At GITEX 2023, results-driven cybersecurity leaders Positive Technologies will reveal insights from their new GCC Dark Web report which aims to enhance the lens on cybercrime, providing cybersecurity professionals with keen insight to protect their companies from threat actors.
Positive Technologies experts conducted the study of the shadow market used by cybercriminals as a foothold to attack GCC companies[1]. According to the data, UAE and Saudi Arabian companies are the favourite targets of attackers. The most common subject of dark web ads is the sale of access and data. The minimum cost of access is as low as $35, with more than half of such posts advertising a price of between $100 and $1,000. In the vast majority of cases, access is granted with administrator rights, making it much easier for even inexperienced attackers with limited budgets to attack companies.
UAE and Saudi Arabian companies are most frequently mentioned in the ads (46% and 23% ads, respectively). These countries are associated with oil production and wealth, which apparently attracts cybercriminals.
Government bodies and Finance are the most popular economic sectors discussed on the dark web (30% and 20% of posts, respectively): hacktivists and ransomware gangs focus their efforts on these areas.
33% of all the ads are related to the sale or distribution of data, including companies’ databases and credentials (names, email addresses, and so on). This information can be used in various attacks, including phishing and extortion. Experts point out that a third (31%) of all data discussed on the dark web is distributed for free, which means all sorts of attackers can use it.
The sale of access to companies’ infrastructures was the second most popular theme on the dark web (22%). According to our study, this service costs an attacker between $35,000 and $40,000.
Positive Technologies analyst Anastasiya Chursina comments: “It is important to note that in most cases, access is very cheap ($100–1,000), and in the vast majority of cases (90%) it comes with administrator rights. In other words, even the most inexperienced attacker with a small budget doesn’t need to modify the “product” in any way: it can be used to successfully attack a target company as is. Some ads, however, offer expensive access to major companies in the region. The buyers in these cases are hackers with more advanced skills preparing to conduct sophisticated attacks”.
Such active trade of data and access to companies’ infrastructures coupled with cheap cyberservices and low attacker skill requirements make the information systems of the GCC companies extremely vulnerable. Experts recommend that companies build their defences taking into account all possible threats and cyberattack scenarios and use modern tools such as application level firewalls, network traffic analysis systems, and solutions for collecting and analysing information about security events.
1 We analysed 252 Telegram channels and dark web forums (8,884,023 users and 91,484,658 posts total). These included multilingual platforms centred around various subjects.
