DarkMatter, a cyber-security company in the UAE with government contracts, said that financial and oil and gas sectors in the Middle East, as well as utilities and transport infrastructure, are frequently coming under attacks online.
These breaches are widespread, often undetected and increasingly executed by state-sponsored actors who target the economic and social stability of regional economies, the cyber-security company based in Abu Dhabi, said in a report released on Monday.
"The commercial and strategic magnitude makes [critical infrastructure] industries attractive targets, with potentially devastating effects on the security of nations and their citizens," Karim Sabbagh, chief executive of DarkMatter Group, told The National.
DarkMatter analysed threats and trends between October 2018 and March 2019, but did not disclose the names and number of companies that were evaluated, citing security reasons.
The energy industry in particular is critical to Middle East economies, with the GCC counting $835 billion (Dh3 trillion) in active oil and gas construction projects, the report said. Three-quarters of regional oil and gas companies have experienced some form of cyber-security breach, according DarkMatter.
Last December Shamoon 3, a data-wiping malware, targeted the oil and gas sector. It attacked Saipem, the technology vendor of Saudi Aramco and other majors in the kingdom, Mr Sabbagh said.
DarkMatter estimates that cyber crimes will cost the private and public sectors $6tn in the next two years globally, in what Mr Sabbagh called "the largest transfer of economic wealth in the history of mankind". But he warned of a "huge gap" in cyber-security investment, which will amount to a total of only $1tn between 2017 and 2021.
DarkMatter said the current efforts to mitigate cyber risks are insufficient and there is a considerable chance attacks will be successful.
Most breaches that DarkMatter investigated took advantage of outdated software or weak passwords. Eighty-three per cent of organisations were using unverified software and 91 per cent had old software with missing critical security patches. Nine in 10 organisations in the region were using insecure network protocols, which manage communication between systems.
The UAE, with the second-highest smartphone adoption rate globally and one of the world’s most digitally-connected societies, continues to be one of the most attractive destinations for cyber criminals in the world, reported DarkMatter.
"The UAE is increasingly relying on digitalisation while pursuing its social, economic and digital agendas. It is expanding its digital footprint and de facto enlarging the [cyber] attack surface," said Mr Sabbagh.