Ransomware Attacks Strike South Africa, Decline in UAE

Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. South Africa saw a significant surge in attacks, with 78% of companies hit by ransomware in 2023, compared to 51% in 2022, according to the State of Ransomware 2023 report published by Sophos earlier this year. The United Arab Emirates, for example, saw 70% fewer ransomware attacks in 2022, compared to the previous year, following greater international cooperation, according to statements by UAE government officials. Cyber operations, including ransomware, will likely expand, as the ongoing conflict between Israel and Palestinians raises tensions in the region, much in the same way that Russia's invasion of Ukraine spurred greater attacks, says Jens Monrad, head of threat intelligence for the Europe, ME&A region at Google Mandiant. "Cyber is now playing a role in any sort of geopolitical conflict, because it's a domain that ... comes with less cost and brings uncertainty, in terms of attribution," he says, adding that activity will likely continue to escalate. "We haven't really figured out how to draw a clear red line in the cyber domain. The line keeps being pushed, rather than somebody saying, now you've crossed the line." Ransomware data continues to be scarce in the region. In its Digital Defense Report 2023, Microsoft noted that the top four ransomware families - Magniber, Lockbit, Hive, and Blackcat - accounted for two-thirds of all ransomware encounters and, of the four groups, only a single one, Blackcat, had extensive targets in a ME&A nation - in this case, Israel, which ranked fifth in that malware's targeted regions. Two-thirds of attacks target Israel, the UAE, Saudi Arabia, or Jordan. The trend in the more general category of cyberattacks is clearer: two-thirds of cyberattacks in ME&A targeted either Israel, United Arab Emirates, Saudi Arabia, or Jordan, according to Microsoft's data collected prior to the current Israeli-Palestinian conflict. More than half of the attacks targeting the region focused on the education, government, information technology, and communications sectors - typical espionage targets. Regional Conflicts Spur Cyberattacks Surges in cyberattacks typically follow geopolitical conflict. The ME&A is experiencing that trend as well: Attacks conducted by Iran-linked actors, for example, focused on Israel between July 2022 and June 2023, a shift from the previous 12 months in which Iranian actors focused on the United States. The shift followed a highly sophisticated campaign of cyberattacks in 2021 and 2022 by an Israel-linked group, dubbed Predatory Sparrow, which had targeted Iran's critical infrastructure, including steel factories, state broadcasters, gas stations, and trains, Microsoft stated in its report. "Iran's cyber-enabled influence operations have pushed narratives that seek to bolster Palestinian resistance, sow panic among Israeli citizens, foment Shi'ite unrest in Gulf Arab countries, and counter the normalization of Arab-Israeli ties," Microsoft stated in the report. "While specific narratives varied, the underlying goal was often the same. Tehran likely sought to retaliate against what it perceived were efforts by foreign actors to foment unrest in Iran.". Some of Iran's claimed attacks have been exaggerated, according to Microsoft. While Iran-linked groups are some of the most active, the Palestinian-linked Molerats group recently used an improved downloader as part of its initial access operations. Russian interests in ME&A may have a dampening effect on ransomware activity, since many ransomware groups operate out of Russia, says Mandiant's Monrad. "I think it's a fair argument to say that these groups are also carefully vetting their victims to ensure that they don't endanger or put themselves at risk," he says. "If they engage in extortion schemes in countries where there are stronger diplomatic and trade relations ... you could potentially expect a political response to asking Russia to do something." Manage Devices, Basic Hygiene Overall, companies in the region need to improve their cybersecurity maturity, says Brian Honan, CEO of BH Consulting, an independent cybersecurity and data-protection consulting firm based in Dublin that has clients in the Middle East. "Where the Middle Eastern area struggles is their cybersecurity may not be as mature or have as much investment as in other regions," he says. "Many of the bigger organizations will have good cybersecurity in place, but in general, [they are] more vulnerable than their western counterparts." Overall, 65% of CISOs in the Kingdom of Saudi Arabia and 47% in the UAE had a material loss of sensitive information in the past 12 months, according to the 2023 Voice of the CISO report published by security firm Proofpoint earlier this year. Companies in the ME&A region are aiming to improve, however. Attacks on connected devices and cloud-related threats are the top cyberthreats for companies in the Middle East, according to a regional survey conducted for PricewaterhouseCoopers' Digital Trust Insights 2024 report. The worries are leading more than three-quarters of firms to increase their cyber budgets in 2024, according to the consultancy. "Increasing digitization means companies are exposed to new digital vulnerabilities, making an effective approach to cybersecurity and digital trust more important than ever," PwC stated in the report, adding: "Middle East respondents revealed that loss of revenue - in terms of lost contracts, lost business opportunities - was the top concern for the outcomes of potential cyber attack in the next 12 months." Companies still have to strive to do the cybersecurity basics. More than 80% of all compromised started with an unmanaged devices, Microsoft stated in its Digital Defense Report 2023.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 20:25:01 +0000


Cyber News related to Ransomware Attacks Strike South Africa, Decline in UAE

Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
10 months ago Darkreading.com
UAE Cybersecurity Official Warns of VPN Abuse - The top cyber official in the United Arab Emirates worries that virtual private networks are being misused in the country. UAE residents increased their downloads of VPN apps by 1.83 million in 2023, reaching a total of 6.1 million, according to the ...
8 months ago Darkreading.com
UAE Banks on AI to Boost Cybersecurity - For the United Arab Emirates, an aggressive push for a more digitized economy attracted plenty of interest and subsequent investment - but also made it a prime candidate for relentless cyberattacks. With nearly 50,000 cyberattacks reportedly thwarted ...
9 months ago Darkreading.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
8 months ago Blog.checkpoint.com
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
8 months ago Techrepublic.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
8 months ago Securityboulevard.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
8 months ago Malwarebytes.com
Cybercriminals target UAE residents, visitors in new info-stealing campaign - A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign, according to new research. The cybercriminals - called the ...
9 months ago Therecord.media
International Operation Takes Down 593 Malicious Cobalt Strike Servers - Law enforcement agencies from around the world have successfully shut down 593 rogue servers running unauthorized versions of Cobalt Strike, a tool often misused by cybercriminals. Cobalt Strike, developed in 2012 by Raphael Mudge and now owned by ...
3 months ago Cybersecuritynews.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
7 months ago Securityboulevard.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
7 months ago Bleepingcomputer.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
9 months ago Feeds.fortinet.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
9 months ago Helpnetsecurity.com
Attacks Against South African ICS and IoT Systems Steadily Decrease - Twenty-two percent of industrial control systems in South Africa were targeted with cyberattacks in the third quarter of 2023. Kaspersky's ICS CERT said last week it detected and blocked the attacks. On the upside, the numbers show a slight decrease ...
10 months ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
Best Ransomware Protection Practices for Midsize Organizations - Ransomware Protection has emerged as a crucial step in cybersecurity since ransomware attacks have become a major threat to businesses of all sizes, including midsize organizations. Ransomware attacks can be delivered via email attachments or links, ...
9 months ago Securityboulevard.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
8 months ago Feeds.fortinet.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
10 months ago Bleepingcomputer.com
Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
9 months ago Cybersecuritynews.com
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware - COMMENTARY. The US government is ramping up efforts to stem the increasingly disruptive scourge of ransomware attacks. The State Department recently offered up to $15 million for information on LockBit, and $10 million for information on the ...
6 months ago Darkreading.com
African Organizations Aim to Fix Cybersecurity in 2024 - Faced with numerous cybersecurity threats and challenges, but lacking adequate cyber training, African nations hope to develop the depth of skills needed to defend against attackers in 2024. In December, for example, the University of Lagos, the ...
9 months ago Darkreading.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
4 months ago Bleepingcomputer.com
Central Bank of Lesotho facing outages after cyberattack - The central bank of southern African country Lesotho is facing severe outages due to a cyberattack that was discovered earlier this week. The bank released multiple statements confirming that a recent incident affected several systems. The landlocked ...
9 months ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)