Full Report
As cyber threats against critical infrastructure continue to rise globally, the Dubai Electricity and Water Authority (DEWA) says it is successfully blocking around 3,000 cyberattacks every day targeting its electricity and water systems. The figure was revealed by Saeed Mohammed Al Tayer, Managing Director and CEO of DEWA, during a session hosted by the Dubai…
Analysis Summary
# Incident Report: Ongoing Cyber Reconnaissance and Threats Against Dubai DEWA
## Executive Summary
The Dubai Electricity and Water Authority (DEWA) has reported a sustained high-volume campaign of cyberattacks, successfully neutralizing approximately 3,000 attempts per day. These threats target the essential digital systems managing Dubai's water and power infrastructure. Despite the volume, DEWA reports zero service disruptions due to its integrated AI-driven defense and robust digital infrastructure.
## Incident Details
- **Discovery Date:** Ongoing (Reported June 29, 2026)
- **Incident Date:** Continuous/Daily
- **Affected Organization:** Dubai Electricity and Water Authority (DEWA)
- **Sector:** Energy and Water (Critical Infrastructure)
- **Geography:** Dubai, United Arab Emirates
## Timeline of Events
### Initial Access
- **Date/Time:** Daily (Approx. 3,000 attempts per 24-hour period)
- **Vector:** Not explicitly disclosed (typically involves Phishing, Scanning/Exploitation of public-facing assets, and Brute Force).
- **Details:** Automated and manual attempts to breach the perimeter of the electricity and water networks.
### Lateral Movement
- **Details:** No successful lateral movement reported; attacks are currently being blocked at the network perimeter or entry points.
### Data Exfiltration/Impact
- **Details:** No data exfiltration or operational damage reported. All attacks were successfully mitigated before impact.
### Detection & Response
- **How it was discovered:** Continuous monitoring via AI-powered Security Operations Centers (SOC).
- **Response actions taken:** Automated blocking of malicious IPs and traffic; utilization of AI-powered defense layers to identify and neutralize threats in real-time.
## Attack Methodology
*Note: Due to the high volume (3,000 daily), methods likely vary across the full spectrum of the MITRE ATT&CK framework.*
- **Initial Access:** Mass scanning of IoT/OT infrastructure; credential probing.
- **Persistence:** Mitigated (Blocked at perimeter).
- **Privilege Escalation:** Mitigated.
- **Defense Evasion:** Not reported.
- **Credential Access:** Likely targeted through brute force or spray attacks.
- **Discovery:** External reconnaissance and port scanning.
- **Lateral Movement:** Blocked.
- **Collection:** Blocked.
- **Exfiltration:** Blocked.
- **Impact:** Attempts to disrupt critical utility services thwarted by automated defenses.
## Impact Assessment
- **Financial:** Minimal; restricted to the cost of maintaining high-standard defensive operations.
- **Data Breach:** None reported.
- **Operational:** No reported outages or service degradations.
- **Reputational:** Positive; the organization is being highlighted as a model for regional cyber resilience.
## Indicators of Compromise
*Specific IOCs were not disclosed in the CEO’s public statement, but typical indicators for such activity include:*
- **Network indicators:** Multiple unauthorized connection attempts from anonymous VPNs/Proxy nodes.
- **Behavioral indicators:** Excessive login failures on smart infrastructure gateways; anomalous traffic spikes on OT (Operational Technology) protocols.
## Response Actions
- **Containment measures:** Automated firewall rules and IP blacklisting.
- **Eradication steps:** Continuous patching of smart infrastructure and digital twin systems.
- **Recovery actions:** None required as operations remained uninterrupted.
## Lessons Learned
- **Key takeaways:** High levels of automation and AI integration are essential for managing the sheer volume of attacks faced by modern critical infrastructure.
- **Successes:** The transition to "smart" digital systems was accompanied by a commensurate investment in cybersecurity, preventing major disruptions.
## Recommendations
- **Prevention measures:**
- Continue the "National Priority" focus on cyber resilience for all utility providers.
- Maintain rigorous air-gapping or secure gateways between IT and OT environments.
- Regularly audit AI-driven security models to prevent "adversarial AI" attacks that might attempt to bypass existing filters.