In the telecommunications sector, there were 284 cybersecurity incidents per 10,000 systems, according to Kaspersky Managed Detection and Response (MDR) statistics for January- June 2024. Mass media companies experienced 180 attacks per 10,000 systems, while the construction development, food and industrial sectors followed with 179, 122 and 121 incidents, respectively.

“A successful attack, especially an advanced one, on a telecom company can expose millions of customers’ records, including contact details, social security numbers, and credit card information. It can also serve as a possible springboard for further attacks on clients through trusted relationship exploitation. That’s why this sector is so attractive for cybercriminals. The mass media organizations become an increasingly frequent target during international conflicts, which are often characterized by information warfare in which they play a crucial role. The construction development firms, in turn, have significant cash flows and rely on subcontractors, making them vulnerable to attacks via trusted partners’ infrastructures and spear phishing,” explained Sergey Soldatov, head of Kaspersky Managed Detection and Response.

Telecommunication companies also faced the highest average number of critical incidents, with 32 attacks per 10,000 systems. “Critical incidents are human-driven attacks or malware threats that have a potential or actual significant impact on the company’s infrastructure,” explained Sergey Soldatov. The IT industry follows with nearly 12 average critical incidents, while the government sector experienced 8 average critical incidents in the first half of 2024.

Globally, the number of cyber incidents has remained relatively stable, with a slight decrease. Organizations tend to strengthen their cybersecurity measures after the spike in attacks in 2021-2022. Enhanced approaches such as vulnerability assessments and penetration tests have improved overall security. To protect against cyberthreats to enterprises, Kaspersky recommends the following measures:

1. Have strong endpoint protection that builds up your security with EDR and XDR
2. In addition to adopting essential endpoint protection, use a corporate-grade security solution that detects advanced threats on the network level at an early stage
3. Implement Managed Detection and Response (MDR) to proactively seek out threats
4. To make sure infrastructure is not compromised, periodically conduct compromise assessment, and in case of clear evidence of a cyberattack, start incident response
5. To build own internal security operations, SOC consulting services can help
6. Provide your SOC team with access to the latest threat intelligence (TI)
7. Upskill your cybersecurity team to tackle the latest targeted threats
8. As many targeted attacks start with phishing or other social engineering techniques, introduce security awareness training and teach practical skills to your team

APT groups are complex threat actors that deploy targeted attacks, active for years on end. These groups are often motivated by espionage, monetary gain, or in some cases, hacktivism. According to Kaspersky Intelligence, some of the most prominent groups in the region are MuddyWater, FruityArmor, Sidewinder. Kaspersky also works with legal authorities, providing them with the intelligence needed to track cybercriminals behind these attacks.

These threat actors use a wide range of techniques to infiltrate their victims in the region. Social engineering is a common tactic used on social media or email, such as posting a fake job advert targeting software developers. APT groups also deploy sophisticated modular malware like DeadGlyph and StealerBot, as well as weaponising legitimate, remote applications, online services and cloud platforms – a technique used by MuddyWater APT group to penetrate the targeted site. Furthermore, these groups can target third-party providers and infiltrate their victims through supply chains.

“The current geopolitical climate is a hotbed for APT activity, therefore, investigating these attacks and gaining intelligence on their movement is vital for security teams and corporations in Africa. Our research allows businesses and government entities to determine the significance of the threat posed, understand the attackers’ next move and accordingly be able to take the appropriate security steps to protect themselves,” said Amin Hasbini, Head of Global Research and Analysis team for Middle East, Turkiye and Africa at Kaspersky.

With every APT investigation, Kaspersky’s Global Research and Analysis Team (GReAT) publish comprehensive reports, available on Kaspersky’s Threat Intelligence Portal (https://apo-opa.co/3XTZYyc). The reports offer crucial APT detection and forensic capabilities, enabling effective mitigation and remediation.

To avoid falling victim to a targeted attack by APT groups, Kaspersky researchers also recommend implementing the following measures:

1. Limit access to third parties and require continuous inspection of access within their supply chain.
2. For endpoint-level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Next.
3. In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as the Kaspersky Anti-Targeted Attack Platform.
4. The energy sector and other critical infrastructures should use security solutions for operation technology endpoints and networks, such as Kaspersky Industrial CyberSecurity, to ensure comprehensive protection for all systems.
5. Upskill your cybersecurity team to tackle the latest threats with Kaspersky online training, developed by GReAT experts.
6. Educate employees depending on their IT knowledge with cybersecurity courses such as those available within the Kaspersky Security Awareness Platform.