Kaspersky at GITEX Global 2024

At GITEX Global 2024, it was revealed that almost 10 million stolen pairs of Middle Eastern user account logins and passwords are being sold on the darknet.

The Kaspersky Digital Footprint Intelligence (DFI) team studied darknet and shadow marketplace listings from the first half of 2024, focusing on cyber threats to organizations in Middle Eastern countries. The findings were presented at GITEX Global 2024.

Kaspersky's findings reveal a complex web of cyberthreats targeting the Middle East, the main dangers are:

Infostealers. This type of malware is used by cybercriminals to collect as much confidential data as possible from infected devices. Logins and passwords for accounts are in high demand. Kaspersky DFI experts discovered nearly 10 million such pairs on the darknet, mostly from corporate networks in Egypt, Saudi Arabia, and the UAE.

Data Breaches. The leaked data can be used for a variety of fraudulent activities, from blackmailing to targeted attacks. In the first half of 2024, cybercriminals posted 125 corporate databases of Middle Eastern companies on the darknet and shadow forums. Saudi Arabia, Iraq and Egypt are among the countries with the highest number of leaks.

Ransomware. According to Kaspersky DFI experts, cyber groups organizing ransomware attacks have become more structured and organized. In the first half of 2024, 19 such groups were active in the Middle East, with the UAE and Saudi Arabia being the primary locations. The most active groups are Lockbit 3.0, Stormous, Rhysida, and Qilin. The most frequently attacked sectors include government organizations, construction, and consulting companies.

Hacktivism. Ideologically motivated hacktivist activity is on the rise. Hacktivists are often associated with DDoS attacks, but now their activities are becoming more destructive, leading to critical consequences such as data leaks and the compromise of individual organizations. Kaspersky DFI experts have detected more than 11 hacktivist units and groups in the Middle East.

Initial Access to Systems. The key goal of cybercriminals is to find entry points into corporate networks. These entry points are often resold to larger groups or attackers with the capacity to further develop the attack. Kaspersky DFI experts found over 40 listings in the darknet selling access to corporate systems in government, education, manufacturing, transportation, financial, medical, and other sectors across the Middle East.

It is evident cybercriminals are not only perfecting existing methods, but developing innovative tactics and tools to infiltrate their victims. In this ever-evolving environment, vigilance is essential to safeguard organizations’ network infrastructures from various threats lurking in the dark web. As technology continues to advance, cyberattacks are becoming an inevitability rather than a possibility, making it ever more important to stay one step ahead.

Vera Kholopova, Senior Analyst at Kaspersky Digital Footprint Intelligence.

In order to proactively defend against cyberthreats, Kaspersky shares the following tips:

Create and maintain an IT asset inventory. Identify all assets that need to be protected and perform regular updates on software so that attackers don’t have the opportunity to exploit known vulnerabilities.
Implement comprehensive security solutions. Use multi-pronged security controls, like Kaspersky Next, across your entire network. These additional layers of protection ensure timely detection and prevention of cyberattacks.
Promote cybersecurity awareness among staff. Educating and training employees on cybersecurity best practices and potential threats minimizes the risk of human error, which remains one of the main vulnerabilities in organizations.
Continuously monitor and assess your digital environment. Keep a close watch on all devices, servers, systems, services, applications, and traffic for any suspicious activity – early detection of a malicious attack is key.
Stay up-to-date with threat intelligence (TI). Regularly review threat intelligence data to understand the latest tactics, techniques, and procedures used by attackers. You can then tailor your security controls accordingly.
Monitor the dark web. Stay aware of dark web activities in order to gain valuable insights into potential attack vectors, cybercriminal interests and plans. Kaspersky’s Digital Footprint service helps strengthen organizations’ defences and respond proactively.