main image
2024

Whispers from
the Dark Web Cave

Cyberthreats in the Middle East

The Kaspersky Digital Footprint Intelligence team ventured into the depths of the dark web to uncover the cybersecurity threats targeting businesses and governments in the Middle East during the first half of 2024. Our research reveals the most severe, widespread threats, highlights the risks and consequences, and offers a clear protection strategy.

The following countries were included in the research

  • Bahrain

    Bahrain

  • Egypt

    Egypt

  • Iraq

    Iraq

  • Jordan

    Jordan

  • Kuwait

    Kuwait

  • Lebanon

    Lebanon

  • Oman

    Oman

  • Palestine

    Palestine

  • Qatar

    Qatar

  • >Saudi Arabia

    Saudi Arabia

  • Syria

    Syria

  • United Arab Emirates

    United Arab Emirates

The report provides detailed insights and statistics on the five most prevalent cybersecurity threats facing the Middle East.

Ideologically motivated pirates are ramping up their activities in the region due to the current geopolitical climate, and making attacks increasingly destructive.

Distribution of hacktivism-related messages from 2022 to H1 2024. Top-5 affected countries
graph

Shadow jewelry fair, where initial access brokers sell entry points to corporate networks, continue to attract cybercriminals and their groups.

In the first half of 2024, we observed 38 unique ads selling access to organizations across various industries, including government, healthcare, IT, manufacturing, and finance.

Example of a post trading corporate access
chat telegram

Deadly sandworms (at least 19 gangs) carried out multiple ransomware attacks during the period analyzed. Their activity usually leads to the most devastating consequences.

Ransomware attacks targeting ME countries from 2022 to H1 2024
graph

Malicious whistleblowers (info-stealing malware) has become ubiquitous, providing adversaries with valuable, up-to-date data (including valid corporate system credentials) for future attacks.

In the first half of 2024 alone, nearly 9.7 million records with stolen user account appeared in logs from various info stealers that were published in the dark web . Of these, 4.4 million were linked to major government bodies. Over the past four years, the total has reached about 27 million records – just under three times as many.

Top-3 countries by records from info stealer logs published in the dark web in H1 2024
graph

Cave raiders stole sensitive data from various corporations, state entities and other targets and distributed it among other cybercriminals.

In the first half of 2024, over 160 databases containing information on citizens, companies, or organizations were traded or distributed. 22% of these leaks involved citizen data; most came from corporate breaches. Public institutions in the region were hit hardest, accounting for a quarter of all breaches.

Example of publication sharing data breaches
tg

Being aware of all the risks from the dark web helps organizations and governments stay ahead of cybercriminals, preventing attacks and fraud before they damage networks or operational integrity.

Armed with this wisdom, the Kaspersky team has shared their knowledge in Whispers from the Dark Web Cave – Cyberthreats in the Middle East.

  • This report will be beneficial for:
  • C-level managers
  • Corporate security specialists
  • Risk management professionals
  • Cyber Threat Intelligence (CTI) and SOC analysts
  • Incident response specialists
  • OSINT and darknet researchers

Cyberthreats in the Middle East in 2024

Download the full version of the report