At its annual Cyber Security Weekend for the Middle East, Turkiye, and Africa (META) region, the Kaspersky Global Research and Analysis Team shed light on key cybersecurity trends and challenges facing the region in 2025. The event focused on the rise of ransomware, the growing complexity of advanced persistent threats (APTs), and the increasing use of artificial intelligence (AI) in cyberattacks, among other critical developments.
Web Threat Landscape in META: Pakistan Among Least Affected
During the first quarter of 2025, Kaspersky data revealed that Turkiye and Kenya recorded the highest number of users affected by web-based incidents, followed closely by Qatar, Nigeria, and South Africa. In contrast, Saudi Arabia reported the lowest web threat activity, while Pakistan ranked second lowest in the region in terms of users affected by web-borne threats — a positive sign that reflects either stronger cyber hygiene or under-reporting challenges.
The Evolving Threat of Ransomware
Ransomware continues to dominate the cybersecurity threat landscape. Globally, the percentage of users affected by ransomware rose slightly by 0.02 percentage points to 0.44% from 2023 to 2024. Regionally, the increase was more pronounced:
- Middle East: up by 0.07 p.p. to 0.72%
- Turkiye: up by 0.06 p.p. to 0.46%
- Africa: up by 0.01 p.p. to 0.41%
These numbers reflect how cybercriminals are shifting focus toward high-value targets, especially in digitally advancing economies. In Africa, where digitization and economic opportunities are still developing, the relatively lower ransomware rate is attributed to a smaller pool of lucrative targets.
Ransomware-as-a-Service: FunkSec Takes the Lead
One of the major revelations was the emergence of FunkSec, a new and highly aggressive ransomware group that rose to prominence in late 2024. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec quickly outpaced long-established groups such as Cl0p and RansomHub. The group gained notoriety for its double extortion tactics, combining data encryption with data exfiltration to maximize pressure on victims. Their primary targets span government, technology, finance, and education sectors across Europe and Asia.
FunkSec’s success is a stark example of how AI is transforming ransomware operations. These groups now utilize generative AI tools to craft phishing emails, automate attacks, and lower the skill threshold needed to launch complex cyber campaigns. On dark web forums, large language models (LLMs) tailored for cybercrime are increasingly being marketed to less experienced actors, enabling more people to engage in malicious activity without traditional programming knowledge.
Advanced Persistent Threats & Mobile Exploits on the Rise
Kaspersky is currently tracking 25 active APT groups in the META region. These include notable threat actors such as SideWinder, Origami Elephant, and MuddyWater, known for their stealth and innovation. Many of these groups are focusing on mobile platforms, using creative exploits and evasion techniques that bypass traditional detection systems.
APT attacks are becoming more refined, leveraging zero-day vulnerabilities and targeting sensitive government, financial, and infrastructure sectors. Their stealthy nature makes them difficult to detect, and their goals often extend beyond financial gain to include espionage and sabotage.
IoT and Smart Devices: The New Cyber Frontlines
Cybercriminals are now exploiting unmonitored and vulnerable entry points, including Internet of Things (IoT) devices, smart appliances, and misconfigured hardware in workplaces. These devices often lack proper security measures and are not regularly updated, making them prime targets. Kaspersky notes that attackers are increasingly deploying cross-platform ransomware and embedding self-propagation features in their malware, mimicking the capabilities of APT actors.
Expert Insights & Recommendations
Sergey Lozhkin, Head of Kaspersky’s META and APAC Research Team, stressed the urgent need for a layered cybersecurity strategy. “Ransomware is now one of the most pressing threats for businesses worldwide, regardless of their size or region. Organizations need to adopt a multi-pronged approach to stay protected,” he said.
Kaspersky recommends the following best practices to guard against ransomware and other cyber threats:
- Regularly update software across all devices to patch known vulnerabilities.
- Educate employees continuously on phishing tactics and cyber hygiene.
- Segment networks and use endpoint protection to minimize lateral movement during attacks.
- Implement real-time monitoring, threat detection, and incident response systems.
- Leverage tools like Kaspersky’s Anti-Ransomware Tool for Business, which provides free protection for endpoints against ransomware and other malware.
- Use Kaspersky Next solutions, which combine Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) capabilities, offering robust visibility and security across networks.
The cybersecurity landscape in the META region is evolving rapidly. With ransomware groups becoming more sophisticated and AI further empowering cybercriminals, proactive defense and investment in modern cybersecurity tools have never been more essential.
