The global cost of cybercrime is projected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015.. Financial institutions, government agencies, and energy companies are among cybercriminals’ favorite targets, making the United Arab Emirates a top target for recent cyber security breaches.
Fortunately, the UAE has achieved a top-tier classification in the Global Cybersecurity Index 2024, recognized as a “Pioneering Model” for its robust cybersecurity measures. Compare that to 2012 when the UAE ranked fifth in the Global Cybersecurity Index. Even so, the UAE saw 166,667 victims of cybercrime who lost a combined US$746 million. That’s a hefty price tag for businesses to pay.
Today, we’ll examine the top cybersecurity breaches that have impacted UAE businesses recently. We’ll look at the crime, its cost, and what it means for the future of cybercrime in the region.
1. NHS Moorfields Hospital in Dubai Suffers Ransomware Attack
One of the top breaches to hit the UAE targeted the NHS Moorfield Hospital located in Dubai. The hospital is a branch of Moorfields London, a part of Britain’s National Health Service (NHS).
The Dubai hospital confirmed the breach and added a pop-up disclaimer to their website, assuring patients that appointments will continue as normal as they investigate and resolve the breach.
The ransomware attack copied and encrypted 60 GB of internal information, including ID cards, internal memos, and hospital call logs. The ransomware group AvosLocker claimed responsibility for the attack by posting screenshots of the stolen data on its website. Additionally, they stated that they would leak the data if their demands were not met.
AvosLocker uses a customized version of the AES algorithm with a 256 block size, adding the unique .avos extension to encrypted files.
The hospital directed concerned patients to email them for further information. However, the hospital did not disclose if they paid the ransom or recovered the encrypted data.
The attack is one of a long line of ransomware attacks targeting healthcare institutions. It serves as a warning to regularly backup company data and train every employee on how to identify phishing and social engineering attacks.
2. Deep Fake Used to Impersonate Executive and Steal US$35 Million
Deep fakes have plenty of concerning possibilities, and one of them became a reality in a recent massive theft. Using what some call “deep voice,” criminals impersonated the voice of a top executive to convince a bank manager to transfer US$35 million to their account.
The banker received authentic-seeming emails from the impersonated executive and a corporate lawyer indicating they needed the funds to complete an acquisition. Additionally, the real executive and banker had an existing relationship, so he recognized the voice making the request and believed everything was legitimate. The banker made the transfer, and the crime went down in history as one of the most expensive crimes using deep fake technology.
Cybersecurity analysts have warned of such attacks for years, and it’s believed that these attacks will continue as deep fake technology becomes more sophisticated and easy to use. As a result, malicious actors are shifting their focus from traditional cyber attacks to an entirely new frontier, and the cybersecurity world will need new strategies to prevent these AI-driven impersonations.
3. Email Hack Scams Dubai-based Exhibition Firm’s Client Roster
Cheers Exhibition, a Dubai-based firm, was targeted in an elaborate phishing attack that took control of its email services and phished its client roster. Binu Manaf, CEO of the company, noted that it was not a crude phishing attack but an attack that involved a “high level of sophistication.”
The hack involved gaining access to a company email account and emailing clients with upcoming payments, requesting that they make their payment to an overseas account.
Cheers Exhibition only became aware of the hack when one of its customers contacted the company through a different email and asked why they were asked to wire money internationally instead of a local Dubai bank.
A client from Russia who owed money to the company unwittingly complied, sending US$53,000 to the overseas account. This client is the only disclosed victim of the cyber attack.
Mimecast, a cloud-based email provider, reported that email impersonation attacks are up 75% in the UAE year over year. UAE companies need to tighten their security on their email servers or ensure they’re using a security-focused email provider.
4. Dubai’s GEMS Education Hit by Cyberattack
GEMS Education, the largest education provider in the UAE, was the victim of a recent cyber attack. The organization confirmed the cyberattack, but did not disclose what data was stolen during the online security breach.
The educational organization does not maintain records of bank account or credit card details, but it does maintain ID documents, payment history, medical records, and employee login details. Hackers could potentially have any of this data.
GEMS sent a message to parents advising them to be suspicious of any unknown parties contacting them via telephone, text, or email. Additionally, all passwords should be changed, even those beyond the passwords used for the education organization. Lastly, parents were advised to closely monitor bank and credit card accounts for any unusual charges.
5. Dharma Ransomware Hits Dubai Contracting Company
Dubai Silicon Oasis, a Dubai-based contracting company, was the latest victim in a string of Dharma ransomware attacks. Dharma is a specific type of malware that many cybercriminals and hacker groups use largely because it’s easier to use than coding custom malware. Unfortunately, despite its widespread usage, there is no known decryption software available.
All of the contracting company’s files were encrypted using the malware. The attacker contacted the company asking for a mere $300 in bitcoin to decrypt the data. However, cybersecurity firms advised the company not to pay the ransom as there was no guarantee that the attacker would comply and likely ask for more.
Dharma ransomware first emerged in 2016 and uses a popular phishing strategy of impersonating Microsoft with email subjects such as “Your System is At Risk.” The email directs victims to download antivirus software. The download link does install an antivirus, but it’s an old version that won’t catch Dharma. While downloading and installing the antivirus software, Dharma is downloaded and gets to work encrypting files in the background.
All it took was one mistake, and the contracting company lost all of its data. Therefore, every employee needs training to recognize, avoid, and report suspicious emails. Additionally, regular backups must be made and stored in a secure location.
The UAE Banking Sector: A Prime Target for Cyber Threats
Financial institutions remain one of the most lucrative targets for cybercriminals, and the UAE banking sector is no exception. In recent years, several high-profile attacks have underscored the growing threats facing banks in the region.
In May 2023, hacker group Mysterious Team Bangladesh claimed responsibility for taking down the websites of Abu Dhabi Commercial Bank and the National Bank of Fujairah. Less than a year later, in March 2024, Anonymous Sudan launched a series of DDoS attacks against First Abu Dhabi Bank, RAKBANK, and Mashreq Bank, temporarily disrupting their online banking services. These incidents highlight the evolving tactics cybercriminals are using to target critical financial infrastructure.
Strengthening Cyber Defenses: UAE’s Proactive Measures
Recognizing the rising threat landscape, the UAE has taken significant steps to fortify its financial sector. The Central Bank of the UAE (CBUAE) recently conducted a real-time cyberattack simulation to test the resilience of the nation’s banking systems. Meanwhile, the UAE Banks Federation hosted a two-day cybersecurity webinar focused on best practices in data privacy and protection, particularly as hybrid work models introduce new risks.
Additionally, in February 2025, the UAE financial sector held its fourth annual Cyber Wargaming exercise, a critical initiative aimed at identifying vulnerabilities and strengthening defensive strategies against emerging cyber threats.
Despite these efforts, challenges persist. The region’s rapid digital transformation has significantly expanded its attack surface. In 2025, over 223,000 vulnerable assets were exposed to potential attacks, a sharp increase from 155,000 in 2023. Alarmingly, a third of these exposed systems contained an OpenSSH vulnerability (CVE-2023-38408) that had been known for over a year. Meanwhile, the UAE faces an average of 50,000 cyberattacks daily, underscoring the pressing need for continuous cybersecurity enhancements.
A High-Stakes Battle
The UAE is making it clear that cybersecurity is not just a technical necessity—it’s a national priority. From aggressive cybercrime enforcement to sector-wide wargaming exercises, the country is actively strengthening its defenses. However, as cybercriminals evolve their tactics, so must organizations. Financial institutions and businesses operating in the UAE must take a proactive approach, leveraging advanced threat intelligence, regular security assessments, and industry collaboration to stay ahead of adversaries.
