Whispers from the Dark Web Cave. Cyberthreats in the Middle East

The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequences as well as defensive strategies.

The report covers threats that targeted entities in the following countries and territories:

• Bahrain;
• Egypt;
• Iraq;
• Jordan;
• Kuwait;
• Lebanon;
• Oman;
• Palestine;
• Qatar;
• Saudi Arabia;
• Syria;
• United Arab Emirates.

The five prevalent cybersecurity threats in the Middle East covered in the report are related to:

• The activities of ideological pirates, or hacktivists. The region has seen exponential growth in these due to the current geopolitical situation, and they are getting ever more destructive.
• The shadow jewelry fair, or the initial access broker market. Initial access brokers deal in attack entry points for corporate networks, which attract hackers and cybercrime gangs.
• Deadly sandworms, or ransomware gangs. At least 19 gangs were active in the Middle East in H1 2024, conducting multiple ransomware attacks that typically led to devastating consequences.
• The ubiquity of malicious whistleblowers, or information stealers. They provide adversaries with up-to-date data for future attacks, especially valid credentials for corporate systems. Almost 10 million lines of stolen credentials belonging to Middle Eastern entities were published on the dark web in H1 2024 alone. The figure includes 4.4 million lines of access information stolen from key government agencies.
• Cave raiders who steal sensitive data from corporations and other targets and distribute it among cybercriminals. A quarter of all data breaches affect various government organizations.

Staying aware of all possible risks coming from the dark web helps organizations and governments to be one step ahead of cybercriminals and thus, to prevent attacks or fraud that could compromise their network infrastructure or operational integrity.

Out report will be beneficial for:

• C-level managers;
• Corporate security employees;
• Risk management professionals;
• Cyberthreat Intelligence (CTI) and SOC analysts;
• Incident response professionals;
• OSINT and darknet researchers.

The full version of the report is available on Kaspersky Digital Footprint Intelligence website.