Latest news with #GReAT
Tahawul Tech
27-05-2025
- Business
- Tahawul Tech
Kaspersky shares cybersecurity trends for the META region
Kaspersky's Global Research & Analysis Team shared insights on the cyber threat landscape in the Middle East, Türkiye, and Africa (META) region for the first quarter of 2025. The data revealed that Türkiye and Kenya recorded the highest number of users impacted by web-based threats (26.1% and 20.1% respectively), followed by Qatar at 17.8%. Meanwhile, Jordan, Egypt, UAE and Saudi Arabia reported the lowest share of users targeted by web-borne attacks across the META region. Ransomware remains one of the most destructive cyberthreats this year. According to Kaspersky data, the share of users affected by ransomware attacks increased by 0.02 p.p to 0.44% from 2023 to 2024 globally. In the Middle East the growth is 0.07 p.p. to 0.72%, in Africa: 0.01 p.p. growth to 0.41%, in Türkiye 0,06 p.p. growth to 0.46%. Attackers often don't distribute this type of malware on a mass scale, but prioritize high-value targets, which reduces the overall number of incidents. While the ransomware is not increasing largely, that doesn't mean that it becomes less dangerous. In the Middle East ransomware affected a higher share of users due to rapid digital transformation, expanding attack surfaces and varying levels of cybersecurity maturity. Ransomware is less prevalent in Africa due to lower levels of digitisation and economic constraints, which reduce the number of high-value targets. However, as countries like South Africa and Nigeria expand their digital economies, ransomware attacks are on the rise, particularly in the manufacturing, financial and government sectors. Limited cybersecurity awareness and resources leave many organisations vulnerable, though the smaller attack surface means the region remains behind global hotspots. Ransomware trends AI tools are increasingly being used in ransomware development , as demonstrated by FunkSec, a ransomware group that emerged in late 2024 and quickly gained notoriety by surpassing established groups like Cl0p and RansomHub with multiple victims claimed in December alone. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec employs double extortion tactics — combining data encryption with exfiltration — targeting sectors such as government, technology, finance, and education in Europe and Asia. The group's heavy reliance on AI-assisted tools sets it apart, with its ransomware featuring AI-generated code, complete with flawless comments, likely produced by Large Language Models (LLMs) to enhance development and evade detection. Unlike typical ransomware groups demanding millions, FunkSec adopts a high-volume, low-cost approach with unusually low ransom demands, further highlighting its innovative use of AI to streamline operations. , as demonstrated by FunkSec, a ransomware group that emerged in late 2024 and quickly gained notoriety by surpassing established groups like Cl0p and RansomHub with multiple victims claimed in December alone. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec employs double extortion tactics — combining data encryption with exfiltration — targeting sectors such as government, technology, finance, and education in Europe and Asia. The group's heavy reliance on AI-assisted tools sets it apart, with its ransomware featuring AI-generated code, complete with flawless comments, likely produced by Large Language Models (LLMs) to enhance development and evade detection. Unlike typical ransomware groups demanding millions, FunkSec adopts a high-volume, low-cost approach with unusually low ransom demands, further highlighting its innovative use of AI to streamline operations. In 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities , as demonstrated by the Akira gang's use of a webcam to bypass endpoint detection and response systems and infiltrate internal networks. Attackers are likely to increasingly target overlooked entry points like IoT devices, smart appliances or misconfigured hardware in the workplace, capitalising on the expanding attack surface created by interconnected systems. As organisations strengthen traditional defences, cybercriminals will refine their tactics, focusing on stealthy reconnaissance and lateral movement within networks to deploy ransomware with greater precision, making it harder for defenders to detect and respond in time. , as demonstrated by the Akira gang's use of a webcam to bypass endpoint detection and response systems and infiltrate internal networks. Attackers are likely to increasingly target overlooked entry points like IoT devices, smart appliances or misconfigured hardware in the workplace, capitalising on the expanding attack surface created by interconnected systems. As organisations strengthen traditional defences, cybercriminals will refine their tactics, focusing on stealthy reconnaissance and lateral movement within networks to deploy ransomware with greater precision, making it harder for defenders to detect and respond in time. The proliferation of LLMs tailored for cybercrime will further amplify ransomware's reach and impact. LLMs marketed on the dark web lower the technical barrier to creating malicious code, phishing campaigns and social engineering attacks, allowing even less skilled actors to craft highly convincing lures or automate ransomware deployment. As more innovative concepts such as RPA (Robotic Process Automation ) and LowCode, which provide an intuitive, visual, AI-assisted drag-and-drop interface for rapid software development, are quickly adopted by software developers, we can expect ransomware developers to use these tools to automate their attacks as well as new code development, making the threat of ransomware even more prevalent. 'Ransomware is one of the most pressing cybersecurity threats facing organisations today, with attackers targeting businesses of all sizes and across every region, including META. Ransomware groups continue to evolve by adopting techniques, such as developing cross-platform ransomware, embedding self-propagation capabilities and even using zero-day vulnerabilities that were previously affordable only for APT actors. There is also shift toward exploiting overlooked entry points — including IoT devices, smart appliances, and misconfigured or outdated workplace hardware. These weak spots often go unmonitored, making them prime targets for cybercriminals', said Sergey Lozhkin, Head of META and APAC regions in Global Research and Analysis Team at Kaspersky. 'To stay secure, organisations need a layered defence: up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education'. Kaspersky experts continuously monitor highly sophisticated cyberattacks, including the activity of 25 advanced persistent threat (APT) groups currently operating in the META region. Among these are well-known actors such as SideWinder, Origami Elephant, and MuddyWater. Kaspersky has observed a growing use of creative exploits targeting mobile devices, along with ongoing advancements in techniques designed to evade detection – key trends shaping today's targeted attack landscape. Kaspersky encourages organisations to follow these best practices to safeguard their digital assets: Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network. Focus your defence strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to outgoing traffic to detect cybercriminals' connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. Use the latest Threat Intelligence information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors. To protect the company against a wide range of threats, use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organisations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing. Image Credit: Kaspersky
Time of India
27-04-2025
- Business
- Time of India
Cybersecurity firm Kaspersky bets big on India as key growth market
Cybersecurity firm Kaspersky is betting on India as a strategic growth market, recognising the country's rapid digitalisation and increasing cybersecurity needs, and aims to expand local teams and strengthen collaborations across various sectors. General Manager for India region at Kaspersky Jaydeep Singh shared that the company has tripled its workforce in the country in the past two years, with new hires in sales, pre-sales, and support roles. He also highlighted the presence of global research teams based in India that monitor more than 900 advanced persistent threat (APT) groups daily. "In the last two years, we have tripled our employee base in have part of the global research teams based out of India who do the threat hunting," Singh told PTI on the sidelines of GITEX Asia 2025. GReAT (Kaspersky Global Research and Analysis Team) plays a crucial role in Kaspersky's global threat intelligence operations. Kaspersky is investing in digital footprint intelligence (DFI) analysts to bolster services, including brand monitoring and takedown operations. Kaspersky views India as a key innovation hub and plans to continue expanding its resources and research capabilities within the country. "We are expanding quite a bit both in respect to our key resources, and researchers in the Indian geography," Singh noted. The company emphasises its commitment to building local talent and is actively collaborating with government agencies and private sector entities to enhance cybersecurity awareness and infrastructure. Kaspersky is engaging with state governments and nodal agencies like CERT-In to develop cyber defence programmes and training initiatives. Singh also praised the Indian regulatory environment, highlighting the pragmatic nature of acts like the Digital Personal Data Protection Act (DPDP) and robust guidelines from agencies such as the RBI and SEBI. He anticipates further developments in AI regulation and expressed Kaspersky's willingness to collaborate and provide input to policymakers. With a growing base of internet users, the need for robust cyber technologies is rapidly increasing, especially to protect internet-facing assets, mobile handsets, and operational technology (OT) systems. Kaspersky detects over 450,000 unique malware samples daily, leveraging AI and machine learning in its research and mitigation strategies. Singh emphasised the need to create a " cyber immune world " where systems are highly resistant to breaches, particularly in both IT and OT environments. "What we are seeing in the last decade or so is that the intensity of attacks on the IT systems and the OT systems has increased tremendously. So, we expect that cyber immunity as a concept will become stronger and will become more relevant over the next decade time also. "So, Kaspersky is investing big time in India, in the last 2 years we have increased our commitment nearly three times. What we looking at is India to be a innovation hub for us. A hub for a lot of collaboration with agencies, and we see great potential over the next decades' time to be part of the India's growth story and a part of this cyber resilience story for the Indian market," Singh said. The Russian firm recorded a double-digit growth in India in 2024.
&w=3840&q=100)
Business Standard
27-04-2025
- Business
- Business Standard
Kaspersky bets big on India, focuses on strengthening resources, R&D
Cybersecurity firm Kaspersky is betting on India as a strategic growth market, recognising the country's rapid digitalisation and increasing cybersecurity needs, and aims to expand local teams and strengthen collaborations across various sectors. General Manager for India region at Kaspersky Jaydeep Singh shared that the company has tripled its workforce in the country in the past two years, with new hires in sales, pre-sales, and support roles. He also highlighted the presence of global research teams based in India that monitor more than 900 advanced persistent threat (APT) groups daily. "In the last two years, we have tripled our employee base in have part of the global research teams based out of India who do the threat hunting," Singh told PTI on the sidelines of GITEX Asia 2025. GReAT (Kaspersky Global Research and Analysis Team) plays a crucial role in Kaspersky's global threat intelligence operations. Kaspersky is investing in digital footprint intelligence (DFI) analysts to bolster services, including brand monitoring and takedown operations. Kaspersky views India as a key innovation hub and plans to continue expanding its resources and research capabilities within the country. "We are expanding quite a bit both in respect to our key resources, and researchers in the Indian geography," Singh noted. The company emphasises its commitment to building local talent and is actively collaborating with government agencies and private sector entities to enhance cybersecurity awareness and infrastructure. Kaspersky is engaging with state governments and nodal agencies like CERT-In to develop cyber defence programmes and training initiatives. Singh also praised the Indian regulatory environment, highlighting the pragmatic nature of acts like the Digital Personal Data Protection Act (DPDP) and robust guidelines from agencies such as the RBI and SEBI. He anticipates further developments in AI regulation and expressed Kaspersky's willingness to collaborate and provide input to policymakers. With a growing base of internet users, the need for robust cyber technologies is rapidly increasing, especially to protect internet-facing assets, mobile handsets, and operational technology (OT) systems. Kaspersky detects over 450,000 unique malware samples daily, leveraging AI and machine learning in its research and mitigation strategies. Singh emphasised the need to create a "cyber immune world" where systems are highly resistant to breaches, particularly in both IT and OT environments. "What we are seeing in the last decade or so is that the intensity of attacks on the IT systems and the OT systems has increased tremendously. So, we expect that cyber immunity as a concept will become stronger and will become more relevant over the next decade time also. "So, Kaspersky is investing big time in India, in the last 2 years we have increased our commitment nearly three times. What we looking at is India to be a innovation hub for us. A hub for a lot of collaboration with agencies, and we see great potential over the next decades' time to be part of the India's growth story and a part of this cyber resilience story for the Indian market," Singh said. The Russian firm recorded a double-digit growth in India in 2024.
Zawya
27-03-2025
- Zawya
Kaspersky discovers sophisticated Chrome zero-day exploit used in active attacks
Kaspersky has identified and helped patch a sophisticated zero-day vulnerability in Google Chrome (CVE-2025-2783) that allowed attackers to bypass the browser's sandbox protection system. The exploit, discovered by Kaspersky's Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical complexity. Kaspersky researchers have been acknowledged by Google for discovering and reporting this vulnerability. In mid-March 2025, Kaspersky detected a wave of infections triggered when users clicked personalized phishing links delivered via email. After clicking, no additional action was needed to compromise their systems. Once Kaspersky's analysis confirmed that the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome, Kaspersky swiftly alerted Google's security team. A security patch for the vulnerability was released on March 25, 2025. Kaspersky researchers dubbed the campaign 'Operation ForumTroll', as attackers sent personalized phishing emails inviting recipients to the 'Primakov Readings' forum. These lures targeted media outlets, educational institutions, and government organizations in Russia. The malicious links were extremely short-lived to evade detection, and in most cases ultimately redirected to the legitimate website for 'Primakov Readings' once the exploit was taken down. The zero-day vulnerability in Chrome was only part of a chain that included at least two exploits: a still-unobtained remote code execution (RCE) exploit that apparently launched the attack, while the sandbox escape discovered by Kaspersky constituted the second stage. Analysis of the malware's functionality suggests the operation was designed primarily for espionage. All evidence points to an Advanced Persistent Threat (APT) group. 'This vulnerability stands out among the dozens of zero-days we've discovered over the years,' said Boris Larin, principal security researcher at Kaspersky GReAT. 'The exploit bypassed Chrome's sandbox protection without performing any obviously malicious operations – it's as if the security boundary simply didn't exist. The technical sophistication displayed here indicates development by highly skilled actors with substantial resources. We strongly advise all users to update their Google Chrome and any Chromium-based browser to the latest version to protect against this vulnerability.' Google has credited Kaspersky for uncovering and reporting the issue, reflecting the company's ongoing commitment to collaboration with the global cybersecurity community and ensuring user safety. Kaspersky continues to investigate Operation ForumTroll. Further details, including a technical analysis of the exploits and malicious payload, will be released in a forthcoming report once Google Chrome user security is assured. Meanwhile, all Kaspersky products detect and protect against this exploit chain and associated malware, ensuring users are shielded from the threat. This discovery follows Kaspersky GReAT's previous identification of another Chrome zero-day (CVE-2024-4947), which was exploited last year by the Lazarus APT group in a cryptocurrency theft campaign. In that case, Kaspersky researchers found a type confusion bug in Google's V8 JavaScript engine that enabled attackers to bypass security features through a fake cryptogame website. To safeguard against sophisticated attacks like these, Kaspersky security experts recommend implementing these key protective measures: Ensure timely software updates: Regularly patch your operating system and browsers—especially Google Chrome—so attackers cannot exploit newly discovered vulnerabilities. Adopt a multi-layered security approach: Along with endpoint protection, consider solutions like Kaspersky Next XDR Expert that leverage AI/ML to correlate data from multiple sources and automate detection and response against advanced threats and APT campaigns. Leverage threat intelligence services: Up-to-date, contextual information—such as Kaspersky Threat Intelligence—helps you stay informed about emerging zero-day exploits and the latest attacker techniques. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company's comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at
Observer
13-03-2025
- Observer
Cybercriminals blackmailing YouTube creators to spread malware
Cybercriminals are targeting popular YouTube creators with fake copyright claims, forcing them to distribute cryptocurrency mining malware disguised as internet restriction bypass tools to thousands of viewers. Kaspersky Global Research and Analysis Team (GReAT) researchers have uncovered a sophisticated malicious campaign where threat actors blackmail YouTube content creators into distributing malicious software. The attackers file two fraudulent copyright complaints against creators, then threaten a third strike – which would delete their YouTube channels. To avoid this, creators unknowingly promote malicious links, believing them legitimate to save their channels. Kaspersky's telemetry confirmed over 2,000 end users infected with the malware after downloading the tool, though the actual number of affected users is likely much higher. One compromised YouTube channel with 60,000 subscribers published several videos containing malicious links that garnered more than 400,000 views. The infected archive hosted on a fraudulent website recorded over 40,000 downloads. The malware, dubbed as SilentCryptoMiner, exploits the growing demand for internet restriction bypass tools. Kaspersky's telemetry shows a significant increase in the use of legitimate Windows Packet Divert drivers—a technology commonly used in bypass utilities—with detections rising from approximately 280,000 in August to nearly 500,000 in January, totaling more than 2.4 million detections over six months. The attackers specifically targeted users seeking these bypass tools by modifying a legitimate Deep Packet Inspection (DPI) circumvention utility originally published on GitHub. Their malicious version maintains the original functionality to avoid suspicion but secretly installs SilentCryptoMiner, which harvests computing resources to mine cryptocurrency without users' knowledge or consent, significantly degrading device performance and increasing electricity costs. "This campaign demonstrates a concerning evolution in malware distribution tactics," said Leonid Bezvershenko, security researcher at Kaspersky's GReAT. "While initially targeting Russian-speaking users, this approach could easily spread to other regions as internet fragmentation increases globally. The scheme effectively leverages trusted content creators as unwitting accomplices, which works in any market where users seek tools to circumvent online restrictions." When security solutions detect and remove the malicious components, the modified installer encourages users to disable their antivirus protection with messages like "File not found, turn off all antiviruses and re-download the file, it will help!" — further compromising system security. Kaspersky GReAT identified several indicators of compromise, including connections to domains like swapme[.]fun and canvas[.]pet, along with specific file hashes. The attackers demonstrate persistence, rapidly creating new distribution channels when previous ones are blocked. To avoid falling victim to such threats, never disable your security solution when prompted by installation files, as this is a common tactic to facilitate malware deployment. Pay attention to unusual device behavior, such as overheating, battery drain, or performance degradation, which may indicate miner activity. Use a reliable security solution such as Kaspersky Premium that can detect crypto-mining malware even when it attempts to hide its activity. Don't forget to update your operating system and all software regularly. Many safety issues can be solved by installing updated versions of software. Verify the reputation of developers before installing new applications by checking independent reviews and researching their background.
