Latest news with #APTs
Zawya
26-05-2025
- Business
- Zawya
What's on the cybersecurity horizon: Kaspersky shares cybersecurity trends for the Middle East, Turkiye and Africa
At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, Kaspersky ( Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, AI and IoT developments. Kaspersky experts constantly track highly sophisticated attacks. Specifically, they are monitoring 25 APT groups currently active in the META region, including well-known ones such as SideWinder, Origami Elephant, and MuddyWater. The rise of creative exploits for mobile and further development of techniques aimed at evading detection are among the trends Kaspersky is seeing in these targeted attacks. On a broader level, the first quarter of 2025 showed that Turkiye and Kenya had the highest number of users affected by web incidents (online threats) – 26.1% and 20.1% respectively. They were followed by Qatar (17.8%), Nigeria (17.5%) and South Africa (17.5%). In the Middle East ransomware affected a higher share of users due to rapid digital transformation, expanding attack surfaces and varying levels of cybersecurity maturity. Ransomware is less prevalent in Africa due to lower levels of digitisation and economic constraints, which reduce the number of high-value targets. However, as countries like South Africa and Nigeria expand their digital economies, ransomware attacks are on the rise, particularly in the manufacturing, financial and government sectors. Limited cybersecurity awareness and resources leave many organisations vulnerable, though the smaller attack surface means the region remains behind global hotspots. Ransomware trends AI tools are increasingly being used in ransomware development, as demonstrated by FunkSec, a ransomware group that emerged in late 2024 and quickly gained notoriety by surpassing established groups like Cl0p and RansomHub with multiple victims claimed in December alone. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec employs double extortion tactics — combining data encryption with exfiltration — targeting sectors such as government, technology, finance, and education in Europe and Asia. The group's heavy reliance on AI-assisted tools sets it apart, with its ransomware featuring AI-generated code, complete with flawless comments, likely produced by Large Language Models (LLMs) to enhance development and evade detection. Unlike typical ransomware groups demanding millions, FunkSec adopts a high-volume, low-cost approach with unusually low ransom demands, further highlighting its innovative use of AI to streamline operations. In 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities, as demonstrated by the Akira gang's use of a webcam ( to bypass endpoint detection and response systems and infiltrate internal networks. Attackers are likely to increasingly target overlooked entry points like IoT devices, smart appliances or misconfigured hardware in the workplace, capitalising on the expanding attack surface created by interconnected systems. As organisations strengthen traditional defenses, cybercriminals will refine their tactics, focusing on stealthy reconnaissance and lateral movement within networks to deploy ransomware with greater precision, making it harder for defenders to detect and respond in time. The proliferation of LLMs tailored for cybercrime will further amplify ransomware's reach and impact. LLMs marketed on the dark web lower the technical barrier to creating malicious code, phishing campaigns and social engineering attacks, allowing even less skilled actors to craft highly convincing lures or automate ransomware deployment. As more innovative concepts such as RPA (Robotic Process Automation) ( and LowCode ( which provide an intuitive, visual, AI-assisted drag-and-drop interface for rapid software development, are quickly adopted by software developers, we can expect ransomware developers to use these tools to automate their attacks as well as new code development, making the threat of ransomware even more prevalent. 'Ransomware is one of the most pressing cybersecurity threats facing organisations today, with attackers targeting businesses of all sizes and across every region, including META. Ransomware groups continue to evolve by adopting techniques, such as developing cross-platform ransomware, embedding self-propagation capabilities and even using zero-day vulnerabilities that were previously affordable only for APT actors. There is also a shift toward exploiting overlooked entry points — including IoT devices, smart appliances, and misconfigured or outdated workplace hardware. These weak spots often go unmonitored, making them prime targets for cybercriminals,' said Sergey Lozhkin, Head of META and APAC regions in Global Research and Analysis Team at Kaspersky. 'To stay secure, organisations need a layered defense: up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education'. Kaspersky encourages organisations to follow these best practices to safeguard their assets: Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network. Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to outgoing traffic to detect cybercriminals' connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. Use the latest Threat Intelligence ( information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors. Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business ( that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions. To protect the company against a wide range of threats, use solutions from the Kaspersky Next ( product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organisations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing. Distributed by APO Group on behalf of Kaspersky. For further information please contact: Nicole Allman nicole@ Social Media: Facebook: X: YouTube: Instagram: Blog: About Kaspersky: Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at
The Australian
12-05-2025
- Business
- The Australian
Cyber threat trends: a CISO guide to emerging risks
Cybercriminals are leveraging large language models, and ransomware risks are on the rise, according to a new report that provides insights into evolving cyber threats. The prevalence of the ransomware-as-a-service (RaaS) model has significantly increased the frequency, destructiveness, and complexity of ransomware operations throughout 2024, according to Deloitte's Annual Threat Trends Report. The increase in use of RaaS models is enabling, for example, developers to concentrate on creating and improving ransomware and its components, initial access brokers to specialise in obtaining access to potential victims, and affiliates to focus on navigating compromised networks, payload deployment, and extortion, notes the report. Moreover, nation-state advanced persistent threats (APTs) have been increasingly deploying ransomware by collaborating with cybercriminal groups or developing their own ransomware strains for both financial gain and as a distraction to mislead incident responders while carrying out espionage-driven tactics. 'In today's rapidly evolving digital landscape, understanding cyber threat trends is crucial for safeguarding organisational assets and maintaining trust with stakeholders,' says Adnan Amjad, partner and US Cyber Offering portfolio leader at Deloitte & Touche LLP. 'Such insights can help CISOs navigate a complex threat landscape and implement effective security strategies,' adds Amjad. The Cyber Threat Trends Report emphasises the need for organisations to remain vigilant and adaptive in their cybersecurity strategies by identifying emerging threat trends in ransomware groups, AI-powered social engineering, and AI-as-a-service models, as well as evolving initial access trends. Effective cybersecurity begins with a deeper understanding of the evolving threats organisations continually face and the threat actors behind them, say report authors. They also explain that due to an influx of rapidly evolving and disruptive emerging issues and threat trends observed throughout 2024, organisations can benefit from adopting a broad approach to help mitigate the specific and ever-changing cyber risks they face. In this context, CIOs and CISOs can leverage the insights from threat intelligence teams to strengthen their organisation's cyber defences and prepare for worst-case scenarios to recover quickly in the event of a cyber intrusion. Trending and emerging initial access vectors The report investigates cyber threat trends across industry vectors, including the global impact of ransomware, trending and emerging initial access vectors, and observations from underground forums and marketplaces. Cybercriminals and nation-state APTs use large language models (LLMs) in many aspects of a cyberattack, according to the report. That includes actions such as gathering information on the target via multiple social engineering tactics, conducting reconnaissance, defense evasion, and crafting customised phishing lures. The use of LLMs to generate phishing content presents a significant challenge to traditional threat detection. Consider that threat actors can generate 1000 phishing emails in under two hours for as little as $6, with LLMs likely contributing to the overall 1265 per cent increase in phishing attacks reported in early 2024. [2] 'The future of cybersecurity lies in an organisation's ability to innovate and adapt,' says Kushagr Singh, principal and US Cyber Detect and Respond leader with Deloitte & Touche LLP. 'By leveraging advanced technologies while continuing to foster a culture of trust and security, we can help our clients stay one step ahead of cyber adversaries,' observes Singh. Underground trends Throughout 2024, report authors observed an increased influx of individuals' private information and a higher volume of sales of this information on various underground forums. Although international law enforcement efforts yielded visible results, they also underscored the persistent resilience of cybercriminal networks as threat actors often reconstitute quickly, indicating a continual need for intelligence-driven defense, closer public-private partnerships, and information-sharing initiatives to forge a more accurate picture of the threat landscape. Clare Mohr is leader and vice-president, Shawn Cozzolino, senior solution delivery manager, and David An, manager, all with Deloitte US Cyber Intelligence, Solution Delivery, Deloitte & Touche LLP. 1. 2. As published by the Deloitte US Chief Financial Officer Program in the 30 April 2025 edition of The CFO Journal in WSJ. Disclaimer This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ('DTTL'), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as 'Deloitte Global') does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the 'Deloitte' name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms. Copyright © 2025 Deloitte Development LLC. All rights reserved.
Daily Mail
29-04-2025
- Business
- Daily Mail
BREAKING NEWS Man City demand key financial information from Arsenal and other clubs in legal battle with Premier League
Arsenal - and a host of others – could be forced to hand over key and sensitive financial information following a demand from Manchester City. As City's war with the Premier League continues, Mail Sport understands that lawyers acting for the club have requested that the competition invokes one of its own rules and force a group of clubs which also includes the likes of Brighton and Everton to provide detail on loans they have received from their owners. City want to then use the information in their latest battle with the competition over its amended rules on sponsorship deals. They say that new regulations on Associated Party Transactions (APTs) – introduced by the Premier League after City successfully had the previous version deemed null and void – continue to discriminate. Their view is that shareholder loans, which often feature favourable or zero interest rates, give clubs who receive them, such as the Gunners, an unfair advantage as they are not subject to the same scrutiny as other commercial deals. All clubs have been informed of the request and will now face a wait to find if they have to comply. The likelihood of that being the case may well have caused a headache for the powers-that-be at the Emirates as they prepared for tonight's Champions League semi-final against Paris Saint-Germain. Arsenal benefitted from £259m worth of shareholder loans in 2022-23 while, in 2023, Liverpool owed owners FSG £71.4m. Brighton benefitted from shareholder loans of around £406.5m in 2021-22 while Everton's figure for 2022-23 was £450m. An independent panel, which previously ruled in City's favour, is set to consider the matter at a hearing in mid-October. Ahead of that date, representatives for City have asked the Premier League to use its Rule B18 which states that clubs 'shall comply promptly with any request for information'. After their previous victory, City warned the competition against effectively tweaking rules on APTs, which are commercial deals with groups linked to clubs' ownerships. They have now carried through on their threat to take legal action against them. Following their initial success, clubs were hit with a bill of more than £20m. The case is separate from the hearing into allegations that saw City charged with 115 alleged breaches of the Premier League's financial rules. A verdict may not be delivered until next Spring. Should City again emerge successful the Premier League could see its financial rules thrown into disarray once more with its clubs hit with another hefty legal bill. The Premier League declined to comment.
Telegraph
04-04-2025
- Business
- Telegraph
Man City accuse Premier League of favouring Arsenal
Manchester City's latest 'discrimination' claim accuses the Premier League of distorting spending check rules in favour of Arsenal and a handful of rivals. City have taken renewed issue with shareholder loans being spared from the same level of fair market scrutiny as other sources of owner funding. As a result, Arsenal, Brighton, Everton and Leicester City in effect get preferential treatment, a statement of claim to an independent tribunal argues. The claim, which has now been shared with the 20 member clubs, is part of a wider challenge to amends made last year by the Premier League to Associated Party Transactions (APTs). After previous APT rules were declared 'void and unenforceable' in February, City now argue that there needs to be a return to pre-2021 rules until matters are fully resolved. The rules continue to 'discriminate', the new claim says, adding that they 'fail to meet the requirements of transparency, objectivity, precision and proportionality… and are liable to distort competition'. Sources close to City have consistently drawn issue with shareholder loans not being included in APT calculations. An independent tribunal ruled in October that elements of the rules regarding APTs were unlawful, notably around shareholder loans being exempt from financial calculations, prompting City to declare the entire APT system void. The APT system was introduced in 2021 following the takeover of Newcastle United by the Saudi Arabian Public Investment Fund and is designed to prevent clubs from agreeing inflated sponsorship deals with companies associated with their ownership. City's belief that the system is void was then upheld in February for the three-year period from 2021 until new rules were introduced in November 2024. The ruling did not deal with the validity of amended APT regulations that were voted in late last year, however, which is why City are now challenging them. The outcome of that challenge, expected later this year, is likely to be critical in determining whether shareholder loans should face limits. City have separately been defending themselves against the 130 Premier League charges for alleged breaches of financial rules. An independent commission spent 12 weeks last year hearing evidence in relation to the charges, with a verdict in football's so-called ' trial of the century ' expected in the coming weeks.
Gulf Today
19-03-2025
- Business
- Gulf Today
Report highlights cybersecurity challenges in the Middle East
Sajjad Ahmad, Deputy Business Editor State-sponsored cyber threats, including Advanced Persistent Attacks (APTs) and Hacktivism surged in the Middle East in 2024, with GCC countries emerging as primary targets. These attacks are largely fuelled by geopolitical conflicts, according to a report released by Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Released recently, Group-IB's High-Tech Crime Trends Report 2025 provides a comprehensive analysis on the interconnectivity of cybercrime, and the evolving cyber threat landscape in the Middle East and Africa region. The report offers valuable intelligence on advanced persistent threats, hacktivism, and emerging cyber threats, empowering businesses, cybersecurity professionals, and law enforcement in the Middle East with the insights needed to enhance their cybersecurity strategies. The report said that though APTs in the region saw a 4.27 per cent increase compared to a 58 per cent surge globally, 27.5 per cent of these threats from state-backed espionage groups were actively targeted at GCC countries. Commenting on the release of the report, Ashraf Koheil, Regional Sales Director MEA at Group-IB, said: 'Our report captures the dynamic and complex nature of cyber threats faced by the Middle East today. It shows that cybercrime is not a collection of isolated incidents, but an evolving ecosystem where one attack fuels the next. From sophisticated state-sponsored attacks to rapidly evolving hacktivism and phishing campaigns, the insights presented in this report are essential for organizations seeking to strengthen their cybersecurity defences.' While GCC countries were the most targeted due to their strategic economic and political importance, other significant targets included Egypt (13.2%) and Turkey (9.9%), reflecting their geopolitical roles, while countries like Jordan (7.7%), Iraq (6.6%), as well as Nigeria, South Africa, Morocco, and Ethiopia also face growing cyber threats. In 2024, the Middle East and Africa (MEA) ranked third globally in hacktivist attacks, accounting for 16.54% of incidents, trailing behind Europe (35.98%) and Asia-Pacific (39.19%). According to the report, the primary industries affected included government and military sectors (22.1%), financial services (10.9%), education (8%), and media and entertainment (5.2%) sectors were also targeted, with attacks aimed at disrupting critical infrastructure and essential services. This uptick is driven by ongoing geopolitical tensions, where cyberattacks are used for ideological expression or political retaliation. The report also shed light on other pressing cybersecurity challenges including the persistent threat of phishing and data breaches across the GCC and the wider MEA region. As the region continues its rapid digital transformation, it has become a prime target for increasingly sophisticated scams targeting the energy, oil and gas industry (24.9%), financial services (20.2%) highlighting the economic motives behind cybercrime. Phishing attacks also remain a major threat, with internet services (32.8%), telecommunications (20.7%), and financial services (18.8%) being the top targeted sectors in the META region. 'We must embrace a collective defence strategy that unites financial institutions, telecommunications providers, and law enforcement agencies. By sharing intelligence, coordinating proactive security measures, and executing joint actions, we can disrupt fraudulent activities before they cause harm. This collaborative approach not only enhances our ability to detect and prevent fraud but also strengthens the resilience of our critical infrastructure, protects our national security,' added Ashraf Koheil. The report highlighted that ransomware attacks remained relatively low in the MEA region, with only 184 incidents (the lowest globally). It also highlights ongoing concerns regarding Initial Access Brokers (IABs) and the broader vulnerabilities they exploit. In 2024, IAB activity was significant in the region, with GCC countries (23.2%) and Turkey (20.5%) emerging as the most targeted jurisdictions. Meanwhile, the figures for compromised hosts—which represent credentials and sensitive data from compromised devices, often sold on the dark web—were highest in Egypt (88,951), followed by Turkey (79,789) and Algeria (49,173) exposing significant cybersecurity gaps. Dark web economy: Stolen credentials and sensitive corporate data sold on the dark web served as critical entry points for ransomware operators, state-sponsored attackers, and other cybercriminals. The report disclosed that over 6.5 billion leaked data entries included email addresses, with nearly 2.5 billion being unique. Additionally, 3.3 billion leaked entries contained phone numbers, with approximately 631 million unique numbers. A staggering 460 million passwords were exposed globally in 2024, with 162 million of them being unique. This surge in exposed data continues to fuel cybercriminal activities within the dark web economy, amplifying the risk to organizations and individuals alike. Dmitry Volkov, CEO of Group-IB emphasizes the company's role in global cybercrime prevention: 'Group-IB played an intensified role in its global fight against cybercrime and contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures. These efforts disrupted large-scale cybercriminal networks, highlighting the critical role of collaboration between private cybersecurity firms and international law enforcement.' The report said threat actors employed advanced tactics, techniques, and procedures (TTPs), including social engineering, ransomware, and credential theft. New techniques such as the Extended Attributes Attack, Facial-Recognition Trojan ( and ClickFix infection chain showcase the evolving sophistication of cyber threats in the region.
