Dr Emad Fahmy, regional director, Middle East, NETSCOUT/Image: Supplied
Cyberattacks targeting the Gulf’s critical digital infrastructure are increasing in both scale and sophistication, with the UAE emerging as one of the most targeted countries in the world. According to NETSCOUT, the UAE recorded the longest average DDoS (Distributed Denial of Service) attack duration — 27 minutes — a figure that highlights the region’s growing strategic importance and vulnerability to cyber disruption.
“This region is very central and strategic in terms of business and so this makes it a target for attackers,” said Dr Emad Fahmy, regional director, Middle East, NETSCOUT.
He explained that the Gulf’s growing reliance on digital ecosystems and AI-driven services makes it particularly appealing for cybercriminals seeking high-impact targets. “The UAE here is one of the leading countries in terms of AI and analytics, and all the businesses run online, which gives an opportunity for attackers to try to bring everything down,” he added.
High-value targets under pressure
The company’s research shows that there were 3,477 DDoS attacks launched in just six months. The financial and healthcare sectors remain among the most heavily impacted.
“If you see the financial sector, including the FinTech companies, it’s very critical — their business is done [online] in seconds and sometimes milliseconds,” said Dr Fahmy. “So bringing down their link or bandwidth is very crucial. Imagine that you are an investor trying to do an online transaction, and suddenly you find that the network is not working. All your efforts that you have been doing for months can be down in a few minutes.”
He warned that attacks on healthcare networks could have devastating consequences. “Imagine that the records of the patients are down, or the patients are trying to access online help, and then an attack comes and brings this connection down. This could be life-threatening, which is really serious,” he said.
The rise of multi-vector and AI-driven attacks
NETSCOUT has observed that cybercriminals are increasingly deploying multi-vector attacks, where multiple threat types are launched simultaneously to overwhelm security defences. “The multi-vector attacks are actually a series of attacks that are different in character and nature,” said Dr Fahmy.
“One of the attackers can target an application and bring it down, and in the same attack, launch another towards the firewalls to bring them down. These attacks together can be in one series of campaign, which is very dangerous because the teams have to deal with different types of attack traffic at the same time and have the intelligence to stop it.”
To counter this, NETSCOUT has introduced multi-layered defence architectures across enterprise, service provider, and cloud environments. “We are introducing the multi-layer attack detection and mitigation devices — one at the customer enterprise, the next layer at the service provider, and the third layer in the cloud,” he said. “We know how the attackers think, and we are ready for them.”
Fahmy noted that many of the large-scale “cyber sandstorms” observed in recent years are closely linked to global and regional geopolitical tensions. “Whenever you see political problems, you find attackers here and there trying to get hold of this political situation and claim that they have done it for some political reasons in order to get famous online,” he said.
“This is one of the triggers for such attacks, in addition to other triggers that are not related to the geopolitical situation,” he added.
NETSCOUT has been expanding its footprint across the Middle East, with operations in Kuwait, Egypt, Saudi Arabia, and the UAE now serving as strategic hubs.
“Egypt, with its geographic importance and huge infrastructure, and Kuwait, are both critical. We are also focusing on the UAE and Saudi Arabia, and we are seeing a huge number of attacks in terms of volume and frequency on these countries. For example, in Saudi Arabia we have seen 270,000 attacks in the first six months, with a peak size of half a terabit per second — 570 gigabits in particular — which is huge.”
AI-led defence: the next frontier
To address the evolving threat landscape, NETSCOUT has developed adaptive AI-based DDoS protection systems designed to detect and respond to attacks that shift tactics in real time.
“These attacks are changing their nature every few minutes, which makes them very hard for service providers and enterprises to stop,” Dr Fahmy said. “Attackers are using very advanced AI modules to do that. From our side, we have developed all our products with AI capability, which we call adaptive DDoS, in our products and in the cloud as well.”
He explained that this capability is powered by NETSCOUT’s ATLAS platform, a global network of over 500 service providers monitoring roughly 50 per cent of the world’s internet traffic. “This allows us to detect the newest attacks that are building around AI,” he added.
For Fahmy, the region’s digital leaders must now move from reactive to proactive cybersecurity strategies.
As Gulf economies continue to digitalise at an unprecedented pace, the challenge is clear: securing tomorrow’s connected economies will require more than vigilance — it will demand intelligence that learns and evolves as fast as the adversaries it faces.
