Middle East’s financial sector at risk

Cybercriminals increase attacks as digital transformation takes hold
Middle East’s financial sector at risk
Cyber criminal

Experts urge organizations to adapt security strategies to new hybrid work environments. With the rapid digital transformation of the Middle East, opportunities for cybercriminals have increased. Financially-motivated attackers and advanced persistent threat groups are taking advantage of this situation to target organizations, particularly those in the financial sector, with various types of attacks. Among these attacks, Distributed Denial of Service (DDoS) extortion attacks and ransomware attacks are the most prominent. The consequences of such attacks can be devastating, not only for the targeted organization but also for downstream customers.

Read: Six global cyber extortion trends observed around the world

Economy Middle East spoke to four experts about the unique challenges that financial institutions face when dealing with such attacks and explored ways to mitigate these attacks.


Jonathan Mepsted, VP Middle East & Africa, Netskope


Financial services companies are experiencing an increase in attacks, which underscores the need for them to adapt their security strategies to the new normal of hybrid work. The use of traditional, perimeter-based defenses and legacy solutions is now outdated.

According to our recent Cloud & Threat Report, despite the widespread adoption of cloud technology, financial services organizations still face cloud malware downloads as a top threat. Microsoft’s OneDrive is also the primary source of malware in this regard.

To address these challenges, financial services firms must implement a multilayered security strategy that protects all cloud and web traffic. By following zero-trust principles that control access and restrict movement of sensitive data, the security team can refine policies and quickly identify risks. Limiting the flow of sensitive data to and from cloud and private applications is also critical. Furthermore, enabling multifactor authentication (MFA) will help mitigate the risk of stolen credentials and extend security to unmanaged apps.


Saeed Ahmad, Managing Director, Middle East and North Africa, Callsign


Authorized Push Payment (APP) fraud is currently one of the most significant concerns in the banking industry. The term “authorized” is crucial here because it refers to a transaction that is difficult for banks to identify as fraudulent because the consumer is manipulated into executing the transaction.

This type of fraud relies on impersonation, with fraudsters making legitimate-sounding requests for money, payment for products or services, overdue taxes, or even claiming the victim’s bank account has been compromised and asking them to transfer funds to a secure account.

According to Forrester Research, authorized push payments are a major concern for 66 percent of financial services and consumer banking firms worldwide, with the Middle East at 67 percent, APAC at 66 percent, North America at 56 percent, and the UK at 72 percent.

Fraudsters use social engineering to psychologically influence consumers into sending money to their accounts. As a result, static fraud warning messages in customers’ online journeys have become commonplace and easy to forget or dismiss. Fraudsters also anticipate these messages and coach users around them.

With the increasing use of real-time and speedier payment technologies as the global standard, banks, and financial service organizations must look beyond traditional fraud detection and actively detect, intervene, and protect against fraud.

To stay ahead of fraudsters’ constantly evolving tactics, financial institutions require real-time fraud prevention solutions such as dynamic fraud warnings and next-generation behavioral biometrics. A real-time solution is necessary that detects fraud in progress by studying the user’s behavioral patterns and using that information to assess whether the user is being tricked or coerced by a fraudster.

By combining behavioral data with threat or malware detection, a financial institution can intervene when a user is at risk. Interventions can provide intelligent, contextual, and timely fraud messages to customers.


Ashraf Koheil, Group-IB Regional Sales Director META


The rapid digital transformation in the Middle East has presented significant opportunities for financially-motivated cybercriminals and advanced persistent threat groups to exploit. Fortunately, many organizations in key sectors are taking this challenge seriously and investing in cybersecurity.

However, ransomware remains a significant threat to organizations across all sectors of the MEA economy. According to Group-IB’s latest Hi-Tech Crime Trends 2022/2023 report, between H2 2021 and H1 2022, 18 MEA companies in the financial sector fell victim to ransomware-related data leaks. Furthermore, globally, ransomware-related data leaks of financial companies rose by 43 percent in H2 2021 – H1 2022 compared to the previous reporting period.

The increasing influence of initial access brokers (IAB) who sell corporate access to breached companies on the dark web is also driving the continued spike in ransomware activity. Group-IB Threat Intelligence has discovered that between H2 2021 and H1 2022, the number of MEA-related network access offers doubled from 88 to 179, with UAE companies being the most sought-after.

Additionally, in the UAE alone, more than 280,000 accounts, including social networks, e-commerce sites, banks, and corporate logins, were compromised by threat actors who utilized information stealers – malware that collects personal details such as passwords and logins from the victim’s browser metadata.


Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT


Financial institutions are high-value targets for threat actors due to the sensitive data and large sums of money they possess. One common attack method used against them is DDoS extortion attacks. These attacks not only disrupt business operations but also impact customers attempting to use their credit cards.

A hack of a commercial bank or payment card processor can be catastrophic. Credit card processors can handle over 5,000 transactions per second, making even a few minutes of delay very costly. This can severely damage the organization’s reputation and customer retention.

DDoS attacks on financial institutions can be more sophisticated than traditional attacks, as threat actors may first execute a demonstration attack on elements of the organization’s online infrastructure before sending an email requesting payment in cryptocurrency, usually Bitcoin. Additionally, professional ransomware groups have expanded their tactics to include triple extortion, which involves encrypting files, stealing data, and launching DDoS attacks to increase their chances of receiving payment.

To safeguard their public-facing web infrastructure from the dangers and repercussions of DDoS attacks, financial institutions should first deploy a comprehensive DDoS security and mitigation system. Additionally, it’s crucial to test DDoS mitigation technologies semi-regularly to ensure that any changes and modifications to the organization’s online systems are incorporated into the overall protection strategy. This ensures that the entire online infrastructure is protected against DDoS attacks. Finally, financial institutions may want to consider hiring a DDoS assault specialist on demand to assist them in navigating uncharted circumstances and terrain.

For more on Cyber, click here.