Kaspersky’s Digital Footprint Intelligence (DFI) team has released a report during GITEX Global 2024, shedding light on the most pervasive cyberthreats facing organizations in the Middle East. Kaspersky experts delved deep into the dark web – exploring everything from cybercriminal forums to shadow marketplaces – to collect data from the first half of 2024, piecing together a comprehensive picture of the digital dangers lurking beneath the surface.
Kaspersky’s findings reveal a complex web of cyberthreats targeting the Middle East, the main dangers are:
Ransomware Groups
Ransomware groups have become more organized and structured in their aim to retrieve sensitive data and encrypt their victims’ files in exchange for a ransom payment. The team highlighted 19 groups operating across the Middle East region in the report, most pervasively targeting the United Arab Emirates (UAE) and the Kingdom of Saudi Arabia. Kaspersky’s research also named the most active groups: Lockbit 3.0, Stormous, Rhysida, and Qilin; and shows that the public sector, construction, and companies in the business services industry were among the top targeted industries.
Hacktivism
Ideologically motivated hacktivist activities are on the rise. Although such attacks were most commonly assumed as denial of service (DDoS), hacktivists are becoming more destructive in their approach. In line with current geopolitical instability, attacks are shifting to more critical outcomes such as data leaks and the compromise of target organizations. Kaspersky DFI researchers observed more than 11 hacktivist movements and various actors across the region.
Initial Corporate Access
A key target for cybercriminals is entry points into corporate networks. Cybercriminals are able to exploit initial access to larger groups, or criminals who have the capabilities to further develop the attack. Kaspersky’s experts discovered more than 40 dark web adverts offering corporate access to government, education, manufacturing, transportation, financial, healthcare, IT, and other corporate organizations in the region.
Examples of posts from initial access broker
Info Stealers
An info stealer is a form of malware that aims to gather as much sensitive information as possible from infected devices, and send the data for extraction. Stolen data is highly valuable to cybercriminals, as valid accounts and authentication data are in high demand on the dark web. In the first half of 2024, Kaspersky’s DFI team discovered and analysed almost 10 million records of stolen user accounts, most widespread in Egypt, Saudi Arabia and the UAE.
Data Breaches
Kaspersky’s insights have shown that both leaked data and documents are being shared or traded on multiple publications. This data can be used to commit various acts of fraud, from common spam to blackmail and targeted attacks using victim profiling. Overall, cybercriminals in H1 2024, had leaked 125 corporate-related databases in different industries. In terms of the main countries by the number of databases shared, Saudi Arabia, Iraq and Egypt experienced the highest number of data breaches.
Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence said, “It is evident cybercriminals are not only perfecting existing methods, but developing innovative tactics and tools to infiltrate their victims. In this ever-evolving environment, vigilance is essential to safeguard organizations’ network infrastructures from various threats lurking in the dark web. As technology continues to advance, cyberattacks are becoming an inevitability rather than a possibility, making it ever more important to stay one step ahead.”
In order to proactively defend against cyberthreats, Kaspersky shares the following tips:
- Create and maintain an IT asset inventory. Identify all assets that need to be protected and perform regular updates on software so that attackers don’t have the opportunity to exploit known vulnerabilities.
- Implement comprehensive security solutions. Use multi-pronged security controls, like Kaspersky Next, across your entire network. These additional layers of protection ensure timely detection and prevention of cyberattacks.
- Promote cybersecurity awareness among staff. Educating and training employees on cybersecurity best practices and potential threats minimizes the risk of human error, which remains one of the main vulnerabilities in organizations.
- Continuously monitor and assess your digital environment. Keep a close watch on all devices, servers, systems, services, applications, and traffic for any suspicious activity – early detection of a malicious attack is key.
- Stay up-to-date with threat intelligence (TI). Regularly review threat intelligence data to understand the latest tactics, techniques, and procedures used by attackers. You can then tailor your security controls accordingly.
- Monitor the dark web. Stay aware of dark web activities in order to gain valuable insights into potential attack vectors, cybercriminal interests and plans. Use Kaspersky’s Digital Footprint service to strengthen your defences and respond proactively.
To know the more on the dark web threats facing the Middle East region, or read the full report here.