Hoda Rizk
War has always been something you could see and hear: flashes in the sky, sirens, breaking news alerts. Now, it is something you might not notice at all, like a slowed connection or a suspicious login.
On March 22, the UAE’s Cybersecurity Council issued a warning: the ongoing conflict with Iran is expanding into what officials describe as a “fifth domain”, one that reaches directly into people’s homes.
According to the Council, the shift toward remote work has birthed a 40% surge in cyberattacks targeting home networks.
In a briefing to the Emirates News Agency (WAM), officials noted that hackers have made a “strategic shift,” moving away from well-defended central systems to exploit the “soft underbelly” of the digital economy: the unsecured routers and personal devices of employees working from their living rooms.
Some 92% of experts now believe the remote-work model significantly heightens breach risks.
Roughly 38% of recent attacks have specifically targeted infrastructure such as Virtual Private Networks (VPNs) and home routers to intercept sensitive communications or steal credentials.
For a nation like the UAE, which has positioned itself as a global hub for digital finance and tech-driven logistics, these vulnerabilities are a threat to the state’s economic plumbing.
The Iranian Shadow
The UAE’s heightened vigilance arrives against a backdrop of escalating cyber-hostilities linked to the ongoing war with Iran.
While physical battles continue, a digital “Operation Epic Fury” is unfolding globally. State-linked actors and ideologically driven “hacktivists” are increasingly using malware as a substitute.
The reach of these groups is extensive. On March 11th, Stryker, an American medical technology giant, saw its global network disrupted.
According to the Wall Street Journal, employees were greeted not by login screens, but by the logo of Handala, a hacking group with documented links to Iran. This attack reportedly counted as a retaliatory strike for a missile attack on a girl school in Minab.
Iran’s digital arsenal is diverse. Reports from CloudSek, a cybersecurity firm, reveal that groups such as APT33 and the IRGC-backed CyberAv3ngers are actively targeting “industrial control systems”. In other words, they are targeting the computers that regulate water treatment plants and power grids, gaining the potential to turn off the lights or contaminate the water from thousands of miles away.
The contagion is spreading to the high seas. Reuters recently reported that Greek shipowners, who control a vast portion of the world’s tanker fleet, have also been placed on high alert.
The Greek National Cybersecurity Authority warned of “electronic interference” near the Strait of Hormuz, ranging from GPS spoofing to the deployment of the “VShell” Trojan horse.
In the logic of modern conflict, a disabled tanker in a digital fog is as effective as one hit by a torpedo.
The Unpredictable Coalition
What is particularly concerning is the growing role of loosely coordinated hacking groups through an emergence of the “Cyber Islamic Resistance.”
This is not a formal army but a “coordinated operations room” on Telegram, where over 60 hacktivist groups from Russia, Syria, and Iraq congregate.
Since these actors operate on “ideological initiative” rather than direct state command, they are unpredictable and lack the political constraints that usually prevent states from targeting purely civilian infrastructure.
There are also early signs that some of these groups are beginning to use artificial intelligence tools to enhance their capabilities, lowering the barrier to entry for more sophisticated attacks.
Non-negotiable Recommendations
If the home is the new frontier, then the resident is the new sentry. To mitigate these rising risks, the UAE Cybersecurity Council and international experts recommend a three-tiered defense:
The UAE Cybersecurity Council, along with international experts, has emphasized a few practical steps:
- Secure your network: Change default router passwords and keep software up to date.
- Use trusted systems: Stick to approved VPNs and be cautious on communication platforms.
- Stay alert: Ultimately, 90% of successful breaches require human error, such as clicking on a malicious link. Recognize any phishing attempt and immediately report suspicious logins.
The security of a multi-billion-dollar corporation may now depend on whether a remote accountant in Dubai or Athens remembers to update their home Wi-Fi password. Awareness and taking action are key.
