack kill chain, it can also be used as a defence mechanism as it allows for around-the-clock detection of attacks and reports them to experts to take appropriate response actions to ensure smooth business continuity.

The Acronis H1 2024 Cyberthreats Report is curated by the Acronis Threat Research Unit and includes data surrounding ransomware threats, phishing, malicious websites and software vulnerabilities, and tips on how to protect against the aforementioned threats. Released bi-annually, the Acronis Cyberthreats Report sets the industry standard by consistently establishing itself as a benchmark for cybersecurity intelligence. Acronis’ analysis of the current cyber threat landscape is published for the benefit of its users, partners, and the broader, global cybersecurity community to help them stay abreast of ongoing cybersecurity developments.

Related Topics:
Continue Reading

Cloud

SentinelOne Simplifies Secure Cloud Migrations on AWS

Published

22 hours ago

on

June 13, 2025

By

SentinelOne today announced its participation in the Amazon Web Services (AWS) Independent Software Vendor (ISV) Workload Migration Program. This initiative supports AWS Partner Network (APN) members with SaaS offerings on AWS to accelerate and streamline workload migrations.

Through the program, SentinelOne will provide AWS customers with accelerated, secure cloud migration support, leveraging modern AI-powered CNAPP capabilities to ensure rapid and protected transitions. With access to AWS funding, technical resources, and go-to-market support, SentinelOne will help organizations reduce migration timelines and costs while maintaining robust security.

SentinelOne’s Singularity Cloud Security delivers real-time visibility and protection throughout the migration journey—whether from on-premises or another cloud—enabling a secure, seamless transition to AWS.

“Through our participation in the AWS ISV Workload Migration Program, SentinelOne is helping customers accelerate secure cloud migrations with end-to-end protection and visibility,” said Ric Smith, President of Product, Technology, and Operations at SentinelOne. “Whether moving from on-prem or another cloud to AWS, organizations can count on us to deliver the security they need throughout their journey—realizing the performance, speed, agility, and cost benefits of the cloud.”

Singularity Cloud Security combines agentless and agent-based protection for deep visibility, continuous posture management, and real-time threat detection across hybrid and multi-cloud environments. By collaborating with AWS and ecosystem partners, SentinelOne ensures seamless integration into migration projects, helping customers move faster, reduce risk, and scale confidently in the cloud.

Availability: SentinelOne’s solutions are available globally.

Continue Reading

Cyber Security

Beyond Blocklists: How Behavioural Intent Analysis Can Safeguard Middle East Businesses from Rising AI-Driven Bot Threats

Published

4 days ago

on

June 10, 2025

By

The Middle East is facing an unprecedented surge in AI-driven bot attacks, with malicious automation now outpacing traditional defenses. Mohammad Ismail, Vice President for EMEA at Cequence Security, warns that legacy tools like IP blocklists and rate limiting are no match for today’s sophisticated threats (more…)

Continue Reading

Cyber Security

Sophos Boosts Firewall with New Protection and Incident Response Features

Published

4 days ago

on

June 10, 2025

By

Sophos has announced a significant update to its Sophos Firewall software, introducing enhanced protection and incident response capabilities. This update notably includes Sophos NDR Essential, a new feature now available free of charge to all customers holding an XStream Protection license for Sophos Firewall.

This integration empowers Sophos Firewall with two dedicated artificial intelligence (AI) engines specifically designed to detect both malware communications and those utilizing algorithmically generated domain names. This advanced functionality, derived from the Sophos Network Detection and Response (NDR) probe, aims to identify sophisticated malware communications even if they are previously unknown or not yet indexed. It serves as a powerful complement to the Active Threat Response capabilities already embedded within Sophos firewalls.

Chris McCormack, Senior Product Marketing Manager at Sophos

Addressing the technical demands of such advanced detection, Chris McCormack, Senior Product Marketing Manager at Sophos, explained the strategic approach, “NDR traffic analysis requires substantial processing power. That’s why we’ve adopted a new approach by deploying an NDR solution in Sophos Cloud to offload the heaviest tasks from the firewall.” This cloud-centric design ensures optimal performance without burdening the firewall’s on-device resources.

Beyond network detection, the update also brings significant improvements to connectivity and user authentication. Sophos Connect now integrates EntraID for Single Sign-On (SSO). This new feature for the VPN client, bundled with Sophos Firewall, is set to enhance both the security and user experience for SSL and IPsec VPN connections. The integration with EntraID (Azure AD) enables users to authenticate and leverage multi-factor authentication for both Sophos Connect and access to the user portal hosted by the firewall, streamlining secure access.

Further VPN-related enhancements include:

  • Improved user interface and usability: Connection types have been renamed for greater clarity, with “site-to-site” now referred to as “policy-based” and tunnel interfaces as “route-based,” making configurations more intuitive.
  • Dynamic validation of the IP address pool: For VPN connections (SSL VPN, IPsec, L2TP, and PPTP), the system now dynamically validates the allocated IP address pool, helping to better resolve potential IP address conflicts.
  • Strict profile enforcement: IPsec profiles now exclude default values to ensure algorithm synchronization, effectively eliminating potential fragmentation of session negotiation packets that could otherwise prevent site-to-site VPN tunnels from being established.
  • Route-based VPN and SD-RED scalability: The system has been optimized to support up to 3,000 simultaneously established tunnels. Specifically, Sophos Firewall solutions can now manage up to 1,000 SD-RED site-to-site tunnels and connect up to 650 concurrent SD-RED devices.

Additional management improvements enhance administrative flexibility and search capabilities:

  • More flexible DHCP Prefix Delegation (IPv6 DHCP-PD): The system now supports a broader range of prefixes, from /48 to /64, improving compatibility with various internet service providers.
  • Router Advertisement (RA) and DHCPv6 server: These features are now enabled by default, simplifying IPv6 network setup.
  • Resizable table columns: The web admin interface continues its adaptation for ultra-wide screens, with many configuration pages now allowing users to resize columns as needed for improved usability.
  • Enhanced object search functionality: The search field within the SD-WAN routing configuration screen now supports more granular criteria, including route name, ID, objects, and object values like IP addresses and domains. Similarly, local ACL rules now also support object name and value searches, extending to content-based searches for more precise results.
  • Default configuration changes: To streamline initial setups, default firewall rules and rule groups previously created during new firewall deployments have been removed. The initial configuration now only includes the default network rule and MTA rules. Furthermore, the default firewall rule group and the default gateway probe for custom gateways are now set to “None” by default.

Sophos continues its commitment to cybersecurity through a “Secure by Design” approach, enhancing the intrinsic security of its firewalls. This methodology involves the containerization of specific features and rigorous integrity checks on critical operating system files using mathematical checksums. Any detected checksum mismatch triggers a potential compromise alert, enabling monitoring teams to proactively identify possible security incidents affecting the firewall OS integrity. This proactive detection allows incident response and development teams to react swiftly to critical security events.

This update is now available for manual download and deployment by customers with any Sophos Firewall equipped with a valid license.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.