As companies and individuals embrace smart technologies, cybercriminals are quick to exploit new vulnerabilities.

From phishing schemes to large-scale ransomware attacks, cybercrime in the UAE has surged and it’s changing the way authorities, businesses, and everyday users think about digital safety.

Numbers And Facts: Growth Of Cybercrime In The UAE Over The Last 5 Years

The scale of the problem is staggering. Over the past five years, the UAE has seen more than a 200% increase in cyber incidents.

In 2020, authorities reported approximately 5,000 cases. By 2024, that figure had tripled.

Phishing and ransomware are leading the wave. Attacks on personal data, banking apps, and cloud systems have become routine.

The financial damage both to individuals and corporations runs into billions of dirhams.

Behind the numbers is a clear trend: cybercrime is not only increasing in volume it’s becoming more complex and targeted.

Why The UAE? Weaknesses In The Digital Economy

The UAE’s ambition to become a global tech leader brings undeniable benefits. But it also presents an attractive target.

With millions of residents and businesses relying on interconnected platforms, even small vulnerabilities can become doorways for major breaches.

Smart cities, AI infrastructure, blockchain systems they all generate and store massive amounts of data. In many cases, this data travels across borders or is stored in cloud environments that may not be adequately secured.

Remote work, now common across the Emirates, often means employees access sensitive company data from personal devices.

Without proper safeguards, this can quickly become a weak spot.

Main Types Of Cyberthreats: From Phishing To Extortion

Cybercriminals don’t rely on just one tactic. Their methods shift constantly, adapting to new technologies and exploiting the weakest link usually people, not machines.

Among the most frequent and damaging cyberthreats are the following.

Before going through them, it’s important to recognise a common thread: most successful attacks rely not only on code, but on trust, distraction, and psychological manipulation.

That makes awareness a crucial line of defense.

1. Phishing emails
   Fake messages that appear to come from trusted sources banks, telecoms, or colleagues trick users into clicking malicious links or sharing credentials. In the UAE, phishing often mimics government portals or local service providers.
2. Ransomware
   Malware that locks access to files or systems until a ransom is paid. Victims in the UAE include hospitals, law firms, and construction companies. Advanced versions even target backups.
3. Business Email Compromise (BEC)
   Hackers impersonate executives or finance staff via email to trick employees into transferring funds or data. These attacks are common in international trade sectors.
4. DDoS attacks
   A flood of traffic overwhelms websites or systems, causing downtime. Some attackers demand payment to stop. Government and fintech platforms in the UAE have been targeted, especially during holidays.
5. Insider threats
   Employees intentionally or by accident can expose or misuse data. Often, they’re manipulated by outside actors. Lack of access control and monitoring makes organisations more vulnerable.

Each of these threats can have devastating consequences. Financial losses are only part of the story.

Reputational damage, legal exposure, and operational downtime often follow. And for small businesses, a single breach can mean closure.

How UAE Authorities Respond: Laws And Special Units

The UAE’s government has taken proactive steps to address the cybercrime explosion. A number of key initiatives and legal reforms have been launched in recent years.

The Emirates Cybersecurity Council introduced new policies requiring incident reporting, especially for critical infrastructure.

In parallel, the National Electronic Security Authority strengthened its partnership with the private sector.

Citizens and companies who become victims now have clear guidance on how to report cyber crime in UAE.

The process is straightforward and can often be done online, through official government portals or directly through police cyber units.

Special task forces have also been set up to identify and arrest perpetrators both inside and outside the UAE.

The law is strict: cybercriminals can face heavy fines, asset seizure, and even prison sentences.

Recommendations For Individuals And Companies: How To Protect Yourself

Awareness is the first step. Prevention is the second. While no system is 100% secure, there are clear ways to lower your risk.

To stay protected, consider these steps:

• Use multi-factor authentication (MFA) for email, banking, and cloud systems;
  
• Keep all software and devices updated with the latest patches;
  
• Back up critical data regularly, both online and offline;
  
• Train employees to detect social engineering and phishing attempts;
  
• Limit user access rights and monitor sensitive activities.
  
• It’s also crucial to have a response plan. If a breach does occur, knowing what to do and who to contact can reduce damage significantly.

For more comprehensive guidance on penalties, reporting, and defense strategies, explore the cybercrime law UAE section on DubaiExtradition.

The post Rise Of Cybercrime In The UAE: Why High-Tech Nations Attract Hackers appeared first on Cyber Security News.

As part of Operation PowerOFF, an ongoing international crackdown coordinated by Europol, authorities have seized 27 of the most popular platforms used to carry out these attacks.

These platforms, known as ‘booter’ and ‘stresser’ websites, enabled cybercriminals and hacktivists to flood targets with illegal traffic, rendering websites and other web-based services inaccessible.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

The operation, involving 15 countries, targeted all levels of those engaged in this crime.

• 27 booter and stresser websites were taken down, including zdstresser.net, orbitalstress.net, and starkstresser.net
• Three administrators arrested in France and Germany
• Over 300 users were identified for planned operational activities

The festive season has long been a peak period for hackers to carry out some of their most disruptive DDoS attacks, causing severe financial loss, reputational damage, and operational chaos for their victims.

Motivations for these attacks range from economic sabotage and financial gain to ideological reasons, as demonstrated by hacktivist collectives such as Killnet or Anonymous Sudan.

Europol played a pivotal role in coordinating this international effort. The European Cybercrime Centre (EC3) facilitated operational meetings and organized intensive one-week technical sprints to develop investigative leads.

Europol also provided analytical support, crypto-tracing expertise, and forensic assistance while facilitating information exchange through the Joint Cybercrime Action Taskforce (J-CAT).

Operation PowerOFF not only focuses on dismantling the infrastructure supporting these attacks but also takes proactive steps to prevent further incidents.

Law enforcement is launching an online ad campaign aimed at deterring individuals from engaging in such activities.

The campaign will use Google search ads and YouTube ads to target potential offenders where they are most active online.

In addition to digital interventions, other methods such as knock-and-talks, more than 250 warning letters, and over 2,000 emails will be used to reach users of illegal services.

This operation is part of a continuing effort to combat cybercrime. Just last month, Operation PowerOFF announced the seizure of Dstat.cc, one of the largest DDoS-for-hire platforms, and the arrest of two suspects closely linked to it.

Operation PowerOFF demonstrates a comprehensive approach by law enforcement to tackle this threat, from dismantling illegal platforms to preventing future attacks through education and deterrence.

As cybercriminals continue to evolve their tactics, law enforcement agencies worldwide remain vigilant in their efforts to protect online spaces and prevent disruptive attacks.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

The post Europol Shuts Down 27 DDoS Attack Platform Providers, Admins Arrested appeared first on Cyber Security News.

HUMAN’s Satori Threat Intelligence and Research team recently discovered that hackers have created 100+ fake web stores to steal millions of dollars from customers.

100+ Fake Web Stores to Steal Data

A sophisticated cybercrime operation dubbed “Phish ‘n’ Ships” was uncovered recently. It operated through a network of fraudulent e-commerce platforms (“fake web shops”) exploiting digital payment processing systems.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

The threat actors, using tools with Simplified Chinese interfaces, implemented a multi-layered attack strategy in which they compromised legitimate websites via “vulnerability exploitation” by injecting malicious code (payload) that generated fake product listings. 

These listings were enhanced with “SEO metadata” by manipulating search algorithms to achieve premium positioning in search results.

When users clicked these listings, they were redirected via a sophisticated “traffic forwarding” system to threat actor-controlled domains featuring fraudulent storefronts. 

These stores integrated with four specifically targeted third-party payment processors to capture consumers’ “credit card information” and “PII” via a seemingly legitimate checkout process. 

The operation’s infrastructure included over “1,000 compromised legitimate websites” and “121 fabricated e-commerce platforms,” resulting in estimated financial losses exceeding tens of millions of dollars since its inception in 2019. 

The threat actors employed “advanced web injection” techniques, “SSL certificate spoofing,” and “dynamic content generation” to create convincing fake product listings and reviews that automatically updated to maintain authenticity. 

Through Satori’s intervention and collaboration with payment processors, the cybersecurity communities and law enforcement agencies managed to disrupt the operation’s primary infrastructure. While this forced the threat actors to seek alternative attack vectors. 

This case illustrates the intersection of cybercrime with digital advertising ecosystems by highlighting the vulnerabilities in “e-commerce security frameworks” and the sophisticated nature of “modern financial fraud operations.”

The Phish ‘n’ Ships attack is a complex, multi-stage scheme that begins with the infection of legitimate websites and allows the threat actors to upload “malicious scripts” and “create fake product listings.”

These scripts use “malicious SEO tactics” to boost the rankings of the fake listings in search results, including “image search.” 

When unsuspecting users click on these listings, they are redirected to websites controlled by the threat actors.

These scripts redirect the user to one of several “hundred fake web stores” that use specific URL patterns to identify the associated stores like:-

• product.aspx?cname=<ID>
• product_details/<ID>.html

At the final stage, the users are forwarded to a checkout page on a “semi-legitimate website” affiliated with the threat actors, where they are instructed to complete the order via a “real payment provider.” 

This enables the threat actors to capture the users’ payment card information, either by abusing the “payment processor gateway” or by “collecting it directly.” 

The threat actors have used a variety of tools to facilitate this scheme as well as diversified cashout methods across multiple payment providers. 

While collaborative efforts have partially disrupted the operation, the threat actors may adapt their tactics, requiring ongoing vigilance to fully combat the Phish ‘n’ Ships attack.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

The post Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars appeared first on Cyber Security News.

Established in March 2022, BreachForums quickly became a hub for cybercriminals trading in stolen data. The forum has seen a series of administrators, each with their own fate, as detailed below.

BreachForums has been a target of extensive law enforcement efforts. The FBI, along with international agencies, has seized the site multiple times, most recently in May 2024.

It served as a marketplace for illicit activities, impacting millions globally by facilitating data breaches and cyber-attacks.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

PomPomPurin: The Founder

The saga began with PomPomPurin, the founder of BreachForums. After the FBI shut down RaidForums in 2022, PomPomPurin launched BreachForums as its successor.

However, in March 2023, PomPomPurin was arrested by the FBI. Identified as Conor Brian Fitzpatrick from New York, he was sentenced in January 2024 to 20 years of supervised release.

Although he avoided prison time, Fitzpatrick must serve two years under house arrest and is banned from using the internet for the first year.

Baphomet: The Mysterious Disappearance

Following PomPomPurin’s arrest, Baphomet took over as administrator. Suspecting that the FBI had infiltrated the forum’s infrastructure, Baphomet shut down the first version of BreachForums.

By June 2023, Baphomet partnered with ShinyHunters to launch a second version of the forum. However, this too was short-lived; by May 2024, it was seized by the FBI.

Baphomet has since disappeared without a trace, leading to speculation about his possible arrest or even his role as a federal undercover agent.

ShinyHunters: A Brief Tenure

After the second version was closed by the FBI, ShinyHunters briefly revived BreachForums.

Despite successfully regaining access to its domain in a battle with the FBI, this third iteration lasted less than a month before becoming inaccessible again in June 2024.

Amidst rumors that the forum had turned into an FBI honeypot, ShinyHunters announced retirement due to mounting pressure and handed over control to another administrator known as Anastasia.

Anastasia: Vanished Without A Trace

The fourth administrator, Anastasia, remains an enigma. Little is known about this figure except for claims that Anastasia is linked to former administrators.

Following ShinyHunters‘ departure, Anastasia took over but soon disappeared without leaving any clues about their whereabouts or intentions.

IntelBroker: The Current Operator

The latest known operator is IntelBroker. Details about IntelBroker remain scarce as they manage operations discreetly on both dark web and open web platforms.

As law enforcement continues to crack down on cybercrime forums like BreachForums, these revelations highlight the ongoing cat-and-mouse game between authorities and cyber criminals.

Each administrator’s experience highlights the unpredictable and dangerous nature of operating within such illegal networks, according to reports.

While the future of BreachForums remains uncertain, its history serves as a stark reminder of the challenges faced by law enforcement in combating cybercrime on the dark web.

As investigations continue and more details emerge, only time will tell what lies ahead for those involved in this shadowy digital underworld.

Strategies to Protect Websites & APIs from Malware Attack => Free Webinar

The post New Exclusive Report Reveals Administrators Of BreachForums appeared first on Cyber Security News.

The company’s main product features robust and rapid machine learning models that can adapt to new CAPTCHA challenges and facilitate volumetric and brute force bot attacks in segmentation.

These tools help accomplish various illicit activities like the stealing of one’s account and opening up fake accounts at a certain institution.

Arkose Labs’ threat research unit ACTIR has recently discovered “Greasy Opal” which enabled threat actors to create over 750 million fake Microsoft accounts.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

750 Million Fake Microsoft Accounts

While not directly engaging in attacks, Greasy Opal’s products cater to a wide range of clients, including known bad actors and competing CAPTCHA-solving services.

ACTIR has observed that attackers utilizing Greasy Opal’s solutions can rapidly deploy large-scale bot networks, significantly intensifying the global threat of sophisticated cybercrime.

This particular business practice of assisting crime rings has helped position Greasy Opal on the rise to be one of the critical enablers of the changing ideas regarding the threat on digital security.

Greasy Opal offers inexpensive and effective tools for solving CAPTCHAs that are used by threat actors when trying to overcome the security systems of various organizations.

Besides this, the software employs enhanced OCR and smart machine learning technologies, which work with datasets that are labeled by crowds, to solve text-based CAPTCHAs successfully.

For $70, a customer can buy the basic toolkit, which contains the key features, and go all the way up to $190 for a comprehensive pack; not only that even it also offers a $10 monthly pack, it is certainly apparent why services Greasy Opal offer are not free from bot attacks in social media and other networks that involve gaming, financial activities, and gig engagement.

With the help of a custom browser, the company’s toolkit aids in the incorporation of more extensive browser automation systems like Bablesoft’s Browser Automation Suite (BAS), which eases attackers’ tasks.

ACTIR researchers estimated that Greasy Opal’s revenue is projected to be $1.7 million for 2023, and its application has been seen in massive cybercrimes, including 750 million fake Microsoft accounts created by Storm-1152 from Vietnam.

The ACTIR is constantly finding ways to combat AI-based cyberattack tools developed by Greasy Opal and has implemented these strategies by designing new SAT CAPTCHAs and running measures intended to discover the flaws of Greasy Opal’s machine learning models.

The group presented in Greasy Opal renders improper businesses’ available technology for cyberattack, employing additional deep learning and OCR techniques enhanced with a crowd to interpret the models.

However, Greasy Opal’s technology’s CPU-based structure limits expansion compared with the GPU-based one, which poses a risk.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

The post Greasy Opal, Hackers Created 750 Million Fake Microsoft Accounts appeared first on Cyber Security News.

The operation, aptly named “PowerOFF,” successfully dismantled a criminal online platform in Germany and abroad. 

This platform had been facilitating the sale of destructive Distributed Denial of Service (DDoS) attacks to willing buyers.

DDoS attacks are a nasty form of cyber assault. In these attacks, hackers flood a target server or network with overwhelming requests. 

The sheer magnitude of incoming traffic saturates the system, rendering it temporarily or permanently unavailable to legitimate users.

These attackers would then unleash a barrage of requests, overwhelming the targeted website or service.

The consequences were severe: websites would become inaccessible, businesses would suffer financial losses, and users would be left frustrated.

The Saxon Police Incident

On September 28th, 2023, the Saxon police department’s website was subjected to a relentless Distributed Denial of Service (DDoS) attack.

Acquired via the criminal platform, the assault temporarily rendered the police website unavailable. 

Fortunately, no sensitive data belonging to individuals or companies was compromised during this half-hour siege. Global Collaboration and IT Infrastructure Takedown

“PowerOFF” represents a coordinated international effort. Key players include:

In a joint effort to combat cybercrime, U.S. law enforcement agencies partnered with their European counterparts to identify and neutralize a significant threat.

The European Union Agency for Law Enforcement Cooperation, or Europol, was crucial in coordinating efforts across borders.

The German Federal Criminal Police Office lent their expertise to the operation, while the Dutch National Police Corps worked tirelessly to track down the platform’s operators.

The United Kingdom’s National Crime Agency also played a significant role in the investigation. Poland’s cybercrime experts joined forces to dismantle the criminal infrastructure.

Although the platform is no longer operational, the pursuit of its operators continues as law enforcement agencies remain vigilant in the fight against cybercrime.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

The post Authorities Seized Platform Used For Paid DDoS appeared first on Cyber Security News.

This gave buyers control over the victims’ computers and allowed them to view the victims’ login credentials, private messages, and other personal data.

The 24-year-old Van Nuys resident Edmond Chakhmakhchyan, also known by his screen name “Corruption,” was taken into custody on Wednesday. The Australian Federal Police (AFP) and the FBI collaborated on this cooperative law enforcement operation.

About four years ago, Chakhmakhchyan allegedly started working with the person who created the Hive RAT, also known as “Firebird.” 

The author advertised the RAT’s many features, specifically its ability to remotely access victim computers and intercept data and communications without the victim’s knowledge.

The FireBird RAT is highly functional malware with various capabilities. Cybercriminals may be able to get user-level access over a targeted machine. 

This malicious malware can manage the Windows Registry, which holds data, settings, and other items related to installed hardware and software. As a result, it may issue commands to manage connected hardware and install and remove apps.

Promoting the Hive Remote Access Trojan (RAT) on the “Hack Forums”

According to the indictment, Chakhmakhchyan and the creator of the malware allegedly came to an agreement whereby Chakhmakhchyan would promote the Hive remote access trojan (RAT) on the “Hack Forums” website, take Bitcoin payments for licenses to use the RAT and offer customer support to those who bought the licenses.

In particular, the malware buyers would transfer Hive RAT to secured systems and obtain unauthorized access to these systems. 

From there, the RAT buyer may close or disable applications, peruse files, log keystrokes, access incoming and outgoing communications, and obtain victim passwords and other login credentials for cryptocurrency wallets and bank accounts, all without the victims’ knowledge or consent.

As per the indictment, Chakhmakhchyan emailed buyers after promoting the Hive RAT. 

He clarified to one of the buyers that the malware let “the Hive RAT user access another person’s computer without that person knowing about the access.” 

Chakhmakhchyan agreed to sell the Hive RAT after the buyer informed him that the victim had project files valued at over $5,000 and $20,000 in Bitcoin kept in a blockchain wallet. It is said that Chakhmakhchyan also sold a license for the Hive RAT to a law enforcement agency undercover agent.

Chakhmakhchyan is Accused Of Conspiracy

 “The indictment specifically charges Chakhmakhchyan with one count of conspiracy – to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer, and to intentionally access a computer to obtain information – as well as one count of advertising a device as an interception device”, the U. S Department of Justice.

The maximum statutory penalty for each count is five years in federal prison.

The defendant is deemed innocent unless and until they are proven guilty beyond a reasonable doubt in a court of law, and an indictment is only an allegation.

The Commonwealth Director of Public Prosecutions will handle the prosecution of an Australian national who has been charged by the Australian Federal Police with involvement in the development and selling of the malware.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

The post Developer Of Hive RAT Arrested By Authorities for Stealing Login Credentials appeared first on Cyber Security News.

The group, which masqueraded as a legitimate tech company named Shtazi-IT, specialized in the development of various digital services, including landing pages, mobile apps, and online stores.

This operation marks a critical step in the global fight against ransomware, highlighting the increasing effectiveness of law enforcement in tracking and neutralizing cyber threats.

The Arrests and Investigation

The arrests were the culmination of a collaborative investigation involving F.A.C.C.T., a Russia-based cybersecurity firm, and other authorities.

F.A.C.C.T. played a pivotal role in uncovering the activities of the SugarLocker gang. The individuals apprehended were known by the nicknames blade_runner, GustaveDore, and JimJones.

They face charges related to the creation, use, and distribution of malicious computer programs, with potential prison sentences of up to four years if found guilty.

The investigation remains ongoing, with authorities continuing to gather evidence and explore the full extent of the group’s activities.

SugarLocker’s Operations

SugarLocker has been active since at least 2021, operating under the ransomware-as-a-service (RaaS) model. This approach involves offering malicious tools for a fee or a share of the ransom payments collected by criminals.

The group’s malware primarily targeted victims through the Remote Desktop Protocol (RDP), allowing for remote access and control over computers.

Notably, SugarLocker pledged not to attack Eastern European countries, with the exception of the Baltic States and Poland and did not operate a data leak site, making it challenging to identify their victims.

The group’s profit-sharing model was particularly lucrative, receiving 30% of its customers’ profits or 10% if they exceeded $5 million.

This financial motivation underscores the purely business-oriented nature of their operations, as stated in their ransom note: “It’s just a business. We absolutely do not care about you and your deals… If you do not cooperate with our service, for us, it does not matter. But you will lose your time and data.”

The dismantling of the SugarLocker ransomware group is a significant victory for cybersecurity and law enforcement agencies worldwide.

It sends a strong message to cybercriminals about the increasing risks of engaging in ransomware activities and the growing capabilities of authorities to track and prosecute them.

This operation also highlights the importance of international collaboration and the role of private cybersecurity firms in combating cyber threats.

As the investigation continues, the cybersecurity community will be watching closely for further developments and insights into the tactics and strategies employed by ransomware gangs.

The success of this operation may also encourage more proactive measures and cooperation between different countries and organizations to address the global challenge of ransomware.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Authorities Dismantled SugarLocker Ransomware Group appeared first on Cyber Security News.