The Rising Threat of Ransomware in the Middle East and Africa

December 8th, 2023 - Written By CyberLabs

In recent times, the Middle East and Africa (ME&A) have witnessed a notable increase in cyberattacks, particularly ransomware incidents. While these regions have traditionally avoided the spotlight of publicized ransoms, geopolitical conflicts and growing digitalization initiatives are reshaping the cybersecurity landscape.

South Africa, for instance, experienced a significant surge in ransomware attacks, with 78% of companies falling victim in 2023, compared to 51% in the previous year, as reported by Sophos’ State of Ransomware 2023. Conversely, the United Arab Emirates (UAE) saw a 70% reduction in ransomware attacks in 2022, attributed to enhanced international cooperation.

Geopolitical tensions, such as the ongoing Israel-Palestinian conflict, are contributing to the escalation of cyber operations, including ransomware. According to Jens Monrad from Google Mandiant, cyber activities now play a role in geopolitical conflicts due to their lower cost and greater uncertainty in terms of attribution. This trend mirrors the increase in cyberattacks following Russia’s invasion of Ukraine.

While ransomware data is limited in the region, Microsoft’s Digital Defense Report 2023 indicates that the majority of cyberattacks in ME&A target Israel, UAE, Saudi Arabia, or Jordan. The sectors most affected include education, government, information technology, and communications – typical espionage targets.

Geopolitical conflicts are known to spur cyberattacks, and recent data reflects this pattern. Iran-linked actors, for instance, shifted their focus to Israel between July 2022 and June 2023, following a sophisticated campaign by an Israel-linked group named Predatory Sparrow. Microsoft suggests that Iran’s cyber-enabled influence operations aim to bolster Palestinian resistance, create panic in Israel, and counter Arab-Israeli ties.

Despite the active role of Iran-linked groups, Russian interests in ME&A may have a dampening effect on ransomware activity, as many ransomware groups operate from Russia. However, the cautious selection of victims may also play a role, as groups avoid targeting countries with strong diplomatic and trade relations with Russia.

To mitigate the rising threat, companies in the ME&A region need to enhance their cybersecurity maturity. According to Brian Honan of BH Consulting, while larger organizations may have robust cybersecurity measures, the overall cybersecurity maturity in the region may not match that of Western counterparts.

The 2023 Voice of the CISO report by Proofpoint reveals that a significant percentage of Chief Information Security Officers (CISOs) in Saudi Arabia and the UAE suffered material losses of sensitive information in the past year. This underscores the need for companies to prioritize cybersecurity, especially given that loss of revenue tops the list of concerns in the event of a cyber attack.

As ME&A companies face increasing digitization, the focus on connected devices and cloud-related threats is growing. A PricewaterhouseCoopers survey indicates that 77% of firms in the region plan to increase their cybersecurity budgets in 2024 to address these evolving challenges.

In conclusion, while the threat of ransomware is on the rise in the Middle East and Africa, proactive measures, improved cybersecurity maturity, and increased investments in digital trust are crucial for organizations to protect themselves in this evolving landscape.

Two-thirds of attacks target Israel, the UAE, Saudi Arabia, or Jordan.

Source: Microsoft Digital Defense Report 2023

Reference

• https://www.darkreading.com/vulnerabilities-threats/ransomware-attacks-strike-south-africa-decline-in-uae