Understanding UAE’s Cyber Threat Landscape in 2025

Who should read this?

CEOs

CTOs

CISOs

Cyber Security Managers

The United Arab Emirates’ (UAE) digital landscape continues to evolve at a steady pace, shaped by ongoing investments in smart technologies and digital infrastructure. These advancements are creating new opportunities for businesses and improving daily life across the country, building a more connected and efficient ecosystem. As digital adoption deepens across sectors, the UAE is steadily strengthening its role in the regional technology environment, laying a strong foundation for future growth.

Yet, this rapid digital progress brings with it an increasing exposure to cyber threats. The rise in ransomware, phishing attacks, and data breaches in recent years highlights the urgent need for organizations to prioritize cyber security. As cyber crimes become more sophisticated, leaders must focus on building resilient defenses and fostering a culture of security awareness. In this article, we take a closer look at the major cyber incidents of 2024 and explore the key threats that demand attention in 2025 — equipping leaders with the insights needed to navigate this complex landscape.

Major Cyber Threats and Incidents in UAE 2024

This section highlights the major cyber threats and incidents that shaped the country’s landscape in 2024, drawing key insights from the “State of the UAE Cybersecurity Report 2025.”

• Ransomware attacks: Ransomware attackers in the UAE continued to evolve their tactics throughout 2024, making attacks more sophisticated and harder to detect. The year saw a significant rise in ransomware incidents, with new groups like DarkVault, Qilin, RansomEXX, and KillSec emerging. Ransomware attacks in the UAE increased by 32% in 2024 compared to the previous year, as per statistics from the UAE Cyber Security Council. While Lockbit3 remained active, its share of ransomware attacks in the UAE dropped from 31% in 2023 to 16% in 2024, showing that more diverse groups are now targeting the region. RansomHub also grew in influence, accounting for 13% of ransomware activity in 2024. Meanwhile, some groups active in 2023, like Clop and Alphv, saw a sharp decline or disappeared entirely, reflecting constant changes in the threat landscape.
• Costly data breaches: In 2024, data breaches in the UAE and the Middle East became more expensive, with the region having the second-highest costs in the world. On average, data breaches cost around US$4.88 million globally due to lost business opportunities, customer response efforts, and challenges in data visibility. One of the most significant incidents involved an alleged large-scale breach targeting multiple UAE government bodies, exposing sensitive personal information of officials and raising serious national security concerns.
• Infostealer malware: Infostealer malware emerged as a major cyber threat in the UAE throughout 2024, with RedLine Stealer leading as the most widespread, responsible for nearly 70% of infections. Other notable infostealers like META, Lumma, and Vidar also contributed significantly to the threat landscape. These malware strains target users’ sensitive information, including passwords, by silently stealing data from infected systems. Interestingly, most of the stolen passwords—over 77%—met recommended security standards for length, showing that even strong passwords can be compromised if exposed through malware.
• DLL search order hijacking: In the first half of 2024, cyber security teams detected a campaign linked to an Iranian threat actor using backdoors called MINIBUS and MINBIKE. The attackers sent spear-phishing emails containing fake job offers to trick victims into downloading malicious software. To stay hidden and maintain access, the attackers used a technique called DLL search order hijacking, where they placed harmful files (DLLs) inside folders of legitimate applications like Microsoft Office and OneDrive. This method tricks the system into loading the malicious files instead of the real ones, helping attackers avoid detection. They also used Microsoft’s Azure cloud services to secretly communicate with compromised computers.
• Phishing campaigns: In 2024, phishing campaigns targeting multiple organizations in the UAE increased sharply. Attackers mainly used spear-phishing emails impersonating Microsoft 365 to steal user credentials. These stolen credentials were then used to access email and VPN services, allowing attackers to access and steal critical data. High volumes of payment card phishing attacks also targeted customers by pretending to be well-known local companies such as Etisalat, DEWA, Aramex UAE, and DHL. A notable incident occurred in May 2024, when phishing emails carrying ZIP attachments with malicious executables were used to install LockBit Black ransomware, causing widespread disruption.

Key Cyber Threats to Watch for in 2025

• AI-generated malware: AI is increasingly being used to develop malware that can adapt its behavior dynamically to evade detection by traditional security tools. Attackers leverage AI to make malware smarter and more difficult to identify, allowing longer undetected access to systems and sensitive data. A prominent example is polymorphic malware, which continuously rewrites its own code in real time to bypass antivirus and endpoint protections. This evolving threat highlights the need for advanced detection methods and proactive cyber security measures to effectively protect against such sophisticated attacks.
• Increasing ransomware threats across critical sectors: Ransomware attacks are expected to continue rising, with threat actors using advanced encryption and stealth techniques to disrupt critical systems. The UAE experienced a significant increase in ransomware incidents in 2024, highlighting the growing risk to sectors like finance, telecommunications, government, and critical infrastructure. Financial institutions remain key targets due to the sensitive data they manage and the high potential for substantial ransom payments. The rise in sophisticated ransomware techniques makes detection and response more challenging. While critical sectors are particularly targeted, it’s advisable that all sectors remain vigilant and prepared for evolving ransomware threats.
• AI-powered phishing & deepfake scams: AI-powered phishing attacks are becoming increasingly sophisticated in 2025, using artificial intelligence to craft highly personalized and convincing emails that bypass traditional security filters. Attackers exploit AI to generate context-aware messages that trick employees and executives into revealing sensitive information or clicking malicious links. Deepfake technology is also being used to impersonate trusted individuals, such as corporate leaders, to commit fraud or manipulate victims. A notable incident involved a deepfake audio attack impersonating a UAE corporate executive, tricking employees into transferring funds to fraudulent accounts.
• AI-driven techniques in Advanced Persistent Threats (APT): State-sponsored groups are increasingly using AI to enhance their cyber attack strategies. AI helps automate tasks like scanning for vulnerabilities, identifying exploits, and moving stealthily within networks. This automation makes attacks more efficient and harder to detect. For example, some APT groups have used AI tools to map weaknesses in critical infrastructure, including operational technology (OT) environments. This growing use of AI in APTs presents a significant risk to national security and important economic systems.

Embracing Security as a Core Responsibility

The major cyber threats and incidents that have impacted the country over the past year serve as critical reminders of the vulnerabilities that still exist and the urgent need for heightened vigilance moving forward. While these events shed light on specific areas requiring immediate attention, they represent only a fraction of the broader and ever-evolving cyber security landscape—one that is inherently unpredictable and constantly shifting.

However, one of the greatest challenges lies not only in technology or processes but in culture. Convenience and overconfidence often tempt individuals and teams to bypass essential safety procedures, unintentionally opening the door to potential breaches. Changing this mindset is imperative. For leadership, the task is clear: building and supporting a culture of security awareness and accountability must be a top priority. Only through this collective effort can organizations truly prepare themselves for the emerging challenges that lie ahead.