Kaspersky has joined the bandwagon of cybersecurity firms and advisories that list the Middle East, Turkey and Africa (META) region as the hotbed of ransomware attacks.
In 2021, ransomware was involved across roughly one-third (30%) of the security events that Kaspersky examined and managed in the META region, reported the company. The regional government, IT, and industrial sectors were targeted the most.
“The dangers posed by high-level cyberattacks are not expected to be resolved soon. In 30% of the security incidents, attackers made usage of legitimate tools used by organizations. This goes on to prove that security controls need to have strong visibility and need to be managed efficiently,” said Ayman Shaaban, Digital Forensics and Incident Response Manager at Kaspersky.
Ransomware’s hot META-verse
According to Kaspersky’s telemetry, where there has been an increase of 2.5% in targeted ransomware attacks in the gulf area, ransomware operators have honed their weapons and concentrated on fewer operations targeting large-scale enterprises.
Vulnerability exploitation was a frequent initial assault strategy used to acquire access to conduct complicated attacks noted in this region. Industrial control systems (ICS) in the area were targeted in various ways between January and September of this year. Malicious programmes were prevented from being used on 38% of ICS PCs that were Kaspersky solutions protected, which is somewhat more than the overall figure of 31.8%.
The bulk of META-region cyberattacks that Kaspersky’s incident response team looked into were already in progress and went unreported for weeks or even months in many cases. Several of its peers have already rung the warning bell about META becoming a hotbed for ransomware attacks.
Cyber threats, ransomware, and strained CISOs
According to Mimecast, around 75% of organisations in the UAE said they had been the target of a ransomware attack in 2021. The global average that year was 64%.
This increases the strain on already-overwhelmed cybersecurity teams. Roughly, a third of the UAE cybersecurity teams have witnessed a rise in absenteeism brought on by fatigue after an attack, and 23% have noticed changes in the C-suite because after a ransomware assault, says Mimecast data.
“Organizations should employ a tool stack that can provide Endpoint Detection and Response capabilities, constantly check the reaction time of security operations with offensive exercises and assess and validate the usage of legitimate tools often used by cybercriminals to gain access to organizations,” Shaaban of Kaspersky added.