Iran poses a very real cybersecurity threat to Saudi Arabia and other Gulf countries and could target key industries such as telecoms, oil, and gas, experts told Al Arabiya English.
Saudi Arabia’s oil giant Aramco was hacked in 2012 in one of the world’s biggest cyberattacks to date. A group called Cutting Sword of Justice claimed responsibility for the attack which damaged around 30,000 computers with the aim of stopping oil and gas production.
It was never revealed where the group was from but some ten years on from the attack, the Kingdom and other countries in the region, still face major cyber threats - particularly from Iran - which could have crippling effects.
“They’re [Iran] viewed on the world stage as a top tier critical threat,” Bruce Schneier security expert and fellow at the Berkman-Klein Center for Internet and Society at Harvard University told Al Arabiya English. “I would take them very seriously.”
Dubai-based US company CrowdStrike is currently tracking 20 groups in Iran who could target the region for potential cyberespionage or attacks.
“The Gulf is not the only target, but it’s one of the primary ones,” Roland Daccache systems engineering manager at the company told Al Arabiya English.
“Over the last ten years since the Aramco incident it’s been deemed that the Iranians have very good cyber capabilities.”
Out of the 20 groups that the company is tracking, around half of them are independent groups looking to extort institutions or companies for monetary gain, while the other half are state sponsored groups “focused on cyber espionage and cyber operations of a destructive nature,” Daccache explained.
Daccache said over the last four or five years in the GCC region that companies and institutions have probably seen “a tenfold increase in the number of ransomware, as well as e-crime activities.”
“It has become clear that cyber threats are only going to intensify in the near future,” he said.
What may attacks target?
Daccache explained that cyberattacks from Iran toward Saudi Arabia and other Gulf countries in a worst-case scenario could target telecommunications industries, phone networks, power supplies and electricity networks. He added that the destruction of supply chains, or attacks on oil and gas industries are always a possible target for cyberattacks.
“In a worst-case scenario, [targets] would be critical infrastructure, such as preventing the delivery of critical services to populations, whether this is electricity, energy [or] water,” James Shires, assistant professor at the Institute of Security and Global Affairs at the University of Leiden told Al Arabiya English.
“Another would be a malfunction of safety protections in industrial control systems,” said Shires, explaining that this could be tampering with systems that indicate safe levels of chemicals in factories.
“We have seen attempts by Iranian cyber threat actors to compromise water infrastructure in Israel a couple of years ago, so this is something that is on their radar,” he added.
Iran was linked to an attempted cyberattack aimed at disrupting Israeli water supplies in April 2020, the Washington Post reported in May the same year. The incident, however, was contained before any damage could be done.
Companies, industries up protection
Netskope is another company that works with companies and institutions in Saudi Arabia and the Gulf to fend off potential cyberattacks, in a sign that the region is upping its defenses.
“This is a growing territory for us,” Rich Davis, Head of Solutions Marketing at the company for Europe, the Middle East and Africa told Al Arabiya English. “We work with some of the biggest companies in the region already.”
Netskope works with “a number of public and private organizations within both the UAE and KSA (Saudi Arabia).”
Davis said the vast majority of attacks in the UAE and Saudi Arabia come from individuals rather than state actors, declining to talk about geopolitical issues and name countries in particular.
“The biggest [cybersecurity] issue today is that when they’re [cybercriminals] able to breach an organization, then they’re able to really extort that organization for monetary gain,” Davis said.
Just last year, Saudi Aramco confirmed to the BBC that company data had leaked from one of its contractors, with the files reportedly being used in an attempt to extort $50 million from the company.
“Many organizations will simply pay the ransom because the ransom payment, even if it’s into the millions will be a lot less than the cost of brand damage to the organization,” Davis added. “They’re going after the data knowing that they can then extort the organization.”
How are companies coping?
According to a recent study by cybersecurity company Trellix, 53 percent of cybersecurity specialists in the UAE say they feel they are “fighting a losing battle against cybercriminals.”
“It’s easy to get new technologies to get on board [to fight cybercrime], but we need people to manage it right,” Vibin Shaju who works at the company told Al Arabiya English, highlighting that in order to deal better with increasing threats more tech specialists are needed.
“Gulf countries do have a lot of networks that are insecure, they have a lot of areas where they could improve their cybersecurity and we know that Iran can get into those,” Shires added.
But despite the ongoing threat, companies and industries in the Gulf could currently be the last priority for Iran, which has been experiencing weeks of protests following the death of Mahsa Amini in police custody.
“Iran is going through incredible political turmoil right now … if there’s a priority for Iranian cyber actors at the moment, it is knowing what is going on in their own country, surveilling dissidents, people that they believe to be pose a threat,” Shires said.