The number of malware attacks in the Middle East, Turkey and Africa in Q1 2019 has increased by 108% from Q1 2018, according to Kaspersky Lab.
The security company reported more than 150 million malware attacks in the region over Q1 of this year: an average of 1.6 million attacks a day. Mobile malware attacks made up a not-insignificant share of the total, with more than 368,000 attacks reported – up 118% on Q1 2018. Cryptomining malware was also up, with a 146% increase over the same time last year.
On the other hand, ransomware attacks were down, with only 193,000 attacks reported, representing an 18% decrease compared with Q1 2018, so it’s not all bad news. Findings from Malwarebytes indicate that globally, ransomware targeted at businesses has seen an increase of 508% since Q1 2018, though among consumers the number dropped significantly.
“A drop in ransomware incidents is a great showcase of the security consciousness that is growing in the META region,” said Amin Hasbini, Senior Security Researcher, Global Research and Analysis Team at Kaspersky Lab. “At the same time, we have to realise that if there are less ransomware attacks, malicious attention is being diverted elsewhere. Personal and organisation-facing financial threats seem to be growing unabated.”
Supporting Hasbini’s point, Kaspersky Lab found that 5.8 million phishing attacks were reported in Q1 of this year: a 334% increase compared to Q1 2018.
And users seem to be falling for it. Statistics from the Kaspersky Security Network cloud service showed that over a quarter of all users in the META region were affected by web threat incidents during Q1 2019.
Some regions seemed to be more heavily targeted than others. Despite having a population of only 9 million, the UAE experienced 1.1 million phishing attacks and 23 million malware attacks. That’s a substantial portion of those encountered by the region as a whole.
These statistics – particularly regarding the increase in phishing – demonstrate the importance of training and awareness. However, that requires significant investment in terms of human resources, and the cybersecurity skills shortage is a problem worldwide, with the UAE being particularly affected. Our research found that the most common size of information security team in the region (35%) was two members or fewer, with only 15% having a team of more than 10 members.
The 2018 SANS Security Awareness Report recommended that for security awareness programs to be effective, an organisation of 5,000 or fewer employees should have at least two staff members working full-time on improving security awareness. For a ‘truly mature’ program, it recommended at least 4.
Given the generally small size of infosec teams in the region, those recommendations may be a little out of reach for most companies. But with cybercriminals clearly continuing to focus their efforts on exploiting human vulnerabilities, rather than technological ones, it’s clear more investment in training and awareness is needed.