Kaspersky’s Digital Footprint Intelligence (DFI) team has released a report during GITEX Global 2024, shedding light on the most pervasive cyberthreats facing organizations in the Middle East. Kaspersky experts delved deep into the dark web – exploring everything from cybercriminal forums to shadow marketplaces – to collect data from the first half of 2024, piecing together a comprehensive picture of the digital dangers lurking beneath the surface.
Kaspersky’s findings reveal a complex web of cyberthreats targeting the Middle East, the main dangers are:
Ransomware Groups
Ransomware groups have become more organized and structured in their aim to retrieve sensitive data and encrypt their victims’ files in exchange for a ransom payment. The team highlighted 19 groups operating across the Middle East region in the report, most pervasively targeting the United Arab Emirates (UAE) and the Kingdom of Saudi Arabia. Kaspersky’s research also named the most active groups: Lockbit 3.0, Stormous, Rhysida, and Qilin; and shows that the public sector, construction, and companies in the business services industry were among the top targeted industries.
Hacktivism
Ideologically motivated hacktivist activities are on the rise. Although such attacks were most commonly assumed as denial of service (DDoS), hacktivists are becoming more destructive in their approach. In line with current geopolitical instability, attacks are shifting to more critical outcomes such as data leaks and the compromise of target organizations. Kaspersky DFI researchers observed more than 11 hacktivist movements and various actors across the region.
Initial Corporate Access
A key target for cybercriminals is entry points into corporate networks. Cybercriminals are able to exploit initial access to larger groups, or criminals who have the capabilities to further develop the attack. Kaspersky’s experts discovered more than 40 dark web adverts offering corporate access to government, education, manufacturing, transportation, financial, healthcare, IT, and other corporate organizations in the region.
Examples of posts from initial access broker
Info Stealers
An info stealer is a form of malware that aims to gather as much sensitive information as possible from infected devices, and send the data for extraction. Stolen data is highly valuable to cybercriminals, as valid accounts and authentication data are in high demand on the dark web. In the first half of 2024, Kaspersky’s DFI team discovered and analysed almost 10 million records of stolen user accounts, most widespread in Egypt, Saudi Arabia and the UAE.
Data Breaches
Kaspersky’s insights have shown that both leaked data and documents are being shared or traded on multiple publications. This data can be used to commit various acts of fraud, from common spam to blackmail and targeted attacks using victim profiling. Overall, cybercriminals in H1 2024, had leaked 125 corporate-related databases in different industries. In terms of the main countries by the number of databases shared, Saudi Arabia, Iraq and Egypt experienced the highest number of data breaches.
Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence said, “It is evident cybercriminals are not only perfecting existing methods, but developing innovative tactics and tools to infiltrate their victims. In this ever-evolving environment, vigilance is essential to safeguard organizations’ network infrastructures from various threats lurking in the dark web. As technology continues to advance, cyberattacks are becoming an inevitability rather than a possibility, making it ever more important to stay one step ahead.”
