Positive Technologies, a leader in result-driven cybersecurity, has conducted a study on cyberthreats facing countries in the Middle East. The study examines the impact of digital transformation, the rise of organized cybercrime, and the dynamics of the underground market in the region. One in three successful cyberattacks in the Middle East was carried out by APT groups that commonly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions in the region boosts efficiency across industries, it also increases their exposure to cyberattacks.
Cybercriminals heavily relied on social engineering (61% of cases) and malware (51%), often combining the two methods. Remote access trojans (RATs) were the primary weapon in 27% of malware-based attacks. The widespread use of RATs suggests that attackers often aimed to maintain long-term access to their victims’ systems.
The analysis shows that 80% of cyberattacks on organizations in the Middle East resulted in the breaches of confidential information. Hackers were mostly interested in credentials and trade secrets (29% each), as well as personal data (20%). In most cases, the stolen data was used for blackmail or sold on the dark web. The second major consequence of attacks (38% of cases) was the disruption of core business operations. Such disruptions were particularly harmful in sectors like healthcare, transportation, and government services, where even brief downtime can have serious real-world consequences.
APT groups are the most dangerous threat actors in the region because of their significant financial resources and advanced technical skills. In 2024, these groups accounted for 32% of all recorded cyberattacks, with a particular focus on government institutions and critical infrastructure. These attacks often went beyond standard cybercrime, taking the form of cyberespionage or even cyberwarfare. Their goal was not only to steal information but to undermine trust in government organizations and demonstrate power in the digital realm.
The analysis of the dark web revealed mentions of attacks on a wide range of industries in the region. Government organizations were the most frequently targeted (34%), followed by the industrial sector (20%). Hacktivists, in particular, were very active on underground forums. Unlike regular cybercriminals, they are driven by ideological motives rather than financial gain. They often share stolen databases for free, making the cybercrime situation worse by giving many other criminals access to the stolen data.
The United Arab Emirates, Saudi Arabia, Israel, and Qatar—leaders in digital transformation—were the most frequently mentioned countries on the dark web. Experts point out that the frequent ads for selling stolen data from these countries highlight the challenges of securing expanding digital environments. Cybercriminals are quick to exploit the vulnerabilities that come with rapid digitalization.
Positive Technologies analyst Alexey Lukash said: “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”
To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Solutions such as PT Application Firewall and PT Application Inspector are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.
Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.
