As geopolitical tensions continue to escalate across the Middle East, cyber attacks have become an increasingly visible extension of regional conflict. Governments, telecoms operators, financial institutions and critical infrastructure providers across the Gulf are facing a sustained wave of digital disruption campaigns, many of which are linked to politically motivated hacktivism, opportunistic cyber criminal groups and state-aligned actors.
The cyber dimension of regional instability has intensified since the outbreak and expansion of conflicts across the Middle East, with Gulf nations experiencing a sharp increase in attempted attacks targeting public services, energy systems, transportation networks and online platforms. In the UAE alone, authorities reported in April 2026 that cyber attacks had tripled to approximately 600,000 incidents per day, underlining the scale of the pressure now facing the region’s digital infrastructure.
Among the most persistent threats are distributed denial-of-service (DDoS) attacks, which are increasingly being used not only to disrupt services, but also to test resilience, overwhelm response teams and create operational uncertainty.
According to Gaurav Mohan, senior vice-president of sales for APAC, India and the Middle East at Netscout, the nature of DDoS attacks has fundamentally changed. “For a long time, the discussion around DDoS focused on scale. Higher bandwidth, larger floods, new records,” he said. “Now, this framing is no longer sufficient. The defining factor today is not how large an attack can become, but how easily it can be launched and how often it can be repeated.”
Recent attacks across the Gulf have demonstrated how widespread and persistent the problem has become. In several incidents, campaigns targeting more than 100 organisations unfolded within days, affecting sectors ranging from telecommunications and cloud providers to e-commerce and government services.
The shift, Mohan argues, is being driven by two major developments that reached operational maturity in 2025: the weaponisation of everyday connected devices and the growing use of artificial intelligence (AI) to simplify cyber attacks.
Home routers, internet-connected cameras and Wi-Fi devices are increasingly being compromised and assembled into large botnets capable of generating enormous traffic volumes. “Direct-path attacks exceeding 1Tbps are now part of normal activity,” Mohan noted.
This trend is placing growing pressure on the Gulf telecommunications infrastructure. Netscout data from the second half of 2025 showed that wired telecommunications carriers in the UAE were the most heavily targeted sector, recording 6,368 DDoS attacks, with average attack durations exceeding 1,000 minutes.
“This is not sporadic disruption. It is continuous operational strain,” Mohan said. Unlike traditional cyber threats that required specialised infrastructure or technical expertise, today’s attacks are becoming increasingly accessible. AI-powered conversational tools are lowering the barrier to entry by enabling users to configure attacks with natural language prompts.
“The deciding factor is no longer expertise, but intent,” Mohan said. “Compromised devices provide scale. AI reduces the barrier to entry. Together, they compress the gap between deciding to disrupt a service and being able to do so.”
The response to this threat environment does not lie in building ever larger capacity or preparing only for rare events. It lies in treating persistent network abuse as a normal operating condition
Gaurav Mohan, Netscout
This evolution is changing the way Gulf organisations must think about cyber resilience. The issue is no longer limited to inbound protection or isolated mitigation strategies. As compromised devices in enterprise or cloud environments unknowingly participate in attacks against third parties, questions about accountability, governance and operational oversight are becoming more urgent.
“When attack traffic originates from millions of distributed devices, responsibility becomes harder to define,” Mohan explained. “The distinction between victim and participant is no longer clear.”
This is particularly significant in the Gulf, where digital transformation programmes are deeply tied to national economic diversification agendas such as Saudi Arabia’s Vision 2030 and the UAE’s digital economy ambitions. Cloud infrastructure, smart city projects, digital government services and connected industries all depend on uninterrupted availability.
Even short periods of downtime can have widespread operational and economic consequences. The UAE recorded more than 10,000 disruption attempts in the second half of 2025 alone, reflecting what cyber security analysts increasingly describe as a condition of constant digital pressure rather than isolated attacks.
At the same time, DDoS activity is spreading beyond traditionally high-risk sectors. Retail, publishing and e-commerce organisations across the region are now being targeted alongside telecoms and government entities.
“The implication is simple,” Mohan said. “Any organisation that depends on online availability is now part of the threat landscape.”
Security leaders across the Gulf are therefore being forced to rethink resilience strategies. According to Mohan, organisations can no longer rely solely on periodic testing, static controls or scaling bandwidth capacity. “The response to this environment does not lie in building ever larger capacity or preparing only for rare events,” he said. “It lies in treating persistent network abuse as a normal operating condition.”
He argues that organisations must extend visibility beyond inbound traffic and continuously monitor how their own assets behave, including outbound activity originating from compromised systems.
“DDoS resilience is no longer a narrow operational issue,” Mohan added. “It requires executive ownership, continuous visibility and a clear understanding of how network assets behave.”
As cyber threats continue to evolve alongside geopolitical instability in the Middle East, Gulf organisations are entering a new reality in which disruption is persistent, accessible and increasingly difficult to predict. “The question is not whether infrastructure will face this pressure, but whether governance and response models reflect the reality that now exists,” Mohan said.
NCSC – no increase in cyber threat from Iran, but be prepared: While cyber threat levels remain stable following the outbreak of war in the Middle East at the weekend, at-risk organisations in the UK should take steps to ward off potential reprisals from Iran-linked threat actors.
