Could you give us a brief overview of Group-IB’s presence at GISEC and your solutions?
This is our fourth year we are participating in GISEC, and our involvement has grown significantly—both in terms of visibility and the solutions we offer. Group-IB is one of the few full-platform players in cybersecurity, specialising in active threat intelligence, digital risk protection, fraud prevention, and monitoring. Fraud, in particular, is a rapidly evolving threat—growing in complexity and impact.

Speaking of evolving threats, what key changes are you seeing in the cyber threat landscape, especially in this region?
We’ve observed several concerning trends. First, APT (Advanced Persistent Threat) attacks have become far more sophisticated, driven by global geopolitics. Data exfiltration and theft are rampant. Second, fraud attempts are now borderless, with threat actors sharing intelligence across borders. And third, AI is a double-edged sword—while we use it for threat detection, attackers are leveraging AI for phishing, social engineering, and automating malicious campaigns.

Your Cyber Crime Center has been a major focus. Can you elaborate on its role?
Absolutely. We take a localised, intelligence-driven approach, meaning we develop threat insights at both country and industry levels. This allows us to brief governments, law enforcement, banks, and critical infrastructure providers on targeted risks.

Additionally, our Cyber Crime Center integrates multiple data streams—threat intelligence, fraud analytics, phishing scams, and money laundering patterns—into a unified system. This gives clients a real-time, 360-degree view of their threat landscape, helping them build stronger cybersecurity strategies.

What’s your key message for companies and attendees at GISEC?
There are three main takeaways. Attendees should stay updated on emerging trends, as new vendors and tools are constantly entering the market. They should prioritise tailored intelligence over generic open-source data. And they should maximise ROI on existing security investments before adopting new solutions.

How does Group-IB support its channel partners?
We’re a partner-first organisation, and we’ve launched several initiatives, including a certification program that enables partners to build expertise around our technology. We also conduct partner engagement surveys to gather feedback and improve collaboration, and we emphasise deep interoperability with other security solutions.

Beyond that, we address three key areas: CISO-level security, CFO-focused fraud prevention, and brand protection—each with dedicated solutions tailored to different organisational needs.

How is generative AI being utilized to enhance cybersecurity measures today?
One of the most significant applications is in Security Operation Centers (SOCs), where generative AI is used by businesses to assist automation of low level tasks, generating incident response recommendations and runbook compilations based on real-time information from monitoring systems.

Another key use case is the integration of generative AI into SOAR (System orchestration, automation, and responses) systems, where AI helps to make a decision and take preventive actions against potential cyberattacks.

Beyond defense, we see generative AI advancing in offensive cybersecurity simulations. In red teaming exercises as an example, AI is used to generate realistic attack scenarios based on historical APT (Advanced Persistent Threat) group tactics allowing organizations to test their defenses against sophisticated cyber threats. Additionally, we see generative AI playing a promising role in fraud prevention and machine learning model training. AI is leveraged to compile synthetic datasets, which are used to train and refine antifraud models without exposing real user data.

Overall, generative AI is not just optimizing cybersecurity workflows but actively transforming the way organizations detect, prevent, and respond to cyber threats.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
Generative AI is reshaping cybersecurity and fraud threat landscapes today, with criminals increasingly leveraging artificial intelligence for deepfake, voice cloning or Large Languages Models (LLM’s) technologies.

In the recent months, Group-IB analyzed cases where fraudsters utilize deepfake technology to bypass digital banking biometric security controls, and there has also been cases where the media reported about cases where cybercriminals used Open AI to conduct romance and investment scams. In cyberattacks, threat actors employ AI-based obfuscation to evade detection, making malicious payloads harder to trace which poses a significant threat today.

Beyond generative AI, the rise of AI agents introduces new risks. A recent Group-IB investigation found that AI agents can potentially be used for existing cyber fraud applications such as mass card testing attacks, reducing the time and effort needed for cybercriminals to operate globally.

Perhaps the biggest threat from the latest advancements in AI is not just the expanding use cases for malicious automation but the lowering of an entry barrier for cybercriminals from democratization of AI. Now, anyone who has access to the internet can generate malicious code, deploy phishing pages, generate deepfake videos and launch mass scale fraud campaigns. Deep technical expertise and knowledge of professional tools is no longer a strong requirement to conduct malicious activity thus opening the gates of cybercrime for everyone.

How can organizations leverage generative AI for proactive threat detection and response?
The cybersecurity community has accumulated extensive knowledge on Tactics, Techniques, and procedures (TTPs) of threat actors and past cyberattacks. Generative AI is now being actively utilized to create new detection mechanisms based on such accumulated knowledge.

One of the most common examples is the application of various reasoning models to generate Sigma, YARA or other detection rules based on the threat intelligence reports. This allows cybersecurity professionals to quickly deploy detection logic in the field, enhancing the purpose of proactive threat detection and response.

Similarly, in the case of cyber fraud prevention, AI models generate new detection logic and proactively test existing controls by generating attack scenarios based on the reports of certain fraud groups, schemes and other available cyber fraud intelligence data. These models can also serve as a source of synthetic training data used for more conventional machine learning models training.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
In cybersecurity, AI is increasingly used to automate decisions and prevent fraud, which enhances security, but introduces risks. AI can block bank accounts or revoke critical access during potential cyberattacks, potentially disrupting businesses and individuals. Over-reliance on AI without human oversight can lead to mistakes, unexpected behavior and unnecessary harm. Balancing automation with human control is crucial to avoiding these risks.

Another concern is data sovereignty. AI systems rely on large amounts of data, often stored or processed across international borders. This raises legal and ethical questions about compliance with local privacy laws. Organizations must ensure AI systems adhere to regulations and data protection standards to prevent security vulnerabilities and unethical misuse

To address these challenges, AI in cybersecurity must remain a tool that supports—not replaces—human decision-making. Clear regulations, strict oversight, and ethical guidelines are essential to ensuring AI strengthens security without introducing unintended harm or loss of control.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows
Cybersecurity teams all around the world face a lot of challenges when integrating generative AI tools into their workflows. One of the major issues is false positives, where AI incorrectly flags legitimate activities as threats. This can overwhelm security teams with unnecessary alerts or in extreme cases can even disrupt legitimate business.

For sensitive applications, deploying AI tools on-premises within sensitive zones and environments adds a lot of complexity. These installations require significant infrastructure investments and strict security measures. Additionally, many cybersecurity teams lack deep AI expertise, making it difficult to support it, fine-tune, and administer these tools without constantly relying on external specialists.

Another problem arises from applying general AI tools in niche fields like cybersecurity or cyber fraud which lead to unpredictable behavior. Since many AI models are not specifically designed for these applications, they may misinterpret threats or generate unreliable outputs. Continuous monitoring, tuning, and correction are necessary to ensure the AI functions effectively in these specialized areas.

Another major key challenge is data drift and AI manipulation. Without strict validation, attackers can feed misleading information to distort AI’s learning process, resulting in false threats while missing real ones. As a consequence, the AI may either allow fraudulent transactions (false negatives) or block legitimate ones (false positives), ultimately reducing its reliability.

To mitigate these risks, cybersecurity teams must implement strict validation measures, maintain human oversight and invest in AI expertise to ensure reliable performance.

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
Human oversight is essential for ensuring generative AI effectively manages cybersecurity and fraud threats. Experts should continuously validate AI-driven decisions and preventive actions to avoid errors like overfitting, biases, and false positives. Since AI lacks contextual judgment, human monitoring is required.

Moreover, human oversight is also absolutely necessary to ensure accountability for automated actions taken by AI. Serious security decisions, such as blocking accounts, revoking accesses and halting financial transactions must be validated to prevent unnecessary disruptions.

How can smaller organizations with limited budgets incorporate generative AI for cybersecurity?
Smaller organizations with limited budgets must be reasonable when adopting generative AI for cybersecurity. Jumping on AI trends without a strong cybersecurity foundation can cause more harm than good. Instead of rushing into AI integration, organizations should first build a solid cybersecurity culture, ensuring that basic security practices, tools, policies, and processes are implemented.

Applying AI for cybersecurity use cases is an extremely complex and difficult task that requires significant investment in AI expertise and infrastructure. What smaller organizations can consider is relying on trusted Managed Security Service Providers (MSSPs) that have both the expertise and necessary resources for AI application in cybersecurity.

What are the most notable trends in cyber attacks targeting these systems?
AI-driven cybersecurity and fraud prevention systems are not usually a primary target for threat actors, however when they protect external customers—which is the case in fraud prevention tools—they become more exposed. One of the attack methods previously observed was flooding the system with fake or malformed data to cause denial of service or manipulate AI models into overfitting on false patterns which can be harmful as described previously.

The report offers a detailed analysis of the interconnected nature of cybercrime and the shifting threat landscape in the Middle East and Africa. It provides actionable insights for businesses, cybersecurity professionals, and law enforcement to strengthen their defense strategies. While APTs in the Middle East saw a 4.27% rise compared to a global surge of 58%, a significant 27.5% of these state-backed espionage threats specifically targeted GCC nations, underlining the region’s vulnerability.

Commenting on the release of the report, Ashraf Koheil, Regional Sales Director MEA at Group-IB, said: “Our report captures the dynamic and complex nature of cyber threats faced by the Middle East today. It shows that cybercrime is not a collection of isolated incidents, but an evolving ecosystem where one attack fuels the next. From sophisticated state-sponsored attacks to rapidly evolving hacktivism and phishing campaigns, the insights presented in this report are essential for organizations seeking to strengthen their cybersecurity defenses.”

GCC nations remained prime targets for cyberattacks in 2024 due to their strategic economic and political significance. Other notable targets included Egypt (13.2%) and Turkey (9.9%), reflecting their geopolitical roles, while countries such as Jordan (7.7%), Iraq (6.6%), Nigeria, South Africa, Morocco, and Ethiopia also faced rising threats.

The Middle East and Africa (MEA) ranked third globally for hacktivist attacks, accounting for 16.54% of incidents, trailing Europe (35.98%) and Asia-Pacific (39.19%). Key industries affected included government and military sectors (22.1%), financial services (10.9%), education (8%), and media and entertainment (5.2%), with attacks often targeting critical infrastructure and essential services. These assaults were largely fueled by geopolitical tensions, serving as tools for ideological expression or political retaliation.

The report also highlighted persistent cybersecurity challenges in the MEA region, such as phishing and data breaches. With rapid digital transformation, the region has become a prime target for sophisticated scams, particularly in the energy, oil and gas (24.9%) and financial services (20.2%) sectors, driven by economic motives. Phishing attacks continue to be a major threat, heavily affecting internet services (32.8%), telecommunications (20.7%), and financial services (18.8%) in the META region.

“We must embrace a collective defense strategy that unites financial institutions, telecommunications providers, and law enforcement agencies. By sharing intelligence, coordinating proactive security measures, and executing joint actions, we can disrupt fraudulent activities before they cause harm. This collaborative approach not only enhances our ability to detect and prevent fraud but also strengthens the resilience of our critical infrastructure, protects our national security,” added Ashraf Koheil.

The report revealed that ransomware attacks in the MEA region remained relatively low, with only 184 incidents, marking the lowest globally. However, significant concerns persist regarding Initial Access Brokers (IABs) and the vulnerabilities they exploit. In 2024, IAB activity was notable, with GCC nations (23.2%) and Turkey (20.5%) as the most targeted areas. Egypt reported the highest number of compromised hosts (88,951), followed by Turkey (79,789) and Algeria (49,173), highlighting substantial cybersecurity gaps.

Stolen credentials and sensitive corporate information sold on the dark web have become critical entry points for cybercriminals, including ransomware operators and state-sponsored attackers. The report disclosed over 6.5 billion leaked data entries, with nearly 2.5 billion unique email addresses and 3.3 billion leaked entries containing phone numbers (631 million unique). Additionally, 460 million passwords were exposed globally in 2024, 162 million of which were unique. This surge in leaked data fuels the dark web economy and heightens risks for organizations and individuals worldwide.

Dmitry Volkov, CEO of Group-IB, said, “Group-IB played an intensified role in its global fight against cybercrime and contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures. These efforts disrupted large-scale cybercriminal networks, highlighting the critical role of collaboration between private cybersecurity firms and international law enforcement.”

The report highlighted that threat actors utilized advanced tactics, techniques, and procedures (TTPs) like social engineering, ransomware, and credential theft. Emerging methods, including the Extended Attributes Attack, the Facial-Recognition Trojan (GoldPickaxe.iOS), and the ClickFix infection chain, illustrate the growing complexity and sophistication of cyber threats in the region.

Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The cybersecurity landscape for critical infrastructure in the MEA region is rapidly evolving due to increasing digital transformation among businesses and processes. Many governmental entities now offer online services marking a significant milestone in the region’s digitalization efforts. However, this progress also significantly expands the attack surface for the critical national infrastructure. Amid the geopolitical tensions in the region, cyber threats cast a shadow over the digital landscape, posing a serious risk to critical national infrastructure.

How important is employee training and awareness in preventing cyber-attacks on critical infrastructure?
Employees are the first line of defense and cybersecurity training is critical to protect critical infrastructure. Even if an organization has the strongest technologies to protect its infrastructure, a single click on a suspicious link by an employee could potentially result in data leaks or ransomware attacks, which will negatively impact business continuity and reputation. This is especially true if we are talking about organizations that are managing national critical infrastructure. In most cases, threat actors use social engineering tactics to lure employees to click on a phishing link or download a malicious attachment.

The victim’s action in this case then becomes the “entry point” for the threat actors to access the infrastructure, steal the data, damage it, or ask for a ransom. That’s why organizations must invest in training their employees, enhancing awareness about cyber threats, and providing courses on how to avoid them.

What role does proactive threat intelligence play in securing critical infrastructure systems?
I always compare cybersecurity to protecting a home security system – to protect your house from being burgled, you must know who might target you—the potential thieves who target homes like yours—and how they gain access to your home. Once you understand their tactics, you can implement measures to neutralize the risks. The same concept applies to businesses—in an ever-evolving digital landscape, threat intelligence provides the necessary information for security teams to build effective defence strategies and procedures. When it comes to national critical infrastructure, it is crucial to understand every detail about threat actors, monitor their communications on the dark web, and stay updated on the latest tactics they use to target different sectors.

Are there any technologies being deployed to safeguard critical infrastructure in the region?
In the MEA region, various cybersecurity technologies have been deployed to protect critical infrastructure. AI, machine learning and zero-trust architecture are playing a critical role to safeguard and strengthen policies against cyber-attacks. Organizations in the region are increasingly integrating AI-driven security frameworks to enhance their cyber defence. However, we’ve seen the rise of deepfake fraud using tools such as AI-driven image and video generators, virtual camera applications, and facial-swapping technologies to bypass KYC (Know Your Customer) protocols, putting those organizations at risk of diverse cyber-attacks. To avoid those challenges, organizations must continuously adopt the latest generations of cybersecurity technologies that integrate AI and machine learning to stay ahead of evolving threats and ensure robust protection.

What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
Governments play a crucial role in shaping a country’s cybersecurity strategy. In several countries in the MEA region, significant progress has been made in developing cybersecurity frameworks to protect national infrastructure and businesses. There are several strong examples of how governments actively contribute to enhancing cybersecurity procedures and practices. This includes implementing specific regulations, running awareness campaigns, and providing training for cybersecurity professionals.

For example, Saudi Arabia’s National Cybersecurity Authority (NCA) enforces cybersecurity compliance for both public and private entities, ensuring that organizations follow strict security guidelines. Also, initiatives like Dubai’s Cyber Security Strategy encourage businesses to align with government frameworks, promoting a unified defence against cyber threats. Building a highly skilled cybersecurity workforce is a key factor in successfully implementing an effective national strategy. Many governments in the region have launched initiatives to enhance the qualifications of cybersecurity specialists, including offering scholarships for master’s and PhD programs in cybersecurity.

How can companies ensure business continuity while recovering from a cyber-attack on their critical systems?
To ensure continuity while recovering from cyber-attacks, companies should adopt a structured approach that includes immediate response, recovery, and long-term resilience. Speed is of the essence, organizations must act swiftly when faced with a cybersecurity incident, by isolating affected systems, implementing incident response protocols and securing data backups to recover much more quickly from an incident without significantly impacting business continuity. Companies also need to adopt a proactive approach by ensuring continuous threat intelligence surveillance and staying up-to-date on the latest cyber-fraud trends and cybersecurity regulations.

The Cybercrime Atlas, hosted at the World Economic Forum’s Centre for Cybersecurity, leverages open-source research to generate actionable insights into the cybercriminal ecosystem. Its community comprises organizations pivotal in identifying and dismantling cybercriminal activities. This collaborative initiative seeks to build a global, action-focused repository of cybercrime intelligence, promoting cooperation among investigators, law enforcement, financial institutions, and businesses at both national and international levels. Group-IB’s analysts have already begun contributing to Cybercrime Mapping, and Cybercrime Investigation Working Groups.

“Joining the Cybercrime Atlas initiative is not just an opportunity – it’s a responsibility. In a world where cyber threats transcend borders, collaboration is our most powerful defence. By uniting with the Cybercrime Atlas community and other key stakeholders, we connect expertise and critical intelligence, creating a united front that can disrupt criminal networks and make the digital world a safer place for everyone,” said Dmitry Volkov, CEO, Group-IB.

“The Cybercrime Atlas is a collaborative research initiative by leading companies and experts, facilitated by the World Economic Forum, to map the cybercrime landscape. The insights generated are promoting opportunities for greater cooperation between the private sector and law enforcement to address cybercrime,” said Tal Goldstein, Head of Strategy and Policy, World Economic Forum’s Centre for Cybersecurity.

Can you elaborate on the key findings of Group-IB’s Digital Risks Report for the Middle East and Africa?
The Middle East and Africa (MEA) region is a major player on the world stage, wielding significant influence globally through its economic power, political influence, rich energy resources, and vast technological potential. The Middle East’s economy is valued at $5.2 trillion and the concerted shift to diversify the economy away from commodities and natural resources has introduced an entirely new problem to deal with: digital risks. The region’s rapid digital transformation has made it vulnerable to cyber threats such as phishing, counterfeiting, VIP impersonation, data leaks, and trademark abuse.

Group-IB’s Digital Risk Protection (DRP) team has closely monitored trends across the Middle East and Africa over the past three years (2021-2023). Given the large number of brands that we monitor, we can reliably draw the following conclusions based on the average number of incidents per brand monitored in a given period:

1. Phishing incidents increased by 13 times, making it one of the fastest-growing threats.
2. Scam incidents doubled over the three years, with scam resources outnumbering phishing resources 76 times in 2022.
3. The rate of trademark misuse surged by 16 times, highlighting the rise in brand exploitation by cybercriminals.
4. Social media violations saw a two-fold increase and became the largest category in terms of overall numbers among all violations tracked by Digital Risk Protection.
5. The number of mobile app violations grew by 2.5 times, reflecting the rise in illegal app stores.
6. Violations on messaging platforms also grew by 1.5 times, indicating a steady growth in illicit activity.

The team also observed a dramatic surge in fraudulent web resources targeting the brands it monitors over the past three years. In 2022, the number of phishing resources saw an astounding 950% increase compared to 2021. This alarming trend continued into 2023 when phishing resources grew by an additional 457%. Scam resources followed a similar trend, with a 452% rise between 2021 and 2022. In 2023, scam resources continued to show extremely high figures, though the growth rate slowed to 5% compared to 2022.

Tell us about the security threat landscape in the region.
We see some interesting trends from the data that the DRP platform has gathered, based on hundreds of brands in the MEA region since 2021 and while overall it has shown a consistent rise in violations across various categories, some key trends (listed below), can be categorised into three key themes – “things that have morphed beyond recognition”, “Things that have stood the test of time since 2021” and “Things that have faded into oblivion”.

• Deepfakes: the rise of deepfake technology has led to its use in scams, especially on social media. Cybercriminals create fake videos of celebrities or influencers to lure victims into fraudulent schemes, such as “investment opportunities” or “giveaways”.
• AI’s dual role: Artificial Intelligence (AI) has become a powerful tool for both cybersecurity specialists and cybercriminals. DRP platforms, like the one developed by Group-IB, use AI to detect violations. Conversely, attackers leverage AI to create more convincing and more targeted phishing scams.
• Investment scams using AI: AI is increasingly being marketed in fraudulent schemes as a tool for generating wealth. Scammers promise “AI-powered investment platforms” that guarantee high returns, preying on people’s trust in technology.
• HR scams: Fake job postings have become significantly more common, especially on social media platforms like Facebook. They target job seekers in countries like Egypt, Saudi Arabia, and Algeria. Scammers often abuse brands of well-known companies, including governmental organizations, to steal personal information.
• Smaller businesses as easy targets: Scammers are more and more often focusing on smaller, local brands like driving schools or water delivery companies, which usually lack the cybersecurity defences that larger corporations can afford. Such attacks often involve phishing campaigns as a way of stealing payment information.
• Exploitations of religious holidays and faith: Scammers continue to exploit religious festivals like Ramadan by creating fake promotions or donation pages. For example, scams offering “free high-speed internet” during Ramadan have become a recurring tactic for collecting people’s data.
• Charity scams during political crises: Whether collecting donations for conflict zones or humanitarian crises, scammers exploit public sympathy for personal gain. Such scams often involve the use of cryptocurrency wallets, which provide anonymity and make it harder for law enforcement to trace the fraud.
• Quiz scams: Fraudulent quiz schemes spread quickly on social media and instant messaging platforms. Victims are promised prizes for completing a survey, but in reality, they are redirected to phishing or malware-laden websites.
• Scams related to COVID-19: During the height of the pandemic, there was a surge in scams related to vaccines, including phishing campaigns that abused the names of health organizations and schemes that involved counterfeit vaccine certificates. Nevertheless, such scams have faded along with the pandemic, as vaccine mandates have lessened.

Which sectors are commonly targeted? What attack vectors are being employed? What are threat actors after?
Financial services are seeing rising investment activity carried out by countries part of the Gulf Cooperation Council (GCC) and it will continue attracting more attention from fraudsters. As financial opportunities for businesses, migrants and locals grow, so will fraud attempts as cybercriminals identify lucrative opportunities.

With cryptocurrency becoming more widely accepted across MEA countries, fraudsters will use it more and more often in their operations. The increase will require stronger measures to counter fraud involving cryptocurrency.

Social media platforms will evolve beyond communication tools and become fraud hubs. As these platforms continue to grow, so will their use by cybercriminals to carry out scams to target younger, tech-savvy users in particular.

How have AI, deepfakes and geopolitical tensions altered the cyber threat landscape in the region?
In 2023, the MEA region faced an ongoing wave of cyberattacks of a geopolitical nature launched by diverse and highly skilled groups. Attacks coordinated by groups such as APT42, Oilrig and Hexane (all from MEA) reflect the desire of certain countries in the region to strengthen their influence through espionage. Phishing is the main method used by APTs operating in the region to obtain initial access.

What can businesses do to keep themselves and their customers safe?
A new trend is that scammers increasingly often target smaller, lesser-known businesses that lack the backing of large cybersecurity vendors – the key idea being that profit potential no longer depends on a company’s size. Smaller brands often lack the resources to protect themselves effectively, making them easy prey, hence it is vital for businesses of all sizes to recognize these risks and take proactive measures to protect their operations and customer data from the rising tide of cybercrime.

While new attack vectors continue to emerge, some vectors remain consistently popular – email is one of the top entry points. One essential tool is Group IB’s Business Email Protection, which automatically detects and blocks phishing and scam attempts. With patented retroactive analysis, it neutralizes malicious content even post-delivery while continuously monitoring your organization’s email security.

For threats like domain spoofing, typosquatting, and phishing websites, Group-IB’s Threat Intelligence platform analyzes phishing databases and manages the threat landscape to quickly react and block phishing resources before they cause harm.

What are some of the key technologies developed by Group-IB to prevent and investigate digital crimes?
Digital Risk Protection (DRP) is an encompassing solution that leverages advanced AI, machine learning (ML), and proprietary neural networks to automatically monitor a company’s digital footprint, detect violations, prioritize tasks, and initiate appropriate takedown tactics. The solution offers full-fledged protection against risks that lie beyond the company’s perimeter, including but not limited to phishing, scams, piracy, data leaks, false partnerships, and fake mobile apps by monitoring all possible online resources such as regular websites, social media networks, messengers, advertising networks within social media, search engines, and mobile app stores. After identifying an issue, we immediately take action to mitigate the threat.

DRP uses state-of-the-art technology, including its Graph module, to map violations and connect related incidents. This module helps track and take down entire fraud networks more quickly and effectively. Additionally, the platform offers 24/7 monitoring, scanning millions of online resources, including screenshots, HTML files, redirect chains, and more, to protect your brand and intellectual property. The platform tracks a wide range of digital assets, including domain names, TLS certificates, search engines, the dark web, honeypots, and telemetry from integrated solutions such as Fraud Protection and Managed XDR.

Group-IB’s presence at the Black Hat MEA will help deepen and strengthen its links with the wider Middle East region. The company launched its regional HQ in Dubai in 2023, which is also home to its MEA Threat Intelligence & Research Center. Group-IB said that the Proprietary Network Graph Analysis solution designed from scratch, has been incorporated into all of Group-IB’s solutions and has helped improve the threat detection process. It provides users with a visual heatmap of network infrastructures beyond an organization’s perimeter. The solution makes it easier to understand how threats are connected and where they originate, which in turn allows cybersecurity practitioners to more efficiently detect threats and effectively deal with them.

The executive leaders of Group-IB at the Black Hat MEA speaking on November 27th include:

• Dmitriy Volkov, Chief Executive Officer, on the topic – `Differently: Centralized Collective Defense.’
• Laith Samara, Presales Manager on `XDR in Action: Dissecting Real-World Attack Scenarios.’
• Abdulmohsen Al Muqati, Head of Digital Forensics and Incident Response, Ivan Pisarev, Head of Threat Intelligence, MEA on ` A Unified Approach to Dissect Complex Attacks.’

On November 28th, Craig Jones, Independent Strategic Advisor, Group-IB, will be speaking on the topic: Saudi Arabia & Global Cyber Governance: Shaping Policy for the Digital Age.’

The partnership between Group-IB and the University of Prince Mugrin (UPM) marks the beginning of a comprehensive partnership aimed at enhancing cybersecurity education and expertise. Key areas of collaboration include equipping UPM staff and students with Group-IB’s industry-leading cybersecurity solutions such as Managed Extended Detection and Response (XDR), Business Email Protection, Threat Intelligence, and Attack Surface Management, which will also benefit UPM’s on-campus incubation startups. Additionally, both institutions will work together to design, develop, and deliver educational curricula, workshops, and consultancy services in cybersecurity and digital forensics. The MoU facilitates industry exposure for UPM students through attachments and internship opportunities with Group-IB’s CERT/incident response teams.

“This strategic alliance unites us in strengthening our collective cyber resilience. By leveraging Group-IB’s expertise, tools, and resources, we aim to empower University of Prince Mugrin students and staff with practical cybersecurity skills, fostering a new generation of professionals in Saudi Arabia,” said Mohammad Flaifel, Business Development Manager at Group-IB. “This collaboration addresses the cybersecurity workforce shortage and enriches the university’s curriculum with real-world insights. We are proud to extend a comprehensive cybersecurity training program to address this critical gap, welcoming both aspiring professionals and those in IT seeking a career shift. Together, we are committed to providing students with the knowledge and hands-on training to excel in cybersecurity, driving advancements that benefit both academia and industry.”

“This partnership highlights the importance of developing the next generation of cybersecurity professionals to safeguard the Kingdom and the Middle East,” said His Excellency Dr. Bandar bin Mohammed Hajjar. “Equipping our students with the latest knowledge and Group-IB’s hands-on experience will not only enrich their education but prepare them to excel in the field, contributing meaningfully to the Kingdom’s cyber defenses. This collaboration, aligned with Saudi Vision 2030, signifies a proactive step towards nurturing a skilled workforce to safeguard critical infrastructure and drive cybersecurity innovation.”

According to Group-IB’s findings, 251 unique brands in a total of 79 countries were featured on Classiscam phishing pages from H1 2021 to H1 2023. In addition, the phishing templates created for each brand can be localised to different countries by editing the language and currency featured on the scam pages. As a result, one particular logistics brand was impersonated by “Classiscammers” targeting users in as many as 31 countries.

Since the second half of 2019, when the Group-IB Computer Emergency Response Team (CERT-GIB) in cooperation with the company’s Digital Risk Protection unit first identified Classiscam’s operations, 1,366 separate groups leveraging this scheme have been discovered on Telegram. Group-IB experts examined Telegram channels containing information pertaining to 393 Classiscam groups with more than 38,000 members that operated between H1 2020 and H1 2023. During this period, these groups made combined estimated earnings of $64.5 million.

Group-IB has noted how the threat actors behind Classiscam have worked, since inception, to formalize and expand the scam model’s operations. From 2022 onwards, Classiscammers have introduced new innovations, such as phishing schemes designed to harvest the credentials of victim’s online bank accounts, and some groups have begun to use information stealers. In line with its mission of combating global cybercrime, Group-IB will continue to share its findings about Classiscam, drawn from the company’s proprietary Digital Risk Protection solution, with law enforcement authorities. The primary aim of this research is to raise public awareness about the latest scamming methods and reduce the number of victims of this scam operation.

Classiscam originally appeared in Russia, where the scheme was tried and tested before being launched across the globe. The scam-as-a-service affiliate program surged in popularity in the spring of 2020 with the emergence of COVID-19 and the subsequent uptick in remote working and online shopping. Group-IB experts noticed how the scam scheme was exported first to Europe, before entering other global regions, such as the United States, the Asia-Pacific (APAC) region, and the Middle East and Africa (MEA).

As of H1 2021, Classiscammers had targeted internet users in 30 countries. Group-IB experts can reveal that, as of H1 2023, this figure has risen to 79. In the same time period, the number of targeted brands on the global market has increased from 38 to 251. More than 61% of the Classiscam resources analyzed by Group-IB experts that were created between H1 2021 and H1 2023 targeted users in Europe. Other heavily targeted regions were the Middle East and Africa (18.7% of resources) and the Asia-Pacific region (12.2%).

With the MEA region being the second most targeted by Classiscam, countries in the region encountered challenges with targeted brand activities. The UAE was no exception to this, with its emphasis on technological innovation and many large and prominent brands operating in the country.

“In response to the rising amount of cyberattacks in recent years, the UAE has introduced a multifaceted approach to cybersecurity erected by five pillars. By fortifying global collaboration, encouraging Public Private Partnerships (PPPs), reinforcing cybersecurity measures, nurturing innovation, and promoting a cyber-literate society, the UAE is actively remediating the impact of cyber incidents. As the nation propels forward with digital transformation, the emphasis on responsible digitization remains paramount, ensuring a secure and thriving digital landscape” said H.E. Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government.

The average amount lost by Classiscam victims worldwide was $353, users in APAC and MEA were less likely to fall victim to Classiscam schemes, but when they did, they saw greater losses on average. Classiscam was initially launched as a relatively straightforward scam operation. Cybercriminals created fake ads on classified sites, and leveraged social engineering techniques to trick users into “buying” the falsely-advertised goods or services, whether by transferring money directly to the scammers or by debiting money from the victim’s bank card.

Classiscam operations have become increasingly automated over the past two years. The scheme now utilizes Telegram bots and chats to coordinate operations and create phishing and scam pages in a handful of seconds, and many of the groups offer easy-to-follow instructions, and experts are on hand to help with other users’ questions. Over the past year, Group-IB researchers have seen roles within scam groups become more specialized within an expanded hierarchy.

Classiscam phishing pages can now include a balance check, which the scammers use to assess how much they can charge to a victim’s card, and fake bank login pages that they use to harvest users’ credentials. At the time of writing, Group-IB experts found 35 such scam groups that distributed links to phishing pages that included fake login forms for banking services. In total, Classiscam scammers created resources emulating the login pages of 63 banks in 14 countries. Among the targeted banks were those based in Belgium, Canada, Czech Republic, France, Germany, Poland, Singapore, and Spain.

“Classiscam shows no sign of slowing down and the ranks of the Classiscammers are continuing to swell. Over the past year, we have seen scam groups adopt a new, expanded hierarchy, and roles within organizations are becoming increasingly specialized. Classiscam will likely remain one of the major global scam operations throughout 2023 due to the scheme’s full automation and low technical barrier of entry,” Sharef Hlal, Head of Group-IB’s Digital Risk Protection Analytics Team (MEA), at Group-IB, said.

The Africa Cyber Surge II operation was launched in April 2023 and was carried out with funding by the UK Foreign Commonwealth and Development Office, the German Federal Foreign Office and the Council of Europe. This multinational, streamlined crime-fighting initiative brought together INTERPOL, AFRIPOL, Group-IB, and Uppsala Security to provide on-the-ground operational support and share actionable intelligence on cyber extortion, phishing, business email compromise, and online scams.

This intelligence was subsequently shared with national law enforcement agencies on the African continent, leading to the arrest of 14 suspects in countries such as Cameroon, Nigeria, and Mauritius, and the takedown of hundreds of malicious IP addresses and malware hosters. Additionally, the educational track of this operation saw parties share best practices on how to combat the surge in digital insecurity and growing cyber threats in the region.

Group-IB, a long-standing private sector partner of INTERPOL, collected and shared at the request of INTERPOL more than 1,000 indicators drawn from the company’s sector-leading Threat Intelligence related to malicious infrastructure across Africa. The data contained domains, URLs, and server IP addresses used in phishing and malware attacks. INTERPOL member countries in Africa leveraged this information in several takedown operations.

Africa Cyber Surge II also had knowledge sharing at its core. During operational activities held in Tanzania In June, Group-IB’s Deputy Head of APAC High-Tech Crime Investigation Department, Kristina Ivanova, shared expertise on techniques to tackle business email compromise scams, phishing and online fraud, and also contributed to a panel discussion on the importance of public-private sector partnerships in tackling cybercrime. Group-IB experts also assisted national law enforcement agencies on the African continent via a series of practical workshops dedicated to the analysis of real cybercrime cases.

“Group-IB is proud of its contribution to fighting against cybercrime in Africa, and we do this in order to protect organizations and citizens across the whole globe against cybercrime through our intelligence-driven technology and agile expertise,” Dmitry Volkov, CEO at Group-IB, said. “The Africa Cyber Surge II is yet another milestone with regard to cooperation between international law enforcement, national agencies, and private sector cybersecurity companies. Collaboration and intelligence sharing should be at the heart of cybersecurity operations, and Group-IB stands ready to make a further contribution to this end, in line with our core strategic mission of fighting against cybercrime in all its forms.”

“The Africa Cyber Surge II operation has led to the strengthening of cybercrime departments in member countries as well as the solidification of partnerships with crucial stakeholders, such as computer emergency response teams and Internet service providers. This will further contribute to reducing the global impact of cybercrime and protecting communities in the region,” said Jürgen Stock, INTERPOL Secretary General.

“As digital systems, Information Communication Technologies and Artificial Intelligence grow in prominence, it is urgent that public and private actors work hand in hand to prevent these technologies from being exploited by cybercriminals. Coordinated operations such as Cyber Surge are necessary to disrupt criminal networks and build individual, organizational and society-wide levels of protection,” said AFRIPOL’s Acting Executive Director, Ambassador Jalel Chelba.

This most recent initiative follows in the wake of the highly successful Africa Cyber Surge operation, launched in July 2022, which was aimed at identifying cybercriminals and compromised infrastructure in Africa. During this four-month operation, Group-IB provided key cyber threat intelligence that aided cooperation between INTERPOL’s Cybercrime Directorate, ISPA, AFRIPOL, and INTERPOL’s African member states. Some of the operation’s highlights included the arrest of 10 suspects linked to fraud and scams amounting to $800,000 in financial damages and the takedown of more than 200,000 pieces of malicious infrastructure.

Group-IB, which has a zero-tolerance policy to cybercrime, has been an official private sector partner of INTERPOL since 2017, and the company has participated in multiple crime-fighting initiatives on the African continent, including Falcon I and II, Delilah, and Lyrebird. In July 2023, Group-IB played a key role in the INTERPOL-led Operation Nervone, an initiative aimed at disrupting the activities of the notorious cybercriminal group dubbed OPERA1ER by Group-IB (also known as NXSMS, DESKTOP-Group, and Common Raven).

This joint operation was launched under the guises of the African Joint Operation against Cybercrime (AFJOC) and the INTERPOL Support Programme for the African Union (ISPA), in conjunction with AFRIPOL, the Direction de L’information et des Traces Technologiques (DITT), Group-IB and the Orange CERT Coordination Center (Orange-CERT-CC) led to the arrest of a suspected leader of the cybercrime syndicate in Côte d’Ivoire.