GCC Countries (UAE, KSA…) and the Cybercriminal Services Market: 2023–2024 Report

In recent years, cybercrime has evolved into a highly profitable global business, with threat actors capitalizing on sophisticated services available on dark web forums and cybercriminal marketplaces. For regions like the Gulf Cooperation Council (GCC), which includes countries such as the UAE, Saudi Arabia, Bahrain, Oman, Qatar, and Kuwait, this poses a significant and growing challenge. With rising digitalization, vast economic resources, and geopolitical sensitivities, the GCC has become a prime target for cybercriminals and hacktivist groups.

This article delves into the findings of the 2023–2024 report on the cybercriminal services market targeting the GCC region. From the types of attacks being conducted to the increasing commercialization of cybercrime services, we analyze the scope of the threat and offer insights into how organizations can better protect themselves from cyberattacks.

Cybercriminal Trends in the GCC Region

The GCC countries are among the most digitally advanced in the world, with the UAE ranked 18th globally and 2nd in the Middle East for technological sophistication. The high level of digitalization, combined with critical industries like oil and finance, makes the region a lucrative target for cybercriminals. Data from dark web platforms indicates that UAE and Saudi Arabia are the most frequently discussed targets, representing 40% and 26% of the region’s cybercrime-related forum posts, respectively.

The public sector, particularly government agencies, is a top target for cybercriminals. About 21% of dark web posts related to the GCC focus on breaching government systems, while sectors like finance, commerce, and manufacturing are also increasingly at risk. Moreover, hacktivism has surged, with politically motivated groups exploiting vulnerabilities to launch disruptive campaigns, including distributed denial-of-service (DDoS) attacks, data theft, and website defacement.

The Dark Web Ecosystem: Goods and Services

Cybercriminals have refined their operations, offering a wide range of services that allow even low-skilled actors to enter the cybercrime market. From access credentials to breached databases, attackers can easily buy and sell tools for cybercrime. The following are key categories of services observed in the GCC cybercrime market:

1. Data: The sale and purchase of stolen personal and corporate data account for 33% of dark web posts related to the GCC. Attackers often steal data from large companies and offer it for sale or for free as part of ransomware extortion campaigns. Ransomware groups operating in the GCC frequently target companies in the manufacturing and services sectors, particularly in the UAE and Saudi Arabia.
2. Access: Around 21% of dark web posts involve the sale of access to corporate systems. These access points, which typically cost under $1,000, provide attackers with a foothold into an organization’s network, enabling them to launch more sophisticated attacks.
3. DDoS Services: DDoS attacks have increased by 70% in the GCC from 2023 to 2024. These attacks are often politically motivated, with hacktivist groups disrupting government and financial services as part of campaigns to raise awareness or exert pressure.
4. Carding: Payment card fraud remains a prevalent cybercrime, with dark web vendors selling stolen card details, including CVV codes and cardholder information. In some cases, attackers offer card data for as little as $30 per card.
5. Document Forgery: Forged documents, including passports, IDs, and certificates, are frequently sold on dark web platforms. These documents can be used for illegal activities like money laundering, fraud, and unauthorized access to restricted areas.
6. Phishing Tools: Attackers are also selling ready-made phishing kits, which allow other criminals to launch phishing campaigns to steal sensitive information like login credentials or banking details.
7. Traffic Redirection: Services that redirect web traffic to malicious websites are increasingly popular. Cybercriminals use these services to drive unsuspecting users to phishing sites or sites laced with malware.

The Rise of Hacktivism in the GCC

Hacktivism—politically motivated cyberattacks aimed at disrupting services or drawing attention to social or political issues—has grown significantly in the GCC. The ongoing geopolitical tensions in the Middle East have fueled a wave of hacktivist activities, with many groups targeting government agencies and financial institutions. In one notable incident in July 2024, a UAE-based bank was hit by a six-day-long DDoS attack by a hacktivist group, resulting in significant operational disruptions.

Top Cybersecurity Threats to GCC Organizations

The report highlights several critical vulnerabilities and attack vectors that are being actively exploited by cybercriminals in the GCC region:

1. Vulnerabilities in Government Agencies: Government systems have become prime targets for attackers, with most breaches focusing on the theft of confidential data, disrupting public services, and undermining trust in public institutions.
2. Weak Password Policies: Many organizations across the GCC have inadequate password management systems, making them vulnerable to credential theft and brute force attacks.
3. Supply Chain Attacks: Attackers are increasingly targeting supply chains, exploiting vulnerabilities in third-party vendors and service providers to infiltrate larger organizations.
4. Social Engineering: Phishing and other forms of social engineering are widely used in the region, exploiting human error to gain access to sensitive information.
5. Exploited E-commerce Platforms: Many cybercriminals target e-commerce sites to steal payment card data through techniques like Magecart attacks, in which malicious code is injected into payment forms.

10 Key Recommendations for Organizations in the GCC

1. Strengthen Password Policies: Implement robust password management practices, including mandatory two-factor authentication and regular password changes.
2. Monitor Dark Web Activity: Stay informed about potential threats by monitoring dark web forums for leaked credentials and information related to your organization.
3. Invest in Endpoint Security: Deploy advanced endpoint security solutions that can detect and block malware before it infiltrates your network.
4. Conduct Regular Security Audits: Ensure that your organization regularly reviews and updates its security policies to close any potential vulnerabilities.
5. Strengthen DDoS Defenses: With the rise of DDoS attacks, it is crucial to invest in DDoS mitigation tools and services that can handle large-scale traffic floods.
6. Train Employees on Phishing: Regular employee training is critical to mitigating the risks associated with social engineering and phishing attacks.
7. Implement Zero Trust Architecture: Adopt a zero-trust security model that assumes no user or device is trustworthy until proven otherwise, thereby minimizing the attack surface.
8. Monitor Supply Chain Security: Perform thorough security assessments of all third-party vendors and partners to minimize the risk of supply chain attacks.
9. Use Encryption: Ensure that sensitive data is encrypted both at rest and in transit to prevent unauthorized access in case of a breach.
10. Deploy Security Information and Event Management (SIEM) Solutions: SIEM tools can help detect and respond to threats in real-time, ensuring that any suspicious activity is immediately flagged and addressed.

Conclusion

The cybercriminal services market is expanding rapidly in the GCC region, driven by the region’s growing digitalization, wealth, and geopolitical tensions. Governments, businesses, and individuals are increasingly at risk, with cybercriminals capitalizing on vulnerabilities in critical infrastructure and systems. The findings from the 2023–2024 report underscore the urgent need for organizations to take proactive measures to strengthen their cybersecurity posture, reduce risks, and protect themselves from the growing array of cyber threats.

Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, and LinkedIn for the latest threats, insights, and updates!