Governments and Businesses Enhance Cybersecurity Measures for Hajj Season

Middle East News
Governments and Businesses Enhance Cybersecurity Measures for Hajj Season

Published:

Reading time: 4 min.

The Cybersecurity Landscape During Dhu al-Hijjah: A Time of Pilgrimage and Peril

As the final month of the Islamic calendar, Dhu al-Hijjah, commenced on June 7, millions of Muslims around the world began their preparations for the Hajj pilgrimage. This sacred journey, which draws pilgrims from across the globe to Saudi Arabia, is not only a time of spiritual reflection and community but also a period that attracts the attention of cybercriminals. With reduced vigilance and staffing during this busy season, businesses and individuals alike find themselves at heightened risk of cyberattacks.

The Cyber Threat Landscape

The Hajj pilgrimage, which begins on the eighth day of Dhu al-Hijjah and lasts for four to six days, coincides with a significant uptick in cyber threats. Cybersecurity experts have noted that while many attacks target pilgrims as consumers of travel services, a wide array of businesses—from banks to e-commerce platforms—are also vulnerable to data theft and denial-of-service attacks. For instance, on June 3, cybersecurity firm Kaspersky reported a data leak on an underground forum, allegedly involving the personal information of 168 million users from "The Hajj and Pilgrimage Organization in Iran."

Amin Hasbini, head of Kaspersky’s global research and analysis team for the Middle East, Turkey, and Africa, emphasizes that cybercriminals view the Hajj season as an opportunity to exploit reduced resources in security teams. "Companies in the Middle East and other regions need to exert extra caution during holiday seasons such as Hajj," he advises. The absence of certain employees can create vulnerabilities that threat actors are eager to exploit.

The Surge in Cyberattacks

Historically, the Hajj season has seen a fluctuation in cyberattacks. Kaspersky’s data indicates that while threats affecting Saudi Arabia and surrounding regions may drop by as much as 30% during the week of Hajj, they rebound sharply afterward. In 2022, for example, Saudi Arabia reported over 2 million cyberattacks during Dhu al-Hijjah, a stark increase following the reopening of the pilgrimage after COVID-19 restrictions.

Although Saudi Arabia did not release specific data on cyberattacks for 2023, other countries in the region have reported similar trends. Shilpi Handa, associate research director for security at IDC’s Middle East, Turkey, and Africa group, notes that there is a consistent annual surge in cybersecurity incidents reported by multiple organizations in the region after the conclusion of Hajj.

Cyber Scams Targeting Pilgrims

The cyber threats associated with the Hajj pilgrimage often begin well in advance, as cybercriminals seek to exploit the enthusiasm of Muslims planning their journey to Saudi Arabia. Attackers frequently employ tactics such as fake travel agencies, social media scams, and fraudulent online registration sites to ensnare unsuspecting victims. In response, Saudi Arabia’s Ministry of Hajj and Umrah launched the Nusuk platform, designed to connect prospective pilgrims with legitimate operators, significantly reducing instances of fraud.

However, advanced threat actors have adapted their strategies, using Hajj-related messages and notifications to lure employees into opening malicious links and attachments. For example, an India-linked threat group known as Sidewinder has targeted users in Asia and Africa with Hajj-themed emails. The challenge for many companies lies in the fact that employees often use their business emails on personal websites, inadvertently exposing themselves to threats.

Shawn Loveland, COO of Resecurity, emphasizes the importance of employee education regarding online fraud. "Employers should be helping to educate their employees about online fraud, because in addition to protecting the employee, it will protect the business," he states. Resecurity has taken proactive measures, detecting and blocking over 630 social media accounts that were publishing scams targeting individuals preparing for the Hajj season.

Defending Against Cyber Threats with Reduced Resources

Recognizing the seriousness of the cyber threat landscape, Saudi Arabia’s National Cybersecurity Authority (NCA) has implemented comprehensive measures to safeguard against potential cyber incidents during the Hajj season. The NCA conducted a large-scale cyber exercise involving over 200 agencies and more than 600 officials, focusing specifically on cybersecurity during this critical period.

Drills and preparedness exercises are being conducted across the region, with the government establishing a 24/7 cyber-operations room to monitor and analyze threats. This proactive approach is essential, especially given that security teams are often short-staffed during the Hajj season, which can lead to slower response times.

Kaspersky’s Hasbini advises businesses to adopt similar strategies. While the risk of insider mistakes may decrease when employees are out of the office, the responsibilities of IT and security personnel must be carefully managed to prevent vulnerabilities. Clear delegation of duties and established protocols for communication are vital for maintaining security during this busy period.

Conclusion

As the Hajj pilgrimage unfolds, the intersection of spirituality and cybersecurity becomes increasingly evident. While millions embark on a journey of faith, cybercriminals are poised to exploit the vulnerabilities that arise during this time. By remaining vigilant and proactive, both individuals and organizations can help safeguard against the rising tide of cyber threats, ensuring that the Hajj remains a time of unity and reflection rather than a target for exploitation.

Related articles

Recent articles

Latest news

© 2024 BasicFundas.com [ CYBERSECURITY NEWS UPDATES ] All Rights Reserved.