UAE issues warning over Iran’s use of AI tools such as ChatGPT in cyber attacks as cyber threats increase rapidly during crisis

Developed in collaboration with the Ministry of Government Enablement, the guide, published in Arabic and English as part of the second phase of the ‘Our Community is Ready’ campaign, outlines six major cyber threats that tend to proliferate during crises.

These include phishing and online fraud, account compromise, malware, identity theft, creation of fake social media accounts, as well as AI-powered fraud and deepfakes. Such tactics include audio cloning and the generation of fabricated images and videos that appear to originate from trusted organizations or individuals for the purpose of deception and financial fraud. Data leakage through untrusted websites also remains a significant concern.

This guide aims to raise public awareness of cyber risks and promote safe digital practices, enabling individuals to protect their personal data and online accounts when using various digital services, particularly in emergency and exceptional circumstances.

This provides critical precautions to reduce cyber risk, increase community awareness, protect individuals and organizations, and ensure business continuity.

The guide notes that cyberattacks tend to escalate during times of crisis. Factors include making individuals more susceptible to deception, such as the exploitation of fear and confusion. Rushing digital decisions without proper validation. Spreading misinformation and unconfirmed news. and increased reliance on informal channels for information and services.

This guide identifies several warning signs of potential fraud, including urgent requests for personal information or verification codes, suspicious or unknown links, unexpected money transfer requests, messages claiming unlikely prizes or unrealistic offers, login alerts from unfamiliar devices, and unsolicited audio or video messages requesting sensitive information. It also warns against messages that are written in an unusual style, appear overly formal, or impersonate official or trusted organizations.

Individuals are advised to avoid common mistakes such as clicking on unknown links, reusing passwords on multiple platforms, downloading applications from unofficial sources, uploading files or entering data on untrusted websites, sharing one-time passwords (OTPs), responding to suspicious messages in haste, and re-sharing unverified content.

The center urges the public to adhere to important guidelines during the crisis, including relying only on official sources, refraining from sharing unverified information, using exceptional circumstances to enforce warning messages, verifying the authenticity of audio and video content before re-sharing, avoiding panicky responses, and following official cybersecurity instructions. It also warns against using educational email accounts on public platforms, especially gaming applications, to prevent account breaches and abuses.

The center highlighted that fear-inducing messages, urgent requests for information, unusual communication styles, and impersonation of public authorities are common tactics used by fraudsters to coerce individuals into making hasty digital decisions.

Dr. Mohammed Al Kuwait acknowledged that artificial intelligence is no longer just an adjunct, but has become an integral part of modern cyber attack toolkits. He noted that adversaries, including Iran, are using AI for reconnaissance, data collection, vulnerability detection, enhancing phishing messages, developing malware, and creating misleading or fabricated content to support information warfare.

He emphasized that recent attacks demonstrate a qualitative shift in cyberattack techniques, with AI enabling operations that are faster, more persuasive, cost-effective, and broadly scalable.

Regarding national efforts to counter such threats, Al Kuwait explained that the UAE Cyber ​​Security Council operates within an advanced and integrated national framework focused on continuous monitoring, analysis, response and enhanced readiness.

Key initiatives include adopting a zero trust model, activating the National Cybersecurity Operations Center (NSOC), deploying smart surveillance systems, leveraging advanced intelligence analytics, monitoring disinformation, conducting national cyber crisis simulation exercises, and sharing real-time security alerts with relevant parties to ensure rapid response and preparedness.

He emphasized that the UAE is adopting a proactive approach, saying, “Rather than waiting for threats to act, the country maintains continuous preparedness to protect national infrastructure and services.”

Al-Kuwait stressed that in the current situation, individuals are the first line of defense. The main recommendations are:

He also emphasized the importance of regularly updating systems and applications, avoiding unsecured public Wi-Fi networks, backing up important data, and immediately reporting suspicious messages, apps, or calls. He warned against believing or sharing unverified videos, images and recordings.

“The most important message is that in times of stress, we must be faster than phishing, calmer than rumors, and more accurate than fabricated content,” he said.

Commenting on the scale of cyber threats, Al Kuwait revealed that the UAE currently faces between 500,000 and 700,000 cyber attacks every day, targeting strategic sectors, especially during times of high pressure. He noted that most of these threats come from state-sponsored actors.

Compared to the period prior to February 28, indicators show a clear increase in the volume and sophistication of attacks, with increased reliance on AI and deepfake technology, and regional expansion.

He concluded that although the intensity of attacks is expected to increase, the UAE’s national cybersecurity system is actively detecting and containing threats while ensuring the continuity of critical services.

“What we face today is not just traditional cyber-attacks, but more complex threats that leverage artificial intelligence, social engineering and fabricated content. However, the UAE has highly sophisticated, vigilant and proactive systems in place. The key message to the public is to trust public information sources, deny fraudsters any opportunity and leave no room for rumors to spread,” he said.