The Top Cybersecurity Breaches in the UAE

The global cost of cybercrime was estimated at US$6.1 trillion in 2021 and is expected to keep climbing as criminals embrace new technologies and attack vectors. Financial institutions, government agencies, and energy companies are among cybercriminals’ favorite targets, making the United Arab Emirates a top target for recent cyber security breaches.

Fortunately, the UAE ranked fifth in the Global Cybersecurity Index, a substantial jump of 33 places, as the Emirates responded to the growing threat. Even so, the UAE saw 166,667 victims of cybercrime who lost a combined US$746 million. That’s a hefty price tag for businesses to pay. 

Today, we’ll examine the top cybersecurity breaches that have impacted UAE businesses recently. We’ll look at the crime, its cost, and what it means for the future of cybercrime in the region. 

The Top Cybersecurity Breaches in the UAE

1. NHS Moorfields Hospital in Dubai Suffers Ransomware Attack

One of the top breaches to hit the UAE targeted the NHS Moorfield Hospital located in Dubai. The hospital is a branch of Moorfields London, a part of Britain’s National Health Service (NHS). 

The Dubai hospital confirmed the breach and added a pop-up disclaimer to their website, assuring patients that appointments will continue as normal as they investigate and resolve the breach. 

The ransomware attack copied and encrypted 60 GB of internal information, including ID cards, internal memos, and hospital call logs. The ransomware group AvosLocker claimed responsibility for the attack by posting screenshots of the stolen data on its website. Additionally, they stated that they would leak the data if their demands were not met. 

AvosLocker uses a customized version of the AES algorithm with a 256 block size, adding the unique .avos extension to encrypted files. 

The hospital directed concerned patients to email them for further information. However, the hospital did not disclose if they paid the ransom or recovered the encrypted data. 

The attack is one of a long line of ransomware attacks targeting healthcare institutions. It serves as a warning to regularly backup company data and train every employee on how to identify phishing and social engineering attacks.

2. Deep Fake Used to Impersonate Executive and Steal US$35 Million

Deep fakes have plenty of concerning possibilities, and one of them became a reality in a recent massive theft. Using what some call “deep voice,” criminals impersonated the voice of a top executive to convince a bank manager to transfer US$35 million to their account. 

The banker received authentic-seeming emails from the impersonated executive and a corporate lawyer indicating they needed the funds to complete an acquisition. Additionally, the real executive and banker had an existing relationship, so he recognized the voice making the request and believed everything was legitimate. The banker made the transfer, and the crime went down in history as one of the most expensive crimes using deep fake technology. 

Cybersecurity analysts have warned of such attacks for years, and it’s believed that these attacks will continue as deep fake technology becomes more sophisticated and easy to use. As a result, malicious actors are shifting their focus from traditional cyber attacks to an entirely new frontier, and the cybersecurity world will need new strategies to prevent these AI-driven impersonations.

3. Email Hack Scams Dubai-based Exhibition Firm’s Client Roster

Cheers Exhibition, a Dubai-based firm, was targeted in an elaborate phishing attack that took control of its email services and phished its client roster. Binu Manaf, CEO of the company, noted that it was not a crude phishing attack but an attack that involved a “high level of sophistication.”

The hack involved gaining access to a company email account and emailing clients with upcoming payments, requesting that they make their payment to an overseas account. 

Cheers Exhibition only became aware of the hack when one of its customers contacted the company through a different email and asked why they were asked to wire money internationally instead of a local Dubai bank. 

A client from Russia who owed money to the company unwittingly complied, sending US$53,000 to the overseas account. This client is the only disclosed victim of the cyber attack. 

Mimecast, a cloud-based email provider, reported that email impersonation attacks are up 75% in the UAE year over year. UAE companies need to tighten their security on their email servers or ensure they’re using a security-focused email provider. 

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

4. Dubai’s GEMS Education Hit by Cyberattack

GEMS Education, the largest education provider in the UAE, was the victim of a recent cyber attack. The organization confirmed the cyberattack, but did not disclose what data was stolen during the online security breach.

The educational organization does not maintain records of bank account or credit card details, but it does maintain ID documents, payment history, medical records, and employee login details. Hackers could potentially have any of this data. 

GEMS sent a message to parents advising them to be suspicious of any unknown parties contacting them via telephone, text, or email. Additionally, all passwords should be changed, even those beyond the passwords used for the education organization. Lastly, parents were advised to closely monitor bank and credit card accounts for any unusual charges.

5. Dharma Ransomware Hits Dubai Contracting Company

Dubai Silicon Oasis, a Dubai-based contracting company, was the latest victim in a string of Dharma ransomware attacks. Dharma is a specific type of malware that many cybercriminals and hacker groups use largely because it’s easier to use than coding custom malware. Unfortunately, despite its widespread usage, there is no known decryption software available. 

All of the contracting company’s files were encrypted using the malware. The attacker contacted the company asking for a mere $300 in bitcoin to decrypt the data. However, cybersecurity firms advised the company not to pay the ransom as there was no guarantee that the attacker would comply and likely ask for more. 

Dharma ransomware first emerged in 2016 and uses a popular phishing strategy of impersonating Microsoft with email subjects such as “Your System is At Risk.” The email directs victims to download antivirus software. The download link does install an antivirus, but it’s an old version that won’t catch Dharma. While downloading and installing the antivirus software, Dharma is downloaded and gets to work encrypting files in the background. 

All it took was one mistake, and the contracting company lost all of its data. Therefore, every employee needs training to recognize, avoid, and report suspicious emails. Additionally, regular backups must be made and stored in a secure location.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days