At GITEX 2023, Positive Technologies, the renowned leaders in cybersecurity insights, will present findings from their latest GCC Dark Web report. This document strives to shed a clearer light on cybercrime, arming cybersecurity professionals with valuable intelligence to shield their businesses from potential threat actors.

Research spearheaded by the Positive Technologies team dived deep into the shadow marketplaces, which cybercriminals exploit as platforms to target GCC enterprises. The report indicated that companies in the UAE and Saudi Arabia are the primary targets. The dark web frequently features ads concerning the sale and distribution of access and data. Entry points are priced as low as $35, with a significant number of these advertisements marking prices ranging from $100 to $1,000. Typically, this access comes with administrator rights, which greatly simplifies the process for even the most novice of attackers operating on a limited budget.

Enterprises based in the UAE and Saudi Arabia dominate the mentions in these ads, accounting for 46% and 23% of the advertisements, respectively. These nations’ ties to oil production and affluence seemingly magnetize cybercriminals.

The sectors that see the most chatter on the dark web include Government bodies and Finance, constituting 30% and 20% of the discussions, respectively. Both hacktivist groups and ransomware collectives predominantly target these sectors.

A significant 33% of the ads pivot around the sale or dispersion of data, encompassing company databases and essential credentials such as names and email addresses. Such data holds potential for varied malicious uses, like phishing and blackmail. The analysis underscores that about 31% of all data referenced on the dark web is made available at no charge, making it accessible to a wide array of cyber adversaries.

The provisioning of entryways to corporate infrastructures emerges as the second most discussed topic on the dark web, comprising 22% of the conversation. The research estimates that availing this service sets a cybercriminal back by approximately $35,000 to $40,000.

In evaluating the data, Positive Technologies’ analyst highlighted the striking affordability of most access points ($100–1,000), with about 90% providing administrator rights. This facilitates even those with rudimentary skills and modest budgets to exploit the data as-is. However, some ads tout pricier access, particularly to prominent companies in the region. These are typically sought after by more skilled hackers gearing up for intricate operations.

The brisk exchange of data and gateways to corporate infrastructure, compounded by economical cyber services and the low entry barrier for attackers, amplifies the vulnerabilities of GCC companies’ information systems. The experts suggest that firms bolster their protective measures, keeping all potential cyber threats and attack blueprints in mind. Adopting contemporary tools, like application-level firewalls, network traffic monitoring systems, and solutions for gathering and dissecting security event data, is highly recommended.