Kaspersky Warns of Rising Ransomware Threats in META Region Amid AI-Fueled Cyberattacks

Cybersecurity firm Kaspersky has released its Q1 2025 threat intelligence report for the Middle East, Türkiye, and Africa (META), spotlighting a rapidly shifting digital risk landscape shaped by artificial intelligence, ransomware-as-a-service (RaaS) models, and increasingly low-cost cyberattacks.

According to the report, Türkiye and Kenya topped the list for web-based threats, with 26.1% and 20.1% of users respectively encountering online attacks. In contrast, the UAE, Saudi Arabia, Egypt, and Jordan recorded the region’s lowest levels of web-borne threats, suggesting better cybersecurity resilience or practices in place.

Ransomware remains the most pressing concern in the META region, particularly in technologically advanced economies undergoing rapid digital transformation. Kaspersky notes that these expanding digital ecosystems, while enabling growth, have also widened attack surfaces and exposed varying degrees of cybersecurity readiness.

One group in particular, FunkSec, has emerged as a major player in 2025’s ransomware scene. Surpassing well-known groups such as Cl0p and RansomHub, FunkSec has adopted a ransomware-as-a-service model, combining data encryption with theft in so-called “double extortion” attacks. Uniquely, FunkSec relies heavily on artificial intelligence-generated code — often produced with large language models — to evade detection and scale operations. Its strategy focuses on volume over payout, executing widespread, low-ransom attacks that are difficult to trace and accessible to less experienced hackers.

Kaspersky also identified creative new tactics by ransomware groups such as Akira, which reportedly used webcam exploits to bypass traditional endpoint detection systems. Increasingly, cybercriminals are turning to unconventional vulnerabilities such as Internet of Things (IoT) devices, smart appliances, and misconfigured office hardware — areas often overlooked in traditional security frameworks.

The report further highlights the role of generative AI and development platforms like robotic process automation (RPA) and low-code tools in lowering the technical barriers to launching cyberattacks. These technologies are being marketed on the dark web to help even unskilled attackers automate malicious campaigns, including phishing and social engineering, at scale.

Kaspersky is currently tracking 25 active advanced persistent threat (APT) groups in the region, including SideWinder, Origami Elephant, and MuddyWater. These groups are increasingly shifting toward mobile device exploits and more evasive attack techniques.

Sergey Lozhkin, head of Kaspersky’s Global Research and Analysis Team for META and APAC, cautioned: “Ransomware is one of the most dangerous and rapidly evolving threats. Criminals are exploiting every weak point — from IoT devices to outdated office systems — and these often fly under the radar.”

To protect against such threats, Kaspersky recommends organisations keep software updated, implement offline backups, monitor for lateral network movements, and equip security teams with current threat intelligence and ongoing training.