Middle East Cybersecurity in 2024: From Zero-Day Exploits to Supply Chain Attacks

November 25, 2024

The Middle East has been an active battleground for cyberattacks of all kinds in 2024, making it an ideal setting for examining current cyberattack trends and what regional governments can do to defend against them. Attacks against governments, by hacktivists and by state-backed actors, have accounted for 25% of all reported attacks in 2024, many of them targeting Israel, including both ransomware and wiper programs such as the BiBi Wiper. After governments, public infrastructure such as the oil, gas, and transportation sectors were the next biggest targets. Many of those attacks made use of vulnerabilities in operational technology, such as the use of the CVE-2024-9463 command injection vulnerability in Palo Alto Networks’ Expedition platform.

The exploitation of zero-day vulnerabilities in general has been one of the biggest changes in 2024. Vulnerabilities have always been an issue, but the speed with which new vulnerabilities are identified and mercilessly exploited by threat actors is unprecedented. In the case of the recent CVE-2024-4577, within days of its identification threat actors were using it as an attack vector to propagate the TellYouThePass ransomware. Even when vulnerabilities are patched, new techniques such as downgrade attacks are forcing these vulnerabilities open again, as happened with the Terrapin attack which made use of CVE-2023-48795.

The good news is that regional governments in the Middle East are rising to the challenge of growing cyber threats, which is natural when the average cost of a single cyberattack is as large as 8.75 million USD, much higher than the global average. Qatar, Saudi Arabia, and Oman have all set up new cybersecurity initiatives, such as Saudi Arabia’s Essential Cybersecurity Controls and Qatar’s National Cybersecurity Strategy. New, stricter regulations are being rolled out to require organizations to prioritize data security, incident response, and compliance. It is strongly recommended that organizations in the region, in addition to complying with these regulations, should accelerate patch management, strengthen their supply chain security, and enhance regional collaboration with governments and other organizations.

More from Blackwired

January 13, 2025

Seven Trends to Watch for in 2025

In 2025, cybersecurity will focus on MFA, non-human identities, app security, attack surface mapping, and data-driven insights.

Read more
January 6, 2025

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

Doubleclickjacking tricks users into granting permissions via a stealthy UI change, posing security risks. Browser standards must evolve.

Read more
December 30, 2024

Using CAPTCHA for Compromise: Hackers Flip the Script

Fake CAPTCHA pages can trick users into phishing or running malicious scripts, exploited by groups like APT28 to compromise systems.

Read more