Financial institutions across the Middle East are grappling with a surge in sophisticated cyber threats. Despite holding security drills like the recent Cyber Wargaming exercise in the UAE, experts warn that rapid digital growth and a shortage of skilled security professionals are creating significant vulnerabilities for banks in the region. These institutions remain a prime target for cybercriminals focused on financial gain.
Simulated Attacks Reveal Gaps in Security
At the fourth annual Cyber Wargaming exercise, banks and financial firms in the United Arab Emirates tested their defenses against simulated cyberattacks. The event, organized by the UAE Banks Federation, was designed to find and fix weaknesses in the industry’s security infrastructure.
Jamal Saleh, the director general of the federation, highlighted the growing danger. He noted that the quick adoption of new digital technologies has increased risks for both transaction security and the core systems that banks rely on.
A recent report from the UAE Cyber Security Council found that financial institutions were the target of 21% of all cyber incidents in the region. This makes them the second most attacked sector, just behind government entities, which faced 35% of the attacks.
The Persistent Threat of Ransomware
Cybercriminals are changing their methods. While some types of attacks have decreased, criminals now focus on phishing, identity theft, and ransomware to target financial companies.
Ransomware, which involves locking up a victim’s data and demanding payment, is a major problem. According to a new report, the number of ransomware groups targeting UAE organizations has grown from 12 in 2023 to 19 this year. RansomHub and LockBit are among the most active gangs.
Ray Kafity, a vice president at the cybersecurity firm Halcyon, explained why banks are such a popular target. “The financial sector remains a top target because these institutions have historically shown a willingness to pay ransoms,” he said. He added that these attacks will continue as long as they remain profitable for the criminals.
The problem is made worse by the rise of ransomware-as-a-service (RaaS). This model allows criminals with few technical skills to rent the tools needed to launch powerful attacks, making the threat more widespread.
An Expanding Digital Attack Surface
The number of internet-connected devices and systems in the UAE has grown dramatically, creating more opportunities for hackers to find a way in. This expanded attack surface makes it harder for banks to defend themselves.
A recent report highlighted this rapid growth with the following data:
| Year | Exposed Digital Assets in the UAE |
|---|---|
| 2023 | 155,000 |
| 2024 | 223,000 |
Osama Al-Zoubi of Phosphorus Cybersecurity stated that keeping track of all these devices is a huge challenge for banks. “Financial institutions need broader defenses that keep track of every connected device, from ATMs to employee workstations,” he said. To make matters worse, nearly a third of systems in the UAE have not been updated to fix a well-known security flaw that is over a year old.
Government Response and Geopolitical Factors
In response to these growing threats, the UAE government has pledged over $2 billion to improve the nation’s cybersecurity defenses. The funding is aimed at protecting critical infrastructure and modernizing security systems that are no longer effective against modern attacks.
A large part of this investment will be used for several key areas:
- Upgrading older legacy systems that were not designed for today’s threats.
- Increasing spending on identity protection and data security.
- Securing operational technology (OT), which includes physical infrastructure alongside IT systems.
While many attacks are driven by money, banks in the Middle East also face threats from politically motivated hackers. Research shows that Saudi Arabia and the UAE are the main targets for these types of attacks in the region. However, experts like Kafity believe that most ransomware groups operate for profit and are not tied to specific national interests.
Frequently Asked Questions
Why are banks in the Middle East a major target for cyberattacks?
Banks are a top target due to their direct access to money, a history of paying ransoms, and the critical role they play in the economy. The rapid expansion of digital banking services also creates more potential entry points for attackers.
What is ransomware-as-a-service (RaaS)?
RaaS is a business model where ransomware developers lease their malicious software to other criminals. This allows less skilled individuals to launch sophisticated ransomware attacks without needing to create the tools themselves.
How is the UAE government responding to these threats?
The UAE government is investing over $2 billion in cybersecurity. This funding will focus on upgrading outdated systems, strengthening national defenses, and securing both digital and physical infrastructure against modern cyber threats.
What is an expanded attack surface?
An expanded attack surface refers to the growing number of devices, systems, and online assets that an organization has. This includes everything from servers and employee computers to ATMs and mobile banking apps, all of which can be potential targets for cybercriminals.
Are all cyberattacks in the region financially motivated?
No, while many attacks like ransomware are for financial gain, the region also faces threats from hacktivists and nation-state actors. These groups are often driven by political or ideological goals, with Saudi Arabia and the UAE being the most frequent targets.
