As the Islamic calendar’s final month, Dhu al-Hijjah, commenced on June 7, it marked not only the countdown for millions of Muslims embarking on the Hajj pilgrimage but also a period of heightened cybersecurity threats. Cybercriminals and cyber-espionage actors exploit the increased online activity and the reduced vigilance of businesses and government agencies during this time, posing significant risks.
During the Hajj season, cyber threats escalate, targeting both pilgrims and a variety of businesses. This year, the threat landscape was exemplified by a significant data breach.
On June 3, cyberthreat actors leaked personal information of 168 million users from “The Hajj and Pilgrimage Organization in Iran,” according to cybersecurity firm Kaspersky. This breach underscores the dual nature of cyber threats during Hajj: exploiting pilgrims and taking advantage of reduced cybersecurity resources in businesses and government agencies.
“Companies in the Middle East and other regions need to exert extra caution during holiday seasons such as Hajj,” says Amin Hasbini, head of Kaspersky’s global research and analysis team for the Middle East, Turkey, and Africa. “The absence of certain employees needs to be accounted for to ensure smooth operations and maintain security efficiency and productivity.”
The Hajj pilgrimage, starting on the eighth day of Dhu al-Hijjah and lasting four to six days, coincides with nearly a week of religious holidays for an estimated 2 billion Muslims worldwide. While cybersecurity threats to Saudi Arabia and other regional countries decrease by as much as 30% during Hajj, they quickly rebound. In 2022, cyberattacks surged to more than 2 million during Dhu al-Hijjah after the Hajj pilgrimage reopened post-pandemic.
Although Saudi Arabia did not report specific cyberattack data for 2023, similar trends were observed in other countries. “Annually, there’s a significant surge in cybersecurity incidents reported by multiple security organizations in the Middle East,” notes Shilpi Handa, associate research director for security at IDC’s Middle East, Turkey, and Africa group. “Similar findings are reported all over the region after the conclusion of Hajj each year.”
Cyber threats associated with the Hajj begin early in the year. Cybercriminals exploit Muslim adherents planning their pilgrimage, using fake travel agencies, social media scams, and fraudulent online registration sites. In response, Saudi Arabia’s Ministry of Hajj and Umrah launched the government platform Nusuk, connecting prospective pilgrims with legitimate operators and significantly reducing fraud.
However, advanced threat actors continue to use Hajj-related messages to lure employees into opening malicious links and attachments. From January to May 2024, for instance, an India-linked threat group — known as Sidewinder or Rattlesnake — used Hajj-related emails to target users in Asia and Africa, according to Kaspersky.
The widespread use of business emails in personal web forms exacerbates the problem. “It’s concerning how many employees use their business email on personal websites,” says Shawn Loveland, COO of Resecurity, a global cybersecurity service provider. “If their PII gets scammed, now the threat actors know where you work. … Employers should be helping to educate their employees about online fraud, because in addition to protecting the employee, it will protect the business.”
Resecurity has been proactive in combating Hajj-related fraud, detecting and blocking more than 630 social media accounts publishing scams targeting pilgrims.
Recognizing the heightened risk, Saudi Arabia’s National Cybersecurity Authority (NCA) conducted a comprehensive cyber exercise involving more than 200 agencies and over 600 officials and specialists, focusing on cybersecurity during the Hajj season. These drills, conducted across the region, aim to counter cyberattacks and prepare for potential cyber incidents.
“Drills are being conducted across the region to counter cyberattacks,” says IDC’s Handa. The government established a 24/7 cyber-operations room to monitor and analyze threats, share results with national agencies, and allocate cyber-incident response teams.
Businesses should take note of Saudi Arabia’s robust approach. Despite a temporary drop in attacks around Hajj, reduced staffing in security teams can slow response times. Proper planning to identify and respond to incidents under such constraints is crucial.
“While the risk of mistakes by an insider is lower when employees of an organization are out of office, we see a bigger risk if the responsibilities of employees in the IT or IT security departments … are mishandled or simply ignored, opening up weaknesses for attackers to abuse,” says Hasbini. Clear delegation of duties and communication protocols are essential for maintaining cybersecurity during periods of reduced staffing.
In conclusion, as millions of Muslims prepare for the Hajj pilgrimage, governments and businesses must tighten their cybersecurity measures to counter the increased threats. By learning from Saudi Arabia’s proactive stance and ensuring robust planning and employee education, the risks can be significantly mitigated during this critical period.
You may also like:- How to Choose the Best Penetration Testing Tool for Your Business
- Top 8 Cybersecurity Testing Tools for 2024
- How To Parse FortiGate Firewall Logs with Logstash
- Categorizing IPs with Logstash – Private, Public, and GeoIP Enrichment
- 9 Rules of Engagement for Penetration Testing
- Google vs. Oracle – The Epic Copyright Battle That Shaped the Tech World
- Introducing ChatGPT Search – Your New Gateway to Instant, Up-to-date Information
- Python Has Surpassed JavaScript as the No. 1 Language on GitHub
- [Solution] Missing logstash-plain.log File in Logstash
- Top 7 Essential Tips for a Successful Website