• Home
• Technology

Kaspersky’s Global Research & Analysis Team has released its latest insights into the cyber threat landscape for the Middle East, Türkiye, and Africa (META), highlighting emerging trends and evolving threats during the first quarter of 2025.

According to Kaspersky’s data, Türkiye and Kenya saw the highest share of users affected by web-based threats—26.1% and 20.1% respectively—followed by Qatar at 17.8%. In contrast, Jordan, Egypt, the UAE, and Saudi Arabia recorded the lowest incidence of users targeted by such attacks across the region.

Ransomware: Still the Most Destructive Threat

Ransomware continues to dominate as one of the most damaging forms of cyberattack. Kaspersky’s analysis revealed a global increase in ransomware activity, with the percentage of affected users rising from 0.42% in 2023 to 0.44% in 2024. In the META region, however, the figures show steeper growth: up 0.07 percentage points in the Middle East to 0.72%, 0.01 points in Africa to 0.41%, and 0.06 points in Türkiye to 0.46%.

The Middle East's accelerated digital transformation and expanding digital footprint have created new vulnerabilities, making the region a more attractive target. Meanwhile, in Africa, lower levels of digitization and economic constraints have somewhat insulated countries, although rising digital economies in South Africa and Nigeria are attracting more targeted attacks—especially in manufacturing, finance, and government sectors.

AI-Powered Ransomware and Expanding Attack Vectors

A key trend driving ransomware evolution is the integration of artificial intelligence tools in malware development. Kaspersky cited the emergence of FunkSec, a ransomware-as-a-service (RaaS) group that appeared in late 2024 and quickly gained traction by deploying AI-generated code and adopting aggressive tactics like double extortion. Unlike conventional groups, FunkSec uses a high-volume, low-demand ransom model, targeting sectors like government, education, and technology.

Moreover, groups such as Akira are now leveraging unconventional methods to evade detection, such as using webcams to bypass endpoint defenses. Analysts warn that attackers are increasingly exploiting overlooked vulnerabilities—including IoT devices, smart appliances, and misconfigured workplace hardware—enabled by the growing interconnectedness of digital systems.

The proliferation of large language models (LLMs) on the dark web is also lowering the barrier for cybercriminals, allowing even low-skilled threat actors to craft sophisticated phishing campaigns and automate ransomware deployment. With technologies like Robotic Process Automation (RPA) and low-code development gaining popularity, these tools are likely to be repurposed for malicious use, further fueling ransomware’s evolution.

Expert Perspective

“Ransomware remains one of the most pressing cybersecurity threats facing businesses across the META region,” said Sergey Lozhkin, Head of META and APAC regions at Kaspersky’s Global Research and Analysis Team. “Cybercriminals are shifting toward stealthy techniques and unconventional entry points, such as outdated hardware and IoT devices. To stay secure, organizations must adopt a layered defense strategy—maintaining up-to-date systems, segmenting networks, deploying real-time monitoring, ensuring robust backups, and investing in ongoing employee training.”

Targeted Attacks and APT Activity

Beyond ransomware, Kaspersky is tracking 25 advanced persistent threat (APT) groups active across the META region. Among them are notorious actors such as SideWinder, Origami Elephant, and MuddyWater. The company notes a rise in complex exploits targeting mobile devices and a continuing trend of advanced evasion techniques—factors that are shaping the future of targeted cyberattacks.

As the cybersecurity landscape continues to evolve, Kaspersky’s experts stress the need for vigilance and proactive defense, especially in regions undergoing rapid digital change.