3 days ago
AI-driven ransomware tops 2025 cyber threats in META, says Kaspersky
Image: Getty Images
Cyber security firm
The report shows that Türkiye and Kenya recorded the highest share of users impacted by web-based threats (26.1 per cent and 20.1 per cent respectively), while the UAE, Saudi Arabia, Egypt, and Jordan reported the lowest levels of web-borne attacks in the region.
Key threat: Ransomware
Ransomware remains one of the most dangerous threats facing businesses in 2025, particularly in digitally advanced markets in the Middle East. The region has seen an increase in ransomware victims due to 'rapid digital transformation, expanding attack surfaces and varying levels of cybersecurity maturity.'
Kaspersky highlights the rise of FunkSec, a new ransomware group that 'quickly gained notoriety by surpassing established groups like Cl0p and RansomHub.' FunkSec operates using a ransomware-as-a-service (RaaS) model and adopts 'double extortion tactics combining data encryption with exfiltration,' while relying heavily on 'AI-generated code, complete with flawless comments, likely produced by large language models (LLMs) to enhance development and evade detection.'
Unlike most ransomware groups, FunkSec uses a high-volume, low-ransom strategy, making its attacks more accessible and scalable.
Emerging trends
Kaspersky warns that ransomware actors are becoming more creative and stealthy. 'Ransomware is expected to evolve by exploiting unconventional vulnerabilities,' the report notes, citing the Akira gang, which used a webcam to bypass endpoint detection systems and infiltrate networks.
Attackers are now targeting 'overlooked entry points like IoT devices, smart appliances or misconfigured hardware in the workplace,' taking advantage of the broader attack surface created by increasingly interconnected environments.
The rise of generative AI and development tools such as RPA and LowCode is also enabling less-skilled threat actors. 'LLMs marketed on the dark web lower the technical barrier to creating malicious code, phishing campaigns and social engineering attacks,' Kaspersky noted. These tools also allow attackers to 'automate ransomware deployment,' making threats both scalable and harder to trace.
Kaspersky is monitoring 25 active advanced persistent threat (APT) groups in the META region, including SideWinder, Origami Elephant, and MuddyWater. These groups are showing 'a growing use of creative exploits targeting mobile devices, along with ongoing advancements in techniques designed to evade detection.'
Recommendations for organisations
In a statement,
Sergey Lozhkin
, head of META and APAC regions in Kaspersky's global research and analysis team, warned: 'Ransomware is one of the most pressing cybersecurity threats facing organizations today, with attackers targeting businesses of all sizes and across every region, including META.'
He added that criminals are 'exploiting overlooked entry points — including IoT devices, smart appliances, and misconfigured or outdated workplace hardware,' and that these 'often go unmonitored, making them prime targets for cybercriminals.'
To counter these risks, Kaspersky advises companies to:
Always keep software updated on all the devices you use.
Focus your defense strategy on detecting lateral movements and data exfiltration.
Set up offline backups that intruders cannot tamper with.
Provide your SOC team with access to the latest threat intelligence and regularly upskill them.
Use Kaspersky Next, a security platform that offers 'real-time protection, threat
Read:
