What are the APTs targeting Saudi Arabia?

Sirar by stc is a leading Saudi Arabian cybersecurity provider, with more than 90 partners in its portfolio. It’s positioned as a one-stop shop, focusing on three major security pillars: managed security services, advisory services, and security solutions. 

When he described the firm’s work at #BHMEA22, Abdulrahman Al-Manea (Chief Product Mgmt and Marketing Officer at sirar by stc) said simply: 

“We see a lot, and we protect a lot.” 

So Al-Manea shared some of that information gathered through sirar by stc’s work with client companies – laying out the state of cybersecurity operations globally, and the key advanced persistent threats (APTs) that are targeting organisations in Saudi Arabia. 

A global view

“From a global perspective,” he said, “Scully Spider is one example of an active APT.” And what’s interesting is that Scully Spider offers malware as a service – showing that “even attackers are adopting different models to generate revenue.”

Another kind of business model that has become increasingly prevalent is DDos extortion; where attackers threaten to launch a DDos if you don’t follow their instructions. For example, during a ransomware attack against Cisco, the victim was threatened with a DDos attack if they contacted law enforcement.

But what matters here, is whether or not all these attacks really make an impact, beyond reputational damage. 

And the answer is yes, they do: an average of USD $6 million per attack in the Middle East, with an increase to $7 million in 2022. 

“So the average cost of attacks keeps increasing.” Meanwhile, the average number of days it takes to detect an attack has remained static (at around 200) since 2014; while recovery takes about 70 days. 

A closer look at the threat landscape in Saudi Arabia

Working closely with partners in Saudi Arabia, sirar by stc is uniquely positioned to understand the state of cybersecurity and attack attempts in the country. Speaking in 2022, Al-Manea said the firm had seen around 2 billion attempts so far that year. 

Attackers are working with: 

• NTP vulnerabilities 
• Botnet activities (including Andromeda, with 12 million attempts in Saudi Arabia) 
• IoT - Mirai (1 million attempts)
• Exchange attacks and phishing attacks (up to 16% of the emails observed by sirar by stc, to any of its client organisations, are malicious emails)
• Web security attacks (the firm’s web security solution blocked 34.5 billion threats in 2023)

And more. 

“Looking at the dark web gives us a lot of visibility of what’s being traded. We observed around five different underground forums selling Saudi Arabia-related data.” 

There were 256 threat actors behind those data breaches, and 111 corporations were affected by the attacks. 

During Hajj, the annual Islamic pilgrimage to Mecca, sirar by stc fielded more than 600 million blocked inbound traffic; 2.3 billion allowed inbound traffic; and mitigated a total of 1,266 attacks, which prevented downtime of 167:12:38. 

All of that to say: major cybersecurity providers are doing a lot. They’re managing high volumes of attack attempts and covering a vast (and increasing) threat landscape for their clients – and that’s true around the world, as well as in Saudi Arabia. 

Proactively secured security infrastructure is essential to protect organisations and individuals from cyber threats. And Al-Manea reminded us that the basics are just as important (if not more so) than deploying the latest security tooling. Don’t neglect your organisation’s information security governance and policies, and continue to enhance user awareness across attack vectors. A zero trust security model might be old news, but it’s still incredibly important; “and a security first culture would be needed in any organisation before rushing to market.”

So before you launch new products and services, always ask the question: is it secure by design?