Straight out of CSW ’23: what’s cooking in the world of cyberthreats in META?

APT discoveries, AI implications, Darknet wonders, and cyber immunity insights: CSW ’23 shaping the cybersecurity landscape of 2023.

Insights from Kaspersky's 8th Cyber Security Weekend 2023

Kaspersky’s 8th Cyber Security Weekend 2023, held in Almaty, Kazakhstan, provided a comprehensive analysis of the latest developments shaping the cybersecurity landscape in META.

META PR team and META Kaspersky team at an event in Kazakhstan

From groundbreaking APT discoveries and the far-reaching implications of artificial intelligence and deepfakes on cybersecurity to the intriguing world of the Darknet and the ongoing quest for cyber immunity, the event offered invaluable insights into the state of cybersecurity in 2023.

Navigating the Digital Minefield: The Alarming Surge in Malicious Files

Amin highlighted that phishing threats and banking Trojans are on the rise in META.The escalating volume of malicious files, with Kaspersky experts detecting over 400,000 per day, unveils a disturbing trend that continues to grow annually. Amin Hasbini, the Head of the Global Research and Analysis Team (GReAT) for META, emphasized the gradual surge in phishing and Banking Trojan attacks within the region. Looking ahead to the upcoming year, 2023, it becomes evident that the Middle East, North Africa, and South Africa are poised to become hotspots for crimeware activities. Disturbingly, threat actors have ingeniously expanded their reach, infiltrating a myriad of everyday devices through innovative and creative tactics. This alarming development underscores the urgent need for heightened cybersecurity measures and a comprehensive understanding of the evolving threat landscape.

META’s IT Supply Chain Under Siege: The Emerging Threat of OilRig APT

During the conference, Kaspersky researchers unveiled a series of attacks attributed to a new malware allegedly developed by the infamous OilRig APT group, which has been active in the Middle East, Turkey, and Africa for over a decade. Previously known for targeting high-profile government entities in cyber espionage campaigns, the group has now shifted its focus to stealthier methods, specifically targeting victims through their IT supply chain. This poses a significant threat to the integrity and security of META’s IT infrastructure.

Illuminating Darknet Insights: The Changing Face of Crimeware

Dmitry Galov, Senior Security Researcher at Kaspersky, delved deeper into the impact of crimeware on various types of cyber incidents, with a specific focus on ransomware attacks. Although there has been a decrease in ransomware incidents in the META region, caution is advised as these attacks have evolved from scattered gangs to sophisticated businesses developing cross-platform ransomware and exploiting zero-day vulnerabilities—previously the domain of advanced persistent threats (APTs). Galov emphasized that the average price for gaining access to corporate infrastructure in META stands at $2,100, indicating the lucrative nature of cybercrime.

Kaspersky’s Cyber Immunity Approach: Fortifying Defenses

The persistent threat of spyware continues to loom large over users of various devices, including thin clients. Kaspersky highlighted over 60 vulnerabilities present in thin clients that cybercriminals can exploit. In response, the Kaspersky Secure Remote Workspace solution took center stage, offering a secure-by-design thin client infrastructure that enhances resilience against cyberattacks compared to traditional thin clients. This approach prioritizes robust security measures to safeguard against evolving threats.

Securing Nuclear Plants: Safeguarding Critical Infrastructure

Cybersecurity plays a critical role in nuclear and radiological safety, plant availability, and reliable electricity supply. Kaspersky has developed a comprehensive set of documentation for implementing secure-by-design IT infrastructure at nuclear power stations. This approach covers aspects such as contractor selection, equipment, hardware, and software, and considers new types of computer threats, as well as existing attack tactics and techniques.

Corporate data compromised on the Darknet

Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky, revealed alarming details about the monitoring of Darknet incidents. Shockingly, the results indicated that 42% of companies in META lack a designated point of contact for cyber incidents, with no established internal procedures or instructions in place. The government sector reported the highest number of incidents in the META region, followed by the telecom and banking sectors. Urgent measures are required to address this concerning vulnerability.

Spike in demand to create deep fakes on the dark web

Kaspersky’s Lead Data Scientist, Vladislav Tushkanov, unveiled a surge in demand for deepfake creation tools and services available on darknet marketplaces. These services employ generative AI technology to create deceptive videos with malicious intentions such as fraud, blackmail, and the theft of confidential data. Prices for creating or purchasing deepfakes vary based on complexity and quality, ranging from $300 to $20,000 per minute of the final product. Vigilance is crucial to combat the potential dangers posed by this growing trend.

Beware of crypto-stealing browser extensions

As the reliance on cryptocurrencies for online transactions continues to rise, cybercriminals have adapted their tactics accordingly. They now target unsuspecting crypto users through malicious browser extensions. These extensions interfere with browser functionality and mimic legitimate software, making detection difficult for antivirus software. The alarming reality is that the number of such malicious browser extensions has doubled recently, posing a significant risk to individuals and their crypto assets. Stay cautious and ensure the security of your online transactions.