Key Takeaways:
- In the first half of 2024, Kaspersky’s Digital Footprint Intelligence team uncovered nearly 10 million stolen user account records, primarily affecting Egypt, Saudi Arabia, and the UAE.
- The report highlights organized ransomware groups, rising hacktivism, and significant data breaches as major cyber threats.
- Saudi Arabia, Iraq, and Egypt recorded the highest number of data breaches in the region.
In the first half of 2024, Kaspersky’s Digital Footprint Intelligence (DFI) team discovered and analyzed nearly 10 million records of stolen user accounts, with the most significant prevalence in Egypt, Saudi Arabia, and the UAE.
Kaspersky has released a report detailing the most pervasive cyber threats facing organizations in the Middle East. The team explored the dark web, examining cybercriminal forums and shadow marketplaces to collect data from the first half of the year, creating a comprehensive picture of the digital dangers present.
The findings reveal a complex web of cyber threats targeting the region, with the primary dangers identified as follows:
Ransomware Groups
Ransomware groups have become increasingly organized and focused on retrieving sensitive data while encrypting their victims’ files for ransom. Kaspersky highlighted 19 groups operating across the Middle East, predominantly targeting the UAE and Saudi Arabia. The report identified the most active groups, including Lockbit 3.0, Stormous, Rhysida, and Qilin, with the public sector, construction, and business services among the top targeted industries.
Hacktivism
There has been a rise in ideologically motivated hacktivist activities. While such attacks were commonly associated with denial of service (DDoS), hacktivists are adopting more destructive methods. In light of current geopolitical instability, attacks have shifted to critical outcomes such as data leaks and the compromise of target organizations. Kaspersky researchers observed over 11 hacktivist movements across the region.
Initial Corporate Access
Cybercriminals are targeting entry points into corporate networks, with the ability to exploit initial access for larger attacks. Kaspersky discovered over 40 dark web advertisements offering corporate access to various sectors, including government, education, manufacturing, transportation, financial, healthcare, and IT organizations in the region.
Info Stealers
Info stealers are a type of malware designed to gather sensitive information from infected devices and transmit it for extraction. Stolen data is highly valuable, as valid accounts and authentication data are in high demand on the dark web.
Data Breaches
Kaspersky’s insights revealed that leaked data and documents are being shared or traded across multiple platforms. This information can facilitate various fraudulent activities, from spam to blackmail and targeted attacks based on victim profiling. In the first half of 2024, cybercriminals leaked 125 corporate-related databases across various industries, with Saudi Arabia, Iraq, and Egypt experiencing the highest number of data breaches.
Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence, remarked, “Cybercriminals are not only perfecting existing methods but also developing innovative tactics and tools to infiltrate their victims. In this ever-evolving environment, vigilance is essential to safeguard organizations’ network infrastructures from various threats lurking in the dark web. As technology continues to advance, cyberattacks are becoming an inevitability rather than a possibility, making it ever more important to stay one step ahead.”