Cyberattack risk expected to rise in the UAE during Ramadan as digital commerce accelerates

(MENAFNEditorial) Cybersecurity threats targeting businesses in the United Arab Emirates are expected to intensify during Ramadan, as seasonal spikes in online shopping and digital engagement create favorable conditions for DDoS attacks and malicious bot activity, according to analysis by Qrator Labs, a global cybersecurity company.

For example, during Q1 2025 — which included the Ramadan period — the e-commerce sector was among the three most frequently targeted industries for distributed denial-of-service (DDoS) attacks. Overall, it accounted for 21.5% of all network- and transport-layer (L3-L4) incidents and 14.4% of application-layer (L7) attacks.

Automated malicious traffic followed a similar trajectory, with bot activity in March 2025 rising 28% compared to February, signaling renewed attacker engagement aligned with seasonal demand. Online retail platforms were the primary focus, generating 40.7% of all detected bot activity.

The quarter’s most intense bot attack occurred on 9 March 2025, when an e-commerce website was hit by a highly concentrated burst of automated traffic averaging roughly 42,000 requests per second and peaking at 56,500 requests per second.

In the UAE, Ramadan continues to drive a pronounced shift toward digital commerce. Market research from 2025 shows that during the holy month, online sales of groceries and food items increase by 11%. Within online retail, certain product categories see an even sharper rise. For example, fashion purchases grow by 46%, while cosmetics and related products surge by as much as 64%, reflecting heightened consumer activity ahead of social gatherings and Eid celebrations.

“When large volumes of revenue are compressed into a short seasonal window, it creates exceptionally strong incentives for malicious interference,” said Andrey Leskin, Chief Technology Officer at Qrator Labs. “Disrupting an online platform even briefly during these high-activity periods can translate into tangible commercial gain. That is why attackers increasingly design precise, application-layer campaigns targeting specific services rather than relying solely on large volumetric floods.”

To evade detection, attackers increasingly blend automated activity into traffic closely resembling that of real users, reducing the effectiveness of traditional measures such as CAPTCHA. The expanding use of AI-assisted browsing tools and the unprecedented growth of massive, globally distributed IoT botnets add further complexity, as malicious and legitimate traffic may originate from the same regions, networks, or even IP ranges.

“As digital activity surges during Ramadan, maintaining availability becomes essential to preserving both revenue flow and customer trust,” Leskin added. “With CAPTCHA-based protection becoming less and less effective, online businesses need to shift toward intent-based traffic analysis that can filter out malicious traffic without disrupting the buying experience.”

MENAFN22022026000070018012ID1110772794