11 hours ago
Israel-Iran conflict: Cyberwarfare will continue despite ceasefire, experts say
A ceasefire has been announced to de-escalate the Iran-Israel conflict. While guns may have fallen silent and formal hostilities eased, cyberspace remains an active warzone, cybersecurity experts noted. They warned that hacking attempts, espionage operations, and sabotage efforts will not only continue, but can also intensify under the radar.
'The illusion of peace doesn't extend to cyberspace,' noted Marwan Hachem, co-founder and COO of Dubai-based cybersecurity services provider FearsOff.
'Even amid peace talks and ceasefires, the digital battlefield remains live, operating in shadows. The era of silent digital aggression has arrived, and even allies may become targets in this murky domain of quiet offensives. In fact, we expect cyber operations to grow more aggressive, only more covert. Silence is no indicator of safety,' he added.
Long-drawn cyberwarfare
Speaking to Khaleej Times on the sidelines of FutureSec Summit 2025 in Dubai on Wednesday, Ahmed Khalil, a Dubai cybersecurity expert who has advised regional governments and energy firms across the GCC, pointed out digital offensives are no longer just about disruption, but long-term positioning.
'Cyberattacks thrive in grey zones,' he noted, explaining: 'Ceasefires may reduce visible conflict, but they create perfect cover for digital incursions, allowing adversaries to quietly map infrastructure, compromise communication networks, and plant malware for future use. It's a game of patience, preparation, and plausible deniability.'
Khalil advised governments and private sectors alike to rethink their defence strategies, given the new dynamics of digital attacks against critical infrastructure, including power grids, communication networks, financial systems, state security, health care systems, and more.
'Traditional security measures focused on active conflict periods are no longer sufficient. Organisations must remain vigilant at all times, investing in continuous monitoring, threat intelligence sharing, and rapid response capabilities to stay ahead of increasingly sophisticated and stealthy cyber threats,' Khalil underscored.
Complex and sophisticated cyber attacks
Another Dubai-based cybersecurity expert, Rayad Kamal Ayub, gave a succinct scenario, noting that cyberattacks have become more sophisticated in targeting industrial control systems (ICS) since the time the computer worm Stuxnet was first made known to the world back in 2010.
Stuxnet is a malicious computer worm that was originally aimed at Iran's nuclear facilities, and has since mutated and spread to other industrial and energy-producing electro-mechanical equipment, noted Ayub.
'Stuxnet and the Russian attacks on Ukraine serve as prime examples of how advanced and resource-intensive these cyber maneuvers can be. They require extensive intelligence gathering and a deep understanding of the targeted systems that make them more effective,' he added.
Ayub, who is also the managing director of Rayad Group, also pointed out the rise of the so-called 'wipers' as 'tools for destruction'. A wiper is malware that deletes or destroys an organisation's access to files and data.
'These attacks can cause significant disruption by targeting data integrity without necessarily damaging physical systems. The example of NotPetya (2017 Ukraine ransomware attacks ) illustrates how devastating a wiper can be, especially when it spreads unexpectedly across networks, leading to extensive recovery efforts,' Ayub pointed out.
Be vigilant of doomsday scenario
Ayub underscored that while sophisticated cyberattacks on industrial systems remain complex and resource-intensive, the evolving landscape of cybersecurity threats seems to favor less direct yet disruptive methods like wipers.
'This highlights the necessity for organisations to maintain robust cybersecurity measures and preparedness to mitigate such risks effectively,' he adding, underlining: 'We should, however, be cautious of rumors that would classify every tech failure as cyberattack and paint a doomsday scenario.'
Ayub pointed out the unique nature of ICS—ranging from different manufacturers to varying protocols and programming languages—makes it difficult to create a universal malware solution that can disrupt multiple systems. This is compounded by the fact that once an attack is executed, the targeted entities typically enhance their defenses, making it challenging to reuse the same tactics.
'Sophisticated attacks have become less effective against well-prepared targets. With advancements in mitigation and infrastructure improvements, the potential impact of these attacks on major organisations is considerably reduced,' he continued.
