Dr Martin J. Krämer, CISO Advisor at KnowBe4
Armed conflicts not only alter the geopolitical balance of power, but also create a climate of uncertainty amongst businesses worldwide, which cybercriminals systematically exploit for their own ends. The military escalation in the Middle East demonstrates once again how quickly and in what a coordinated manner hackers react to global political events in order to adapt their social engineering campaigns. For businesses, this means that the threat landscape evolves in direct response to current news events. Fuelled by the use of artificial intelligence, these phishing attacks now achieve unprecedented speed and precision.
Crises amplify the effectiveness of social engineering
Attacks targeting human decision-making are particularly effective when the victim is in a state of heightened stress or distraction. Global crises such as pandemics, natural disasters or armed conflicts therefore regularly serve as a backdrop for criminals to simulate urgency, gain trust and circumvent security mechanisms. Recent observations from the region show that this pattern is being confirmed once again in the wake of the Middle East conflict.
Significant rise in attack activity
Research by the cybersecurity firm Bitdefender confirms a significant increase in targeted phishing activities following the start of the military hostilities. In the weeks following the first US-Israeli attacks on Iranian territory at the end of February 2026, researchers recorded a rise in malicious emails in the Gulf states of around 130 per cent, with peak figures at times reaching four times the usual level.
The analysis shows that these are not isolated opportunistic actions, but coordinated, dynamically adapted campaigns. Attackers reacted in real time to the changing news situation and used the economic disruptions, particularly in regional shipping and trade, as a credible cover. Business-related formats such as invoices, contracts, bank documents and delivery notifications served as the primary bait.
Whilst state-sponsored actors are also active in the region, Bitdefender assumes that the majority of the increase is attributable to financially motivated criminals.
Recommendations for businesses and users
Organisations should specifically raise their employees’ awareness of crisis-related social engineering attacks. Unexpected attachments, even from supposedly trusted senders, should always be treated with caution and, if in doubt, verified via an independent channel. File formats such as .eml, .jar, .rar or .hta should be classified as potentially dangerous in the same way as traditional executable files. Compressed archives from unknown sources are considered a particularly common method of bypassing security filters.
Messages suggesting an immediate need for action, such as authorising payments or checking documents straight away, should be treated as a warning sign. Before opening links, it is advisable to check the actual destination address. Financial or legally relevant enquiries must always be confirmed via official, independent channels.
Conclusion
A high-profile incident in the US demonstrates that this trend is no longer confined to corporate systems. A group attributed to Iran hacked into a private email account belonging to FBI Director Kash Patel and published photos and documents from it. The reality is that attackers are increasingly targeting personal accounts with the aim of damaging reputations and, potentially, blackmail. The protection of executives and high-profile employees must therefore be consistently considered beyond the professional context. Companies would be well advised to supplement their security strategy with continuous, realistic awareness-raising for all employees, covering both professional and private digital behaviour. Only those who recognise human judgement as an integral part of cyber defence can keep pace with the current threat landscape.
