Some 10m stolen records from Mideast on the dark web
DUBAI, October 14, 2024
In the first half of 2024, Kaspersky’s Digital Footprint Intelligence (DFI) team discovered and analysed almost 10 million records of stolen user accounts, most widespread in Egypt, Saudi Arabia and the UAE.
Kaspersky’s team has released a report shedding light on the most pervasive cyberthreats facing organisations in the Middle East. Kaspersky experts delved deep into the dark web – exploring everything from cybercriminal forums to shadow marketplaces – to collect data from the first half of 2024, piecing together a comprehensive picture of the digital dangers lurking beneath the surface.
Kaspersky’s findings reveal a complex web of cyberthreats targeting the Middle East, the main dangers are:
Ransomware groups
Ransomware groups have become more organised and structured in their aim to retrieve sensitive data and encrypt their victims’ files in exchange for a ransom payment. The team highlighted 19 groups operating across the Middle East region in the report, most pervasively targeting the UAE and Saudi Arabia.
Kaspersky’s research also named the most active groups: Lockbit 3.0, Stormous, Rhysida, and Qilin; and shows that the public sector, construction, and companies in the business services industry were among the top targeted industries.
Hacktivism
Ideologically motivated hacktivist activities are on the rise. Although such attacks were most commonly assumed as denial of service (DDoS), hacktivists are becoming more destructive in their approach. In line with current geopolitical instability, attacks are shifting to more critical outcomes such as data leaks and the compromise of target organisations. Kaspersky DFI researchers observed more than 11 hacktivist movements and various actors across the region.
Initial corporate access
A key target for cybercriminals is entry points into corporate networks. Cybercriminals are able to exploit initial access to larger groups, or criminals who have the capabilities to further develop the attack. Kaspersky’s experts discovered more than 40 dark web adverts offering corporate access to government, education, manufacturing, transportation, financial, healthcare, IT, and other corporate organisations in the region.
Info stealers
An info stealer is a form of malware that aims to gather as much sensitive information as possible from infected devices, and send the data for extraction. Stolen data is highly valuable to cybercriminals, as valid accounts and authentication data are in high demand on the dark web.
Data breaches
Kaspersky’s insights have shown that both leaked data and documents are being shared or traded on multiple publications. This data can be used to commit various acts of fraud, from common spam to blackmail and targeted attacks using victim profiling. Overall, cybercriminals in H1 2024, had leaked 125 corporate-related databases in different industries. In terms of the main countries by the number of databases shared, Saudi Arabia, Iraq and Egypt experienced the highest number of data breaches.
Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence, said: “It is evident cybercriminals are not only perfecting existing methods, but developing innovative tactics and tools to infiltrate their victims. In this ever-evolving environment, vigilance is essential to safeguard organisations’ network infrastructures from various threats lurking in the dark web. As technology continues to advance, cyberattacks are becoming an inevitability rather than a possibility, making it ever more important to stay one step ahead.”--TradeArabia News Service