Middle East Cyber Battle Field Broadens — Especially in UAE

CYBERATTACKS & DATA BREACHES CYBERSECURITY OPERATIONS VULNERABILITIES & THREATS THREAT INTELLIGENCE NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Middle East Cyber Battle Field Broadens — Especially in UAE As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure. Robert Lemos,Contributing Writer May 6, 2026 5 Min Read SOURCE: ARNOLD O. A. PINTO VIA SHUTTERSTOCK In early February, prior to the start of the 2026 conflict in the Middle East, the United Arab Emirates saw anywhere from 90,000 to 200,000 breach attempts every day. Following the opening of military operations by Israel and the US against Iran, cyberattacks surged a few weeks later, with the current daily average ranging between 600,000 and 800,000 breach attempts, Mohammed Al Kuwaiti, chairman of the UAE Cyber Security Council, told various publications. In addition, the mix of cyberattacks has changed from denial-of-service boasts on Telegram by hacktivists to more serious claims of intrusions and compromise, according to CypherLeak, a cybersecurity services firm with offices in the UAE and Morocco. Several Gulf nations saw a big jump in their "cyber-relevant activity" — a proxy for attacker and defender activity. The UAE saw 15 times the normal volume of cyber-relevant activity, Saudi Arabia 25 times, and Qatar more than quadrupled. Related:Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia The cyberthreat baseline has clearly shifted upward, says CypherLeak CEO Mohamed Amine Belarbi. "The conflict has created a real mobilization effect — hacktivists, opportunistic cybercriminals, and Iran-aligned actors now have a political trigger and a target list," Belarbi says. "So we are seeing more attacks, but we are also seeing more of the attacks that were previously below the radar." The conflict in the Middle East has continued to expand the utility of cyber operations. Both Iran and Israel — and presumably, the US — have used compromised IP cameras to gain intelligence on their enemies and judge the impact of bombing and missile strikes. Cyberattacks on critical infrastructure and industrial systems continue to raise the stakes, even though defenders have hardened many systems, leading to fewer consequences from infrastructure attacks. Whether the increase in attacks will outlast the current military conflict is a question mark, says Austin Warnick, director of the national-security intelligence team at threat-intelligence provider Flashpoint. "It remains to be seen whether the frequency baseline of cyberattacks has been permanently raised. "Typically, a surge in cyberattacks follows a major Middle Eastern geopolitical event — those attack surges tend to become less frequent as geopolitical tensions cool," he says. "However, given the current climate, even if the conflict ends completely, it is possible that the baseline of attacks could be raised compared to the pre-conflict baseline as a 'new normal.'" Less Infrastructure, More Diplomacy? Related:Chinese APT Targets Indian Banks, Korean Policy Circles In their own analysis of UAE cyber-readiness, CypherLeak found little evidence of successful destructive cyberattacks against UAE critical infrastructure. Yet, the company did find that attackers are more focused on critical business sectors, such as finance, telecoms, aviation, law enforcement, and energy-adjacent infrastructure, says CypherLeak's Belarbi. "A genuinely damaging attack on UAE infrastructure would not look like a website defacement," he says. "It would look like disruption of identity and access systems, payment processing, port logistics, aviation operations, telecom routing, or cloud-dependent government services. Even without physical damage, that type of attack could create cascading delays and undermine public confidence." Several Middle Eastern nations — most notably, the UAE and Saudi Arabia — are much better at detecting and blocking threats, significantly improving their cyber visibility, which is likely driving up the number of detected attacks and reducing the impact of those attacks, says Cypherleak's Belrabi. The cyberattacks may also more resemble a pressure campaign to convince the UAE and other Gulf states to support a more favorable outcome for Iran in negotiations to end the war, says Alexis Rapin, a cyber threat analyst at cybersecurity firm ESET. The most visible attacks by Iran have been drone strikes and missile attacks against the infrastructure of other Gulf states, but cyber operations could succeed where other attacks have fallen short, he says. Related:6-Year Ransomware Campaign Targets Turkish Homes & SMBs "By creating all sorts of difficulties for Gulf states, Tehran ultimately hopes that they will pressure their American allies into agreeing to a deal more reflective of Iran’s desires," Rapin says. "It's possible that what we’re seeing now is cyber being leveraged as well by Tehran to supplement and reinforce this broader coercive diplomacy." AI Advantage to the Attacker While defenders are increasingly using AI to help triage detections, humans are still required for much of the threat detection and remediation pipeline, according to ESET. While attackers have jumped on AI, often the result is "poorly crafted and executed attacks," says Adam Burgher, senior threat intelligence analyst with ESET. AI certainly lowers the cost of cyber operations, allowing lower-skilled actors to become a more serious threat, says CypherLeak's Belarbi. "Right now, I would say AI gives attackers a scaling advantage, but not necessarily a sophistication advantage," he says. "It makes mediocre attackers faster. It does not automatically make them elite operators. The real risk for Gulf states is volume: more convincing phishing, more automated probing, more fake breach claims, and more pressure on security teams." The most significant threat is one that has been around for a while. Iran is well-known for its use of wiper malware to cause operational disruption, and that is perhaps the most critical attack to defend against. Threat actors in the Gulf region are aggressive about finding and exploiting vulnerabilities, says ESET's Burgher. "Threat actors are readily willing to exploit exposed vulnerabilities — [such as] an unpatched application running on a Web server — and do so in a large number of compromises," he says. "Maintaining solid patch-management policies, procedures, and guidelines are critically important for defending against [these] threat actors." Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now! Read more about: DR Global Middle East & Africa About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Tips for Managing Cloud Security in a Hybrid Environment? Zero Trust Architecture for Cloud environments: Implementation Roadmap More Webinars You May Also Like CYBERATTACKS & DATA BREACHES Critical Fortinet Flaws Under Active Attack by Jai Vijayan, Contributing Writer DEC 17, 2025 CYBERATTACKS & DATA BREACHES CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks by Rob Wright DEC 04, 2025 CYBERATTACKS & DATA BREACHES F5 BIG-IP Environment Breached by Nation-State Actor by Alexander Culafi OCT 15, 2025 CYBERATTACKS & DATA BREACHES Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business by Robert Lemos, Contributing Writer OCT 03, 2025 Editor's Choice CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 IDENTITY & ACCESS MANAGEMENT SECURITY Oracle Red Bull Racing Team Revs Up Automation to Boost Security byArielle Waldman APR 30, 2026 5 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Anatomy of a Data Breach: What to Do if it Happens to You JUNE 18TH, 2026 | 11:00AM -5:00PM ET | DOORS OPEN AT 10:30AM ET How Well Can You See What's in Your Cloud? THURS, JUNE 4, 2026 AT 1:00PM EST Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning MON, MAY 11, 2026 AT 1:00PM ET Zero Trust Architecture for Cloud environments: Implementation Roadmap TUES, MAY 12, 2026 AT 1PM EST More Webinars BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS