The prosperity of the federal state, its geopolitical positioning and its all-out digitalization make it a prime target for hackers.
The United Arab Emirates is facing an unprecedented wave of cyberattacks, pushing the federal state to its limits and leading it to rely on cutting-edge technologies such as artificial intelligence to strengthen its cyberdefenses.
“We sometimes experience up to 200,000 cyberattacks per day. The number of ransomware attacks, in particular, has recently increased by 30%. But we are also experiencing numerous distributed denial of service attacks, with disruptive rather than disruptive aims. Another novelty: it is the government which is the preferred target of a large part of these attacks, where cybercriminals previously mainly attacked companies”, declared Mohamed Al-Kuwaiti, the head of cybersecurity. of the Emirates, during the Gitex conference which is being held this week in Dubai.
Cyberattacks facilitated by generative AI
A recent report from Positive Technologies, a Russian cybersecurity company, claims that the number of politically motivated distributed denial of service attacks has increased by 70% year over year. They would mainly target the public sector.
Several reasons can explain the increase in attacks that the Emirates are currently experiencing. The first is due to the rise of generative AI, which allows hackers to easily write without spelling, grammar or syntax errors in a language they do not master. It has led to an increase in phishing attempts in countries that were until now relatively spared thanks to the fact that few criminals mastered their language. Proofpoint’s State of the Phish 2024 report shows a particularly spectacular increase in the volume of identity compromise attacks in the Emirates last year, the year ChatGPT became accessible to the general public: the quantity of these attacks jumped there. by 29%. A phenomenon that has also been experienced by countries such as Japan (+35%) and South Korea (+31%).
A rapidly digitalized economy
The second explanation is due to the rapid digitalization of the economy of this Gulf country, which built its fortune on oil and now intends to establish itself as a world leader in innovation. “Many of our public infrastructures use cutting-edge technologies, such as the cloud, the Internet of Things, blockchain, which enable tremendous advances, but also increase the potential attack surface,” notes Mohamed Al-Kuwaiti.
At the beginning of October, the head of cybersecurity of the Emirates announced three main strategic axes to strengthen the country’s resilience by the end of the year: the cloud, the IoT, and the creation of cybersecurity operational centers. A law to make communications systems resistant to quantum computers is also planned. These developments follow significant efforts made in recent years by the Emirates to strengthen their cyber defenses, in particular through the training of talents in mastering AI. “Investing in people is a fundamental dimension for improving cybersecurity. This is why we created an AI university in 2018. We also have several cutting-edge universities: Khalifa, Abu Dhabi University , NYU and the Sorbonne…”
A risky geopolitical position
The Emirates also rely on collaborations with foreign companies. “We have established a partnership with Microsoft, as well as several Chinese companies to adopt cutting-edge technologies around AI and cyberdefense,” says Mohamed Al-Kuwaiti.
In addition to its economic prosperity, which makes it a prime target for hackers, the Emirates are located in a conflict zone, where their balanced position makes them an ally, but also a potential enemy for all the powers involved. They are one of the first Arab countries to have moved closer to Israel, and since the terrorist attacks of October 7 and the IDF response on Gaza have found themselves in a complicated position which makes them a target of choice. In July, the pro-Palestinian hacker group BlackMeta targeted an Emirati bank with a DDoS attack that lasted more than 100 hours. The UAE has also suffered recent attacks from Iran. Mohamed Al-Kuwaiti also spoke of a wave of cyberattacks coming from a “major allied nation”, without expanding further.
Cybercriminals without borders
Beyond the Emirates strategy, cybersecurity was one of the major themes of this 44th edition of Gitex, where an entire day was devoted to this theme. “Cybercrime knows no borders. Many technologies can be used for hacking, extortion, sabotage, illegal transactions, etc. To deal with it, we need a mix of increased collaboration between humans, as well as new technologies,” said Didier Jacobs, Director of Information Technology and AI at Europol.
Several speakers highlighted the need to establish better collaboration between different States, in this conference where European, American, Chinese and Russian cybersecurity experts rub shoulders without apparent animosity. “In real life, we have become very good at preventing crimes and arresting criminals. But in the cyber sphere, we are not there yet, partly because law enforcement continues to operate within a state framework, while cybercrime operates globally,” said Craig Jones, former head of the fight against cybercrime at Interpol.
“For example, we had to deal with a group of Brazilian cybercriminals who were developing malware on Android and deploying it in Spain to hack bank accounts. By helping the Spanish and Brazilian authorities to collaborate, to simply exchange information, we finally managed to dismantle them Interpol is now trying to replicate this model around the world through the Synergia program: the organization invites the 196 countries of the world to exchange together, then provides them with data on the cyber threats that are operating. in one region and the harm suffered in another region.”
According to him, it is essential that national authorities fighting cybercrime also operate elsewhere than in their own country. “It is important to have men deployed where the threats come from, or where it is possible to collaborate and coordinate with other experts. This is why I advocate regional entities or international organizations such as Interpol to carry out this work.”
Related News :