Middle East Cyber Battle Field Broadens — Especially in UAE TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesCybersecurity OperationsVulnerabilities & ThreatsThreat IntelligenceNewsBreaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia PacificMiddle East Cyber Battle Field Broadens — Especially in UAEAs the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.Robert Lemos,Contributing WriterMay 6, 20265 Min ReadSource: Arnold O. A. Pinto via ShutterstockIn early February, prior to the start of the 2026 conflict in the Middle East, the United Arab Emirates saw anywhere from 90,000 to 200,000 breach attempts every day.Following the opening of military operations by Israel and the US against Iran, cyberattacks surged a few weeks later, with the current daily average ranging between 600,000 and 800,000 breach attempts, Mohammed Al Kuwaiti, chairman of the UAE Cyber Security Council, told various publications.In addition, the mix of cyberattacks has changed from denial-of-service boasts on Telegram by hacktivists to more serious claims of intrusions and compromise, according to CypherLeak, a cybersecurity services firm with offices in the UAE and Morocco. Several Gulf nations saw a big jump in their "cyber-relevant activity" — a proxy for attacker and defender activity. The UAE saw 15 times the normal volume of cyber-relevant activity, Saudi Arabia 25 times, and Qatar more than quadrupled.Related:Chinese APT Abuses Multiple Cloud Tools to Spy on MongoliaThe cyberthreat baseline has clearly shifted upward, says CypherLeak CEO Mohamed Amine Belarbi."The conflict has created a real mobilization effect — hacktivists, opportunistic cybercriminals, and Iran-aligned actors now have a political trigger and a target list," Belarbi says. "So we are seeing more attacks, but we are also seeing more of the attacks that were previously below the radar."The conflict in the Middle East has continued to expand the utility of cyber operations. Both Iran and Israel — and presumably, the US — have used compromised IP cameras to gain intelligence on their enemies and judge the impact of bombing and missile strikes. Cyberattacks on critical infrastructure and industrial systems continue to raise the stakes, even though defenders have hardened many systems, leading to fewer consequences from infrastructure attacks.Whether the increase in attacks will outlast the current military conflict is a question mark, says Austin Warnick, director of the national-security intelligence team at threat-intelligence provider Flashpoint."It remains to be seen whether the frequency baseline of cyberattacks has been permanently raised."Typically, a surge in cyberattacks follows a major Middle Eastern geopolitical event — those attack surges tend to become less frequent as geopolitical tensions cool," he says. "However, given the current climate, even if the conflict ends completely, it is possible that the baseline of attacks could be raised compared to the pre-conflict baseline as a 'new normal.'"Less Infrastructure, More Diplomacy?Related:Chinese APT Targets Indian Banks, Korean Policy CirclesIn their own analysis of UAE cyber-readiness, CypherLeak found little evidence of successful destructive cyberattacks against UAE critical infrastructure. Yet, the company did find that attackers are more focused on critical business sectors, such as finance, telecoms, aviation, law enforcement, and energy-adjacent infrastructure, says CypherLeak's Belarbi."A genuinely damaging attack on UAE infrastructure would not look like a website defacement," he says. "It would look like disruption of identity and access systems, payment processing, port logistics, aviation operations, telecom routing, or cloud-dependent government services. Even without physical damage, that type of attack could create cascading delays and undermine public confidence."Several Middle Eastern nations — most notably, the UAE and Saudi Arabia — are much better at detecting and blocking threats, significantly improving their cyber visibility, which is likely driving up the number of detected attacks and reducing the impact of those attacks, says Cypherleak's Belrabi.The cyberattacks may also more resemble a pressure campaign to convince the UAE and other Gulf states to support a more favorable outcome for Iran in negotiations to end the war, says Alexis Rapin, a cyber threat analyst at cybersecurity firm ESET. The most visible attacks by Iran have been drone strikes and missile attacks against the infrastructure of other Gulf states, but cyber operations could succeed where other attacks have fallen short, he says.Related:6-Year Ransomware Campaign Targets Turkish Homes & SMBs"By creating all sorts of difficulties for Gulf states, Tehran ultimately hopes that they will pressure their American allies into agreeing to a deal more reflective of Iran’s desires," Rapin says. "It's possible that what we’re seeing now is cyber being leveraged as well by Tehran to supplement and reinforce this broader coercive diplomacy."AI Advantage to the AttackerWhile defenders are increasingly using AI to help triage detections, humans are still required for much of the threat detection and remediation pipeline, according to ESET. While attackers have jumped on AI, often the result is "poorly crafted and executed attacks," says Adam Burgher, senior threat intelligence analyst with ESET.AI certainly lowers the cost of cyber operations, allowing lower-skilled actors to become a more serious threat, says CypherLeak's Belarbi."Right now, I would say AI gives attackers a scaling advantage, but not necessarily a sophistication advantage," he says. "It makes mediocre attackers faster. It does not automatically make them elite operators. The real risk for Gulf states is volume: more convincing phishing, more automated probing, more fake breach claims, and more pressure on security teams."The most significant threat is one that has been around for a while. Iran is well-known for its use of wiper malware to cause operational disruption, and that is perhaps the most critical attack to defend against. Threat actors in the Gulf region are aggressive about finding and exploiting vulnerabilities, says ESET's Burgher."Threat actors are readily willing to exploit exposed vulnerabilities — [such as] an unpatched application running on a Web server — and do so in a large number of compromises," he says. "Maintaining solid patch-management policies, procedures, and guidelines are critically important for defending against [these] threat actors."Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!Read more about:DR Global Middle East & AfricaAbout the AuthorRobert LemosContributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.See more from Robert LemosWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

The cybersecurity landscape in the Middle East, particularly within the United Arab Emirates, is undergoing a significant transformation driven by ongoing geopolitical tensions, specifically the conflict between Iran and Israel. According to Robert Lemos of Dark Reading, breach attempts targeting the UAE have tripled in just a few weeks following the escalation of hostilities, with current daily averages reaching between 600,000 and 800,000. This dramatic surge represents a substantial shift from the pre-conflict baseline, which CypherLeak, a cybersecurity services firm, estimates to have been 90,000 to 200,000 attempts per day. The nature of these attacks has also evolved, moving beyond simple denial-of-service operations by hacktivists to more sophisticated intrusions and compromised systems. CypherLeak CEO Mohamed Amine Belarbi highlights the mobilization effect of the conflict, noting the increased activity from hacktivists, opportunistic cybercriminals, and Iran-aligned actors. This expansion in attack surface is attributed to the UAE and Saudi Arabia’s significantly enhanced cyber-relevant activity, rising to 15 and 25 times their normal levels respectively, alongside Qatar’s nearly quadrupled activity.

The UAE’s improved cyber-readiness, coupled with increased detection and blocking capabilities, appears to be contributing to the high volume of attacks while mitigating their impact. CypherLeak’s Belarbi explains that attackers are now focusing on critical business sectors—including finance, telecommunications, aviation, law enforcement, and energy infrastructure—rather than attempting widespread, destructive attacks on core infrastructure. These targeted intrusions seek to disrupt critical business services, such as identity and access systems, payment processing, or port logistics, rather than causing physical damage.

Several Middle Eastern nations, notably the UAE and Saudi Arabia, are demonstrating greater capacity for cyber defense, significantly improving their visibility into attacker and defender activity. This heightened awareness is likely a key factor in reducing the overall impact of these attacks. Alexis Rapin, a cyber threat analyst at ESET, suggests that these cyber operations may be part of a broader coercive diplomatic campaign employed by Iran to pressure the UAE and other Gulf states into supporting a more favorable outcome in the ongoing conflict. While direct infrastructural damage remains limited, the sustained pressure could influence negotiations.

The rise in cyberattacks is also linked to the accessibility of AI tools, which are lowering the barrier to entry for cybercriminals. According to Adam Burgher, a senior threat intelligence analyst with ESET, AI is allowing lower-skilled actors to execute attacks more rapidly and effectively, increasing the overall volume of attacks. Key defensive measures include robust patch management policies, rigorous vulnerability assessments and proactive mitigation strategies. CypherLeak’s Belarbi emphasizes that these attacks resemble a pressure campaign rather than outright acts of destruction, noting the focus on disrupting business operations. Furthermore, the threat of wiper malware—a known tactic of Iranian actors—represents a critical area of concern, requiring vigilance and proactive defense strategies.