High

Analysis Summary

Although there is a minor decrease in cyberattacks during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with significant Muslim populations report an increase in attacks.

Dhu al-Hijjah, the last month of the Islamic calendar, started on June 7. It is a time when millions of Muslims count down to the Hajj pilgrimage and when cybercriminals and cyber espionage threat actors sense enhanced opportunity due to lowered security and personnel levels. Although pilgrims are the target of many cyberattacks as travelers, experts say that a range of organizations, including banks and e-commerce sites, are more vulnerable to data theft and denial-of-service attacks.

For instance, threat actors disclosed a data dump on a dark web forum purportedly including the private data of 168 million individuals from "The Hajj and Pilgrimage Organization in Iran". According to the cybersecurity experts who lead global research and analysis teams for the Middle East, Turkey, and Africa, the attacks underscore two aspects of how threat actors view the Hajj season; as a chance to exploit pilgrims and as a period when security teams have fewer resources available, leaving businesses and government agencies vulnerable.

Businesses in the Middle East and other locations must exercise particular vigilance during holidays like the Hajj; some employees' absences must be reported to ensure smooth operations and the maintenance of productivity and security. In general, companies face difficulties in obtaining and preparing the necessary resources, procedures, and plans to effectively execute the handover transition, hence exposing vulnerabilities that could be exploited by malicious actors.

Cyberattacks swiftly resurface after the Hajj week, while risks to Saudi Arabia and other nations in the region can decrease by as much as 30% during that time. For example, in 2022, after the COVID-19 pandemic, Saudi Arabia reopened the annual Hajj journey to the world. During the month of Dhu al-Hijjah, which begins with the sighting of the new crescent moon, intrusions doubled to over 2 million.

Although Saudi Arabia did not submit data regarding cyberattacks in 2023, researchers noted that other nations experienced comparable spikes in attacks. Many security firms in the Middle East report a notable increase in cybersecurity incidents each year. Every year, following the completion of the Hajj, similar findings are reported from all around the region.

Cybercriminals try to exploit Muslims who intend to travel to Saudi Arabia for the Hajj, therefore they usually start their cyberattacks early in the year. Scammers trick naïve victims by using social media scams, phony travel firms, or attacker-controlled online registration sites. The Ministry of Hajj and Umrah in Saudi Arabia oversees the infrastructure and services related to the pilgrimages. To cut down on fraud, the ministry introduced Nusuk, a government portal that links potential pilgrims with reputable operators and locations.

On the other hand, sophisticated threat actors have utilized Hajj-related messages and notifications to trick workers into clicking on email attachments and URLs. For instance, there are reports that from January to May 2024, an India-affiliated threat group, also going by the names Sidewinder and Rattlesnake, utilized emails about the Hajj to target people in Asia and Africa.

According to a worldwide cybersecurity firm with clients in the Middle East, the issue facing many businesses is that employees frequently utilize their work email in online forms or expose themselves to dangers through social media. The number of employees who utilize their work email on personal websites is alarming. Threat actors know where the employee works if their PII is stolen. Employers have a responsibility to assist in educating their staff members about internet fraud as doing so will safeguard the company as well as the individual.

The threat is being taken seriously by Saudi Arabia. With a particular focus on cybersecurity during the Hajj season, the nation's National Cybersecurity Authority (NCA) collaborated with over 200 agencies, represented by over 600 officials and professionals, to execute a thorough cyber exercise. The nation is well-prepared to address any cyber crises thanks to the exercise, which it also carried out the year before.

Throughout the region, exercises are being held to thwart cyberattacks. The government assigns cyber-incident response teams, measuring the cyber risks of critical assets through assessments, and setting up a 24/7 cyber-operations room to monitor and evaluate cyber threats and exchange results with national agencies. Organizations may learn from Saudi Arabia's model. Attacks tend to decrease during the week leading up to the Hajj, but security teams are also understaffed, which frequently results in longer reaction times. It's wise to prepare to recognize and handle situations with these limitations.

While there is less chance of an insider making a mistake while company personnel are not in the office, there is a greater risk if staff members in the IT or IT security departments handle their jobs improperly or don't pay attention to them at all, creating opportunities for attackers to exploit. When there is a lack of cybersecurity experts, businesses should delegate responsibilities clearly and set up clear communication mechanisms.

Impact

• Sensitive Information Theft
• Cyber Espionage
• Denial of Service
• Financial Loss

Remediation

• Conduct regular security awareness training for users to recognize and avoid phishing emails.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.
• Implement SIEM solutions to centralize log collection and analysis. This can help in identifying patterns of suspicious behavior and provide timely alerts for potential security incidents.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.