According to Kaspersky Security Network data for corporate users in the Middle East, in Q2 2022 the number of users affected by Trojan Spies – spyware able to secretly harvest victim’s credentials – decreased compared to the previous quarter. However, security operations centers in organizations remain on alert with various cybercriminal groups continuing their activity across regions.

Spyware is a type of malware that is used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.). The collected information is then transmitted to the malicious user controlling the spyware through email, the web and other methods. Spyware can be installed on any device – desktops or laptops, servers and mobile devices and masked as regular apps for unnoticed operation. Spyware is used for espionage – to collect banking card credentials, passwords and other valuable data.

In 2021, Kaspersky experts identified the PseudoManuscrypt spyware module targeting many industrial and government organizations. It collected VPN connection data, logged keypresses, captured screenshots and videos of the screen, recorded sound with the microphone and stole clipboard data and operating system event log data. Industrial espionage was one of the possible objectives of the campaign. Other spyware threats monitored by Kaspersky experts include such known cases as Pegasus, Chrysaor, FinSpy, CoolWebSearch, Gator.

In Oman the number of users affected by Trojan Spies decreased by 26% in Q2 2022 compared to Q1, in Qatar – by 17%, in Kuwait – by 16%. In Egypt the share of affected users fell by 14%, in Saudi Arabia – by 12%. In Bahrain the share of users fell by 4%, in the United Arab Emirates the share of affected users remained unchanged.

“Spyware remains one of the most popular types of malware, enabling corporate espionage or intellectual property theft. It is often used in a targeted manner, with corporate networks getting infiltrated for information collection. It is common that spyware can lead to loss of some corporate data from a device of one of the employees, but it is far more likely that the compromised employee will be used as an entry-point into the corporate network, which contains more information,” comments Emad Haffar, Head of Technical Experts, META region at Kaspersky. “One of the key characteristics of spyware is evasiveness – a competent Security Operations Center together with advanced cybersecurity solutions are required to mitigate this threat. Kaspersky Endpoint Security for Business and Kaspersky Anti Targeted Attack work well for organizations to block spyware in corporate systems.

To protect your organization from spyware, Kaspersky experts recommend:

  • Providing your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky over the past 20 years. To help businesses enable effective defenses in these turbulent times, Kaspersky announced free access to independent, continuously updated and globally sourced information on ongoing cyberattacks and threats. Request access online.
  • Upskilling your cybersecurity team to enable them to tackle the latest targeted threats with Kaspersky online training, developed by GReAT experts.
  • Using an enterprise-grade EDR solution, such as Kaspersky EDR Expert. It is essential for detecting threats among a sea of scattered alerts – thanks to its automatic merging of alerts into incidents – as well as to analyze and respond to an incident in the most effective way. 
  • In addition to adopting essential endpoint protection, implementing a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform.
  • Introducing security awareness training and teaching practical skills to your team – using tools such as the Kaspersky Automated Security Awareness Platform, as many targeted attacks start with social engineering techniques, such as phishing.

-Ends-

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.