Governments, Businesses Tighten Cybersecurity Around Hajj Season – Dark Reading
Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise.
June 10, 2024
The final month of the Islamic calendar, Dhu al-Hijjah, began on June 7, marking the countdown for millions of Muslims to the Hajj pilgrimage, and also a time when cybercriminals and cyber-espionage actors see increased opportunity amid reduced vigilance and slimmed staffing.
While many of the cyberattacks are focused on pilgrims as consumers of travel services, a variety of businesses — from banks to e-commerce sites — are at greater risk of data theft and denial-of-service attacks, according to experts. On June 3, for example, cyberthreat actors announced a data leak on an underground forum that allegedly contained the personal information of 168 million users from "The Hajj and Pilgrimage Organization in Iran," according to cybersecurity firm Kaspersky.
The attacks highlight the two aspects of how cyberattackers see the Hajj season: as an opportunity to take advantage of pilgrims, but also as a time of reduced resources for security teams, making business and government agencies vulnerable, says Amin Hasbini, head of global research and analysis team for the Middle East, Turkey, and Africa region at Kaspersky.
"Companies in the Middle East and other regions need to exert extra caution during holiday seasons such as Hajj — the absence of certain employees needs to be accounted for to ensure smooth operations and maintaining security efficiency and productivity," he says. "Overall, it’s challenging for companies to have the right resources available and ready, in addition to the right policies and plans to complete the handover transition correctly, creating weaknesses that could be abused by threat actors."
The Hajj, which starts on the eighth day of the Islamic month and lasts four to six days, marks nearly a week of religious holidays for the Middle East and for an estimated 2 billion Muslims worldwide.
While Kaspersky sees threats affecting Saudi Arabia and other countries in the region drop by as much as 30% during the week of the Hajj, cyberattacks then quickly rebound. In 2022, for instance, when Saudi Arabia once again opened the annual Hajj pilgrimage to the world following the COVID-19 pandemic, cyberattacks doubled to more than 2 million during the month of Dhu al-Hijjah, which officially starts with the appearance of the new crescent moon.
While Saudi Arabia did not report data on cyberattacks in 2023, other countries have seen similar increases in attacks, says Shilpi Handa, associate research director for security at IDC's Middle East, Turkey, and Africa group.
"Annually, there's a significant surge in cybersecurity incidents reported by multiple security organizations in the Middle East," she says. "Similar findings are reported all over the region after the conclusion of Hajj each year."
The cyber threats linked to the Hajj pilgrimage typically begin early in the year, as cybercriminals aim to take advantage of Muslim adherents planning to make the trip to Saudi Arabia. Attackers use fake travel agencies, social media scams, or attacker-controlled online registration sites to entrap unsuspecting victims. Saudi Arabia's Ministry of Hajj and Umrah, which manages services and infrastructure around the pilgrimages, launched a government platform, Nusuk, that connects prospective pilgrims with legitimate operators and sites, which has significantly reduced fraud.
However, advanced threat actors have used messages and notifications about the Hajj as a way to lure employees into opening links and attachments in email. From January to May 2024, for example, an India-linked threat group — alternatively known as Sidewinder and Rattlesnake — has used Hajj-related emails to target users in Asia and Africa, according to Kaspersky.
The problem for many companies is that employees often use their business email in Web forms, or expose themselves to threats through social media, says Shawn Loveland, chief operating officer for Resecurity, a global cybersecurity service provider with clients in the Middle East.
"It's concerning how many employees use their business email on personal websites," he says. "If their PII gets scammed, now the threat actors know where you work. … Employers should be helping to educate their employees about online fraud, because in addition to protecting the employee, it will protect the business."
As part of its effort to combat fraud, Resecurity detected and blocked more than 630 social media accounts publishing scams targeting people preparing for Hajj season, the company stated in a report on Hajj-related fraud.
Saudi Arabia has taken the threat seriously. The country's National Cybersecurity Authority (NCA) conducted a comprehensive cyber exercise with more than 200 agencies represented by more than 600 officials and specialists, with a specific focus on cybersecurity during the Hajj season.
The exercise, which the country also conducted the previous year, leaves it well-prepared to handle potential cyber incidents, IDC's Handa says.
"Drills are [being] conducted across the region to counter cyberattacks," she says, with the government "establishing a 24/7 cyber-operations room to monitor and analyze cyber threats and share results with national agencies, allocating cyber-incident response teams, and conducting assessments to measure the cyber-risks of sensitive assets."
Businesses should take a page from Saudi Arabia's playbook, says Kaspersky's Hasbini. While attacks typically drop off for the week around the Hajj, security teams are also short-staffed, often leaving response times slower. Planning to identify and respond to incidents under such restrictions makes for good preparation.
"While the risk of mistakes by an insider is lower when employees of an organization are out of office, we see a bigger risk if the responsibilities of employees in the IT or IT security departments … are mishandled or simply ignored, opening up weaknesses for attackers to abuse," he says.
Companies should be clear in their delegation of duties when there is a shortage of cybersecurity specialists and establish clear protocols for communications, Hasbini says.
Read more about:
Robert Lemos, Contributing Writer
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.
You May Also Like
Preventing Attackers From Wandering Through Your Enterprise Infrastructure
Empowering Developers, Automating Security: The Future of AppSec
Black Hat USA – Aug 3-8 – The Premier Technical Cybersecurity Conference – Learn More
Anatomy of a Data Breach – Dark Reading June 20 Event
Black Hat Europe – December 9-12 – Learn More
SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More
2024 InformationWeek US IT Salary Report
Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022
EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Google Threat Intelligence
A Year in Review of Zero-Days Exploited In-the-Wild in 2023
5 Essential Insights into Generative AI for Security Leaders
2023 Global Threat Report
Cisco Panoptica for Simplified Cloud-Native Application Security
Black Hat USA – Aug 3-8 – The Premier Technical Cybersecurity Conference – Learn More
Anatomy of a Data Breach – Dark Reading June 20 Event
Black Hat Europe – December 9-12 – Learn More
SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise.
June 10, 2024
The final month of the Islamic calendar, Dhu al-Hijjah, began on June 7, marking the countdown for millions of Muslims to the Hajj pilgrimage, and also a time when cybercriminals and cyber-espionage actors see increased opportunity amid reduced vigilance and slimmed staffing.
While many of the cyberattacks are focused on pilgrims as consumers of travel services, a variety of businesses — from banks to e-commerce sites — are at greater risk of data theft and denial-of-service attacks, according to experts. On June 3, for example, cyberthreat actors announced a data leak on an underground forum that allegedly contained the personal information of 168 million users from "The Hajj and Pilgrimage Organization in Iran," according to cybersecurity firm Kaspersky.
The attacks highlight the two aspects of how cyberattackers see the Hajj season: as an opportunity to take advantage of pilgrims, but also as a time of reduced resources for security teams, making business and government agencies vulnerable, says Amin Hasbini, head of global research and analysis team for the Middle East, Turkey, and Africa region at Kaspersky.
"Companies in the Middle East and other regions need to exert extra caution during holiday seasons such as Hajj — the absence of certain employees needs to be accounted for to ensure smooth operations and maintaining security efficiency and productivity," he says. "Overall, it’s challenging for companies to have the right resources available and ready, in addition to the right policies and plans to complete the handover transition correctly, creating weaknesses that could be abused by threat actors."
The Hajj, which starts on the eighth day of the Islamic month and lasts four to six days, marks nearly a week of religious holidays for the Middle East and for an estimated 2 billion Muslims worldwide.
While Kaspersky sees threats affecting Saudi Arabia and other countries in the region drop by as much as 30% during the week of the Hajj, cyberattacks then quickly rebound. In 2022, for instance, when Saudi Arabia once again opened the annual Hajj pilgrimage to the world following the COVID-19 pandemic, cyberattacks doubled to more than 2 million during the month of Dhu al-Hijjah, which officially starts with the appearance of the new crescent moon.
While Saudi Arabia did not report data on cyberattacks in 2023, other countries have seen similar increases in attacks, says Shilpi Handa, associate research director for security at IDC's Middle East, Turkey, and Africa group.
"Annually, there's a significant surge in cybersecurity incidents reported by multiple security organizations in the Middle East," she says. "Similar findings are reported all over the region after the conclusion of Hajj each year."
The cyber threats linked to the Hajj pilgrimage typically begin early in the year, as cybercriminals aim to take advantage of Muslim adherents planning to make the trip to Saudi Arabia. Attackers use fake travel agencies, social media scams, or attacker-controlled online registration sites to entrap unsuspecting victims. Saudi Arabia's Ministry of Hajj and Umrah, which manages services and infrastructure around the pilgrimages, launched a government platform, Nusuk, that connects prospective pilgrims with legitimate operators and sites, which has significantly reduced fraud.
However, advanced threat actors have used messages and notifications about the Hajj as a way to lure employees into opening links and attachments in email. From January to May 2024, for example, an India-linked threat group — alternatively known as Sidewinder and Rattlesnake — has used Hajj-related emails to target users in Asia and Africa, according to Kaspersky.
The problem for many companies is that employees often use their business email in Web forms, or expose themselves to threats through social media, says Shawn Loveland, chief operating officer for Resecurity, a global cybersecurity service provider with clients in the Middle East.
"It's concerning how many employees use their business email on personal websites," he says. "If their PII gets scammed, now the threat actors know where you work. … Employers should be helping to educate their employees about online fraud, because in addition to protecting the employee, it will protect the business."
As part of its effort to combat fraud, Resecurity detected and blocked more than 630 social media accounts publishing scams targeting people preparing for Hajj season, the company stated in a report on Hajj-related fraud.
Saudi Arabia has taken the threat seriously. The country's National Cybersecurity Authority (NCA) conducted a comprehensive cyber exercise with more than 200 agencies represented by more than 600 officials and specialists, with a specific focus on cybersecurity during the Hajj season.
The exercise, which the country also conducted the previous year, leaves it well-prepared to handle potential cyber incidents, IDC's Handa says.
"Drills are [being] conducted across the region to counter cyberattacks," she says, with the government "establishing a 24/7 cyber-operations room to monitor and analyze cyber threats and share results with national agencies, allocating cyber-incident response teams, and conducting assessments to measure the cyber-risks of sensitive assets."
Businesses should take a page from Saudi Arabia's playbook, says Kaspersky's Hasbini. While attacks typically drop off for the week around the Hajj, security teams are also short-staffed, often leaving response times slower. Planning to identify and respond to incidents under such restrictions makes for good preparation.
"While the risk of mistakes by an insider is lower when employees of an organization are out of office, we see a bigger risk if the responsibilities of employees in the IT or IT security departments … are mishandled or simply ignored, opening up weaknesses for attackers to abuse," he says.
Companies should be clear in their delegation of duties when there is a shortage of cybersecurity specialists and establish clear protocols for communications, Hasbini says.
Read more about:
Robert Lemos, Contributing Writer
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.
You May Also Like
Preventing Attackers From Wandering Through Your Enterprise Infrastructure
Empowering Developers, Automating Security: The Future of AppSec
Black Hat USA – Aug 3-8 – The Premier Technical Cybersecurity Conference – Learn More
Anatomy of a Data Breach – Dark Reading June 20 Event
Black Hat Europe – December 9-12 – Learn More
SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More
2024 InformationWeek US IT Salary Report
Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022
EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Google Threat Intelligence
A Year in Review of Zero-Days Exploited In-the-Wild in 2023
5 Essential Insights into Generative AI for Security Leaders
2023 Global Threat Report
Cisco Panoptica for Simplified Cloud-Native Application Security
Black Hat USA – Aug 3-8 – The Premier Technical Cybersecurity Conference – Learn More
Anatomy of a Data Breach – Dark Reading June 20 Event
Black Hat Europe – December 9-12 – Learn More
SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
