Islamabad: At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, AI and IoT developments.
First quarter of 2025 showed that Turkiye and Kenya had the highest number of users affected by web incidents (online threats). They were followed by Qatar, Nigeria and South Africa. Saudi Arabia had the lowest while Pakistan had the second lowest share of users attacked by web born threats in the META region during Q1 2025.
Kaspersky experts constantly track highly sophisticated attacks. Specifically, they are monitoring 25 APT groups currently active in the META region, including such well-known ones as SideWinder, Origami Elephant, MuddyWater. The rise of creative exploits for mobile and further development of techniques aimed at evading detection are among the trends Kaspersky is seeing in these targeted attacks.
Ramsomware remains one of the most destructive cyberthreats. According to Kaspersky data, the share of users affected by ransomware attacks increased by 0.02 p.p to 0.44% from 2023 to 2024 globally. In the Middle East the growth is 0.07 p.p. to 0.72%, in Africa: 0.01 p.p. growth to 0.41%, in Turkiye 0,06 p.p. growth to 0.46%. Attackers often don’t distribute this type of malware on a mass scale, but prioritize high-value targets.
In the Middle East ransomware affected a higher share of users due to rapid digital transformation, expanding attack surfaces and varying levels of cybersecurity maturity. Ransomware is less prevalent in Africa due to lower levels of digitization and economic constraints, which reduce the number of high-value targets. AI tools are increasingly being used in ransomware development, as demonstrated by FunkSec, a ransomware group that emerged in late 2024 and quickly gained notoriety by surpassing established groups like Cl0p and RansomHub with multiple victims claimed in December alone. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec employs double extortion tactics — combining data encryption with exfiltration — targeting sectors such as government, technology, finance, and education in Europe and Asia..
In 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities. The proliferation of LLMs tailored for cybercrime will also further amplify ransomware’s reach and impact.
LLMs marketed on the dark web lower the technical barrier to creating malicious code, phishing campaigns and social engineering attacks, allowing even less skilled actors to craft highly convincing lures or automate ransomware deployment.
“Ransomware is one of the most pressing cybersecurity threats facing organizations today, with attackers targeting businesses of all sizes and across every region, including META. Ransomware groups continue to evolve by adopting techniques, such as developing cross-platform ransomware, embedding self-propagation capabilities and even using zero-day vulnerabilities that were previously affordable only for APT actors. There is also shift toward exploiting overlooked entry points — including IoT devices, smart appliances, and misconfigured or outdated workplace hardware. These weak spots often go unmonitored, making them prime targets for cybercriminals,” said Sergey Lozhkin, Head of META and APAC regions in Global Research and Analysis Team at Kaspersky. “To stay secure, organizations need a layered defense: up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education”.
Kaspersky encourages organizations to follow best practices to safeguard from ransomware. Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. Use the latest Threat Intelligence information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors. Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
To protect the company against a wide range of threats, use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry.
