Latest news with #KasperskyGlobalResearchandAnalysisTeam
Express Tribune
24-05-2025
- Business
- Express Tribune
Pakistan among least affected by web threats
Listen to article At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, the Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, artificial intelligence and IoT developments. The first quarter of 2025 showed that Turkiye and Kenya had the highest number of users affected by web incidents (online threats). They were followed by Qatar, Nigeria and South Africa. Saudi Arabia had the lowest while Pakistan had the second lowest share of users attacked by web-born threats in the META region. Kaspersky experts constantly track highly sophisticated attacks. Specifically, they are monitoring 25 APT groups currently active in the META region, including well-known ones such as SideWinder, Origami Elephant and MuddyWater. The rise of creative exploits for mobile and the further development of techniques aimed at evading detection are among the trends Kaspersky is seeing in these targeted attacks. Ramsomware remains one of the most destructive cyberthreats. According to Kaspersky data, the share of users affected by ransomware attacks increased 0.02 percentage point to 0.44% from 2023 to 2024 globally. In the Middle East, the growth is 0.07 percentage point to 0.72%, in Africa, there was a 0.01-percentage-point growth to 0.41% while Turkiye has a zero-percentage-point growth to 0.46%. Attackers often don't distribute this type of malware on a mass scale, but prioritise high-value targets. In 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities. The proliferation of large language models (LLMs) tailored for cybercrime will further amplify the ransomware's reach and impact. "Ransomware is one of the most pressing cybersecurity threats facing organisations today, with attackers targeting businesses of all sizes and across every region, including META. Ransomware groups continue to evolve by adopting techniques, such as developing cross-platform ransomware, embedding self-propagation capabilities and even using zero-day vulnerabilities that were previously affordable only for APT actors," said Sergey Lozhkin, Head of META and APAC regions in the Global Research and Analysis Team at Kaspersky.
Business Recorder
24-05-2025
- Business
- Business Recorder
Pakistan has second lowest share of users attacked by web-borne threats
ISLAMABAD: A global cybersecurity firm disclosed Saturday that Pakistan has the second lowest share of users attacked by web-borne threats during first quarter of 2025. In a new report-2025, Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, AI and IoT developments. First quarter of 2025 showed that Turkiye and Kenya had the highest number of users affected by web incidents (online threats). They were followed by Qatar, Nigeria and South Africa. Saudi Arabia had the lowest while Pakistan had the second lowest share of users attacked by web born threats in the META region during first quarter of 2025. Kaspersky experts constantly track highly sophisticated attacks. Specifically, they are monitoring 25 APT groups currently active in the META region, including such well-known ones as SideWinder, Origami Elephant, MuddyWater. The rise of creative exploits for mobile and further development of techniques aimed at evading detection among the trends Kaspersky is seeing in these targeted attacks. Ramsomware remains one of the most destructive cyberthreats. According to Kaspersky data, the share of users affected by ransomware attacks increased by 0.02 p.p to 0.44% from 2023 to 2024 globally. In the Middle East the growth is 0.07 p.p. to 0.72%, in Africa: 0.01 p.p. growth to 0.41%, in Turkiye 0.06 p.p. growth to 0.46%. Attackers often don't distribute this type of malware on a mass scale, but prioritize high-value targets. 'Ransomware is one of the most pressing cybersecurity threats facing organizations today, with attackers targeting businesses of all sizes and across every region, including META, said Sergey Lozhkin, Head of META and APAC regions in Global Research and Analysis Team at Kaspersky. 'To stay secure, organizations need a layered defense: up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education.' Copyright Business Recorder, 2025
Observer
13-03-2025
- Observer
Cybercriminals blackmailing YouTube creators to spread malware
Cybercriminals are targeting popular YouTube creators with fake copyright claims, forcing them to distribute cryptocurrency mining malware disguised as internet restriction bypass tools to thousands of viewers. Kaspersky Global Research and Analysis Team (GReAT) researchers have uncovered a sophisticated malicious campaign where threat actors blackmail YouTube content creators into distributing malicious software. The attackers file two fraudulent copyright complaints against creators, then threaten a third strike – which would delete their YouTube channels. To avoid this, creators unknowingly promote malicious links, believing them legitimate to save their channels. Kaspersky's telemetry confirmed over 2,000 end users infected with the malware after downloading the tool, though the actual number of affected users is likely much higher. One compromised YouTube channel with 60,000 subscribers published several videos containing malicious links that garnered more than 400,000 views. The infected archive hosted on a fraudulent website recorded over 40,000 downloads. The malware, dubbed as SilentCryptoMiner, exploits the growing demand for internet restriction bypass tools. Kaspersky's telemetry shows a significant increase in the use of legitimate Windows Packet Divert drivers—a technology commonly used in bypass utilities—with detections rising from approximately 280,000 in August to nearly 500,000 in January, totaling more than 2.4 million detections over six months. The attackers specifically targeted users seeking these bypass tools by modifying a legitimate Deep Packet Inspection (DPI) circumvention utility originally published on GitHub. Their malicious version maintains the original functionality to avoid suspicion but secretly installs SilentCryptoMiner, which harvests computing resources to mine cryptocurrency without users' knowledge or consent, significantly degrading device performance and increasing electricity costs. "This campaign demonstrates a concerning evolution in malware distribution tactics," said Leonid Bezvershenko, security researcher at Kaspersky's GReAT. "While initially targeting Russian-speaking users, this approach could easily spread to other regions as internet fragmentation increases globally. The scheme effectively leverages trusted content creators as unwitting accomplices, which works in any market where users seek tools to circumvent online restrictions." When security solutions detect and remove the malicious components, the modified installer encourages users to disable their antivirus protection with messages like "File not found, turn off all antiviruses and re-download the file, it will help!" — further compromising system security. Kaspersky GReAT identified several indicators of compromise, including connections to domains like swapme[.]fun and canvas[.]pet, along with specific file hashes. The attackers demonstrate persistence, rapidly creating new distribution channels when previous ones are blocked. To avoid falling victim to such threats, never disable your security solution when prompted by installation files, as this is a common tactic to facilitate malware deployment. Pay attention to unusual device behavior, such as overheating, battery drain, or performance degradation, which may indicate miner activity. Use a reliable security solution such as Kaspersky Premium that can detect crypto-mining malware even when it attempts to hide its activity. Don't forget to update your operating system and all software regularly. Many safety issues can be solved by installing updated versions of software. Verify the reputation of developers before installing new applications by checking independent reviews and researching their background.
