The ultimate month of the Islamic calendar, Dhu al-Hijjah, started on June 7, marking the countdown for hundreds of thousands of Muslims to the Hajj pilgrimage, and likewise a time when cybercriminals and cyber-espionage actors see elevated alternative amid diminished vigilance and slimmed staffing.
Whereas lots of the cyberattacks are centered on pilgrims as shoppers of journey companies, quite a lot of companies — from banks to e-commerce websites — are at better danger of knowledge theft and denial-of-service assaults, in line with consultants. On June 3, for instance, cyberthreat actors introduced an information leak on an underground discussion board that allegedly contained the private info of 168 million customers from “The Hajj and Pilgrimage Group in Iran,” in line with cybersecurity agency Kaspersky.
The assaults spotlight the 2 facets of how cyberattackers see the Hajj season: as a chance to make the most of pilgrims, but in addition as a time of diminished assets for safety groups, making enterprise and authorities businesses susceptible, says Amin Hasbini, head of worldwide analysis and evaluation workforce for the Center East, Turkey, and Africa area at Kaspersky.
“Corporations within the Center East and different areas have to exert further warning throughout vacation seasons akin to Hajj — the absence of sure workers must be accounted for to make sure easy operations and sustaining safety effectivity and productiveness,” he says. “Total, it’s difficult for corporations to have the precise assets out there and prepared, along with the precise insurance policies and plans to finish the handover transition accurately, creating weaknesses that may very well be abused by menace actors.”
The Hajj, which begins on the eighth day of the Islamic month and lasts 4 to 6 days, marks practically every week of non secular holidays for the Center East and for an estimated 2 billion Muslims worldwide.
Whereas Kaspersky sees threats affecting Saudi Arabia and different nations within the area drop by as a lot as 30% in the course of the week of the Hajj, cyberattacks then shortly rebound. In 2022, as an illustration, when Saudi Arabia as soon as once more opened the annual Hajj pilgrimage to the world following the COVID-19 pandemic, cyberattacks doubled to greater than 2 million in the course of the month of Dhu al-Hijjah, which formally begins with the looks of the brand new crescent moon.
Whereas Saudi Arabia didn’t report knowledge on cyberattacks in 2023, different nations have seen comparable will increase in assaults, says Shilpi Handa, affiliate analysis director for safety at IDC’s Center East, Turkey, and Africa group.
“Yearly, there is a important surge in cybersecurity incidents reported by a number of safety organizations within the Center East,” she says. “Comparable findings are reported all around the area after the conclusion of Hajj every year.”
Cyber Scams
The cyber threats linked to the Hajj pilgrimage usually start early within the yr, as cybercriminals goal to make the most of Muslim adherents planning to make the journey to Saudi Arabia. Attackers use faux journey businesses, social media scams, or attacker-controlled on-line registration websites to entrap unsuspecting victims. Saudi Arabia’s Ministry of Hajj and Umrah, which manages companies and infrastructure across the pilgrimages, launched a authorities platform, Nusuk, that connects potential pilgrims with official operators and websites, which has considerably diminished fraud.
Nevertheless, superior menace actors have used messages and notifications concerning the Hajj as a method to lure workers into opening hyperlinks and attachments in e mail. From January to Could 2024, for instance, an India-linked menace group — alternatively referred to as Sidewinder and Rattlesnake — has used Hajj-related emails to focus on customers in Asia and Africa, in line with Kaspersky.
The issue for a lot of corporations is that workers usually use their enterprise e mail in Internet kinds, or expose themselves to threats by way of social media, says Shawn Loveland, chief working officer for Resecurity, a world cybersecurity service supplier with purchasers within the Center East.
“It is regarding what number of workers use their enterprise e mail on private web sites,” he says. “If their PII will get scammed, now the menace actors know the place you’re employed. … Employers ought to be serving to to coach their workers about on-line fraud, as a result of along with defending the worker, it would shield the enterprise.”
As a part of its effort to fight fraud, Resecurity detected and blocked greater than 630 social media accounts publishing scams concentrating on folks making ready for Hajj season, the corporate said in a report on Hajj-related fraud.
Defending With Diminished Head Depend
Saudi Arabia has taken the menace severely. The nation’s Nationwide Cybersecurity Authority (NCA) performed a complete cyber train with greater than 200 businesses represented by greater than 600 officers and specialists, with a particular concentrate on cybersecurity in the course of the Hajj season.
The train, which the nation additionally performed the earlier yr, leaves it well-prepared to deal with potential cyber incidents, IDC’s Handa says.
“Drills are [being] performed throughout the area to counter cyberattacks,” she says, with the federal government “establishing a 24/7 cyber-operations room to watch and analyze cyber threats and share outcomes with nationwide businesses, allocating cyber-incident response groups, and conducting assessments to measure the cyber-risks of delicate property.”
Companies ought to take a web page from Saudi Arabia’s playbook, says Kaspersky’s Hasbini. Whereas assaults usually drop off for the week across the Hajj, safety groups are additionally short-staffed, usually leaving response instances slower. Planning to establish and reply to incidents beneath such restrictions makes for good preparation.
“Whereas the danger of errors by an insider is decrease when workers of a corporation are out of workplace, we see an even bigger danger if the tasks of workers within the IT or IT safety departments … are mishandled or just ignored, opening up weaknesses for attackers to abuse,” he says.
Corporations ought to be clear of their delegation of duties when there’s a scarcity of cybersecurity specialists and set up clear protocols for communications, Hasbini says.
