The widespread adoption of artificial intelligence (AI) and machine learning technologies in recent years is providing threat actors with sophisticated new tools to perpetrate their attacks. One of these are deepfakes which include generated human-like speech or photo and video replicas of people. While the time and effort to create these attacks often outweigh their potential ‘rewards’, Kaspersky warns that companies and consumers must still be aware that deepfakes will likely become more of a concern in the future.Kaspersky research has found the availability of deepfake creation tools and services on darknet marketplaces. These services offer generative AI video creation for a variety of purposes, including fraud, blackmail, and stealing confidential data. According to the estimates by Kaspersky experts, prices per one minute of a deepfake video can be purchased for as little as $300.There are also concerns when it comes to the significant divide around digital literacy amongst Internet users. According to the recent Kaspersky Business Digitisation Survey¹ 51% of employees surveyed in the Middle East, Turkiye and Africa (META) region said they could tell a deepfake from a real image; however in a test only 25%2 could actually distinguish a real image from an AI-generated one. This puts organisations at risk given how employees are often the primary targets of phishing and other social engineering attacks.For example, cybercriminals can create a fake video of a CEO requesting a wire transfer or authorising a payment, which can be used to steal corporate funds. Compromising videos or images of individuals can be created, which can be used to extort money or information from them.“Despite the technology for creating high-quality deepfakes not being widely available yet, one of the most likely use cases that will come from this is to generate voices in real-time to impersonate someone. For example, a finance worker at a multinational firm was recently tricked into transferring $25 million to fraudsters because of deepfake technology posed as the company’s chief financial officer in a video conference call. It’s important to remember that deepfakes are a threat not only to businesses, but also to individual users - they spread misinformation, are used for scams, or to impersonate someone without consent – and are a growing cyberthreat to be protected from,” says Vladislav Tushkanov, Lead Data Scientist at Kaspersky.For protection against the various threats posed by deepfakes, Kaspersky recommends people and businesses take the following actions:Pay attention to suspicious calls. Employees need to be mindful of poor sound quality, an unnatural monotony of the ‘person’s’ voice, unintelligible speech, and extraneous noise.Be aware of the key characteristics of deepfake videos. This includes jerky movement, shifts in lighting from one frame to the next, shifts in skin tone, lips poorly synchronised with speech, and poor lighting.Never make decisions based on emotions, and do not share details with anyone. It is always better to ask something that only that person might know or stop the call and double-check the information received through several channels. This is where the ‘trust but verify’ protocol is important.Check and update the cybersecurity practices of the organisation.A solution such as Kaspersky Threat Intelligence can assist keeping information security specialists up to date on the most recent developments in the deepfake game.Companies should also strengthen the human firewall by ensuring their employees understand what deepfakes are, how they work, and the challenges they can pose. This can encompass ongoing awareness and education drives to teach employees how to spot a deepfake.

A new survey, commissioned by Kaspersky of 21000 people worldwide, reveals shocking data about the extent of digital abuse. Almost a quarter of respondents (23%) had experienced some form of online stalking from a person they were newly dating. A third (34%) of respondents believe that Googling/checking social media accounts of a person you had started dating as a form of due diligence is acceptable and 41% admitted to doing so when they started dating someone.According to the study – which interviewed 1000 people in 21 countries around the world – online daters are keen to take steps to protect themselves in the quest for love. However, people are still vulnerable to an alarming rise in stalking and abuse this Valentine’s day from risks posed by location settings, data privacy and more broadly, oversharing.The types of abuse are varied, with well over a third (39%) of respondents having reported some form of violence or abuse from a current or previous partner: 16% of respondents had been sent unwanted emails or messages and perhaps most concerningly, 13% had been filmed or photographed without their consent. A further 10% admitted they had had their location tracked, 10% that their social media accounts or emails had been hacked, and worryingly, 7% having had stalkerware installed on their devices without their consent.Proportionally more female respondents had experienced some form of violence or abuse compared to male respondents (42% versus 36%). More of those currently dating had experienced violence or abuse compared to those in a long-term relationship (48% versus 37%). In fact, 34% of respondents said they worried about the prospect of being stalked online, and female respondents being slightly more concerned at the prospect than males (36% were worried compared to 31% of male respondents).“The Internet of things, or connected world is brilliant and offers a myriad of possibilities. But with opportunity comes threats and one of those threats of a connected world is the ease of access to traceable data which leaves us vulnerable to abuse”, commented David Emm, Principal Security Researcher at Kaspersky. “Whilst the blame for these horrific behaviours never lies with stalking victims, unfortunately there is still a burden upon them to take steps to minimise risks. I think it’s great that people are taking steps to verify identities online, but would encourage people to just stop and do a quick sense check on any information, passwords or data they share, to just think through how that information could be used in nefarious hands.”Kaspersky has gathered some top tips for staying safe whilst dating online below, for more details, please take a look at our safe dating guide or for further ways to stay safe from Stalkerware, visit https://stopstalkerware.org/resources/Keep passwords to yourself and make sure they are complex and uniqueIf it seems too good to be true, it might just be – if in doubt check!Take a moment to check your own digital privacyThink before you share – the internet has long memory and sharing too much too soon can leave you vulnerableCreate a ‘safe plan’ if you move from digital to real worldsKaspersky works with experts and organizations in the field of domestic violence, ranging from victim support services and perpetrator programs through to research and government agencies, to share knowledge and support both professionals and victims. Kaspersky is one of the co-founders of the Coalition Against Stalkerware, an international group dedicated to tackling stalkerware and combating domestic violence. Since 2021, Kaspersky has been a consortium partner of the EU project DeStalk, co-funded by the Rights, Equality, and Citizenship Program of the European Union. Kaspersky has also launched and maintains TinyCheck, a free, safe and easy-to-use tool to check devices for stalkerware and monitoring apps.Survey DetailsIn January 2024 Arlington Research, on behalf of Kaspersky conducted 21,000 online interviews, 1,000 in each of the following 21 countries: The UK, Germany, Spain, Serbia, Portugal, The Netherlands, Italy, France and Greece, the USA, Brazil, Argentina, Chile, Peru, Colombia and Mexico, Asia-Pacific: China, Singapore, Russia, India and Malaysia. Respondents were aged 16 years and over. All were either in a long-term relationship (62% of the sample), dating someone (16%) or not currently dating/in a relationship but had been in the past (21%).

Kaspersky has appointed seasoned IT leader, Toufic Derbass, as the Managing Director for the Middle East, Türkiye and Africa (META) region. With nearly three decades of experience, Toufic aims to build on Kaspersky’s strong regional presence of over 16 years as the company aims to double its B2B and large enterprises business segment in the next five years.Toufic is committed to bettering relations with regional governments and policymakers, in addition to promoting Kaspersky’s award-winning products and services as the region rapidly adopts digitization. His efforts will also focus on elevating the level of cybersecurity awareness in the region, contributing to Kaspersky’s mission of building a safer world.Prior to joining Kaspersky, Toufic held leading positions at multinational software companies, where he was responsible for scaling businesses by forging strategic partnerships and executive relationships with leading private and public sector organizations.Commenting on his appointment, Toufic Derbass, Managing Director for META at Kaspersky, said, “I’m honored and excited to lead a brand that is globally known for its innovation and is built on a legacy of over 26 years. Kaspersky’s strong market footprint in the Middle East, Türkiye and Africa region is a testament to its breadth and quality of products and services, that blend technology with human expertise. My vision for Kaspersky in the region is to showcase its unique capabilities, such as the revolutionizing concept of Cyber Immunity which plays a crucial role in reimagining cybersecurity.”Robert Cataldo, VP Global sales at Kaspersky, said, “We are delighted to welcome Toufic to the company. For the past few years, Kaspersky’s operations in the region have been on an upward trajectory, with the expansion of our market footprint year on year. With the extensive experience he brings on board and his values that align with ours, we believe Toufic to be a perfect fit to further unlock Kaspersky’s potential through promising opportunities.”

AI-enabled wearables could spark debates about privacy, and the anticipated proliferation of AR and VR is likely to set new standards regarding privacy in 2024. At the same time, the significance of data breaches containing passwords is expected to diminish as two-factor authentication becomes more prevalent, and users enhance privacy with assistant bots.Data Privacy Day is held annually on January 28 to raise awareness on the topic. According to Kaspersky, the privacy field is undergoing a transformative moment due to the emergence of new technologies and evolving regulatory practices. Major events in 2023 in the social, economic and political spheres, as well as new technological trends, will be the main factors influencing the privacy landscape in 2024. Kaspersky experts’ predictions include:AI-enabled wearables may spark a fresh debate on privacy.While people have embraced devices like smartphones and smart assistants in their homes, wearables, especially those with cameras like smart glasses or AI pins, tend to evoke more suspicion. The overt nature of these devices could genuinely cause privacy-conscious individuals concern, assuming they gain popularity.AR and VR developments are poised to establish new privacy standards in 2024.Apple's product launches typically draw public attention, sparking discussions regarding privacy, especially when it comes to technologies that have not been regulated properly yet. With the introduction of Apple Vision Pro and the increasing integration of AR/VR into daily life, privacy concerns are likely to take center stage.Advancing privacy through the emergence of assistant bots.The growing prevalence of assistant bots, utilizing natural language processing (NLP), offers a compelling opportunity to enhance user privacy across diverse sectors. Envision a future where bot assistants play a crucial role in safeguarding personal data, particularly during calls. A sophisticated bot assistant could seamlessly handle user calls, ensuring sensitive information, such as the user's voice is protected.Leaked passwords will provide less cause for concern as their importance continues to decline.The primary reason for the decline in fears of leaked passwords is the rising prevalence of two-factor authentication where an additional code to confirm your login is sent via SMS or generated in a special authenticator application, such as Kaspersky Password Manage. Additionally, some services, like Google, already feature “passwordless” authentication via passkeys, while others favor biometric authentication over traditional passwords."In the era of evolving technologies, the notion of private data must extend beyond traditional boundaries. The advent of AI-enabled wearables, AR/VR developments, and the rise of assistant bots necessitate a broader understanding of privacy. As these innovations become integral to daily life, our concept of personal data must encompass not only what we willingly share but also the nuanced interactions and insights these technologies inherently possess,” comments Anna Larkina, security and privacy expert at Kaspersky.

Kaspersky Digital Footprint Intelligence team has over the past two years uncovered almost 40,000 dark web posts about the sale of internal corporate information. These posts – created by cybercriminals – are used to buy, sell, or distribute data stolen from various companies through cyberattacks. The number of posts offering access to corporate infrastructure has seen a 16% increase compared to the previous year. Worldwide, every third company was referenced in dark web posts associated with the sales of data or access.Kaspersky Digital Footprint Intelligence experts observed an average of 1,731 dark web messages per month about the sale, purchase and distribution of internal corporate databases and documents, totaling almost 40,000 messages between January 2022 and November 2023. The monitored resources encompassed dark web forums, blogs, and also shadow Telegram channels.Another category of data available on the dark web is access to corporate infrastructures allowing cybercriminals to purchase pre-existing access to a company, enabling attackers to streamline their efforts. According to Kaspersky’s research, more than 6,000 dark web messages have been advertising such offers in January 2022-November 2023. Currently, cybercriminals are increasingly offering access, with the average number of corresponding monthly messages witnessing a 16% rise from 246 in 2022 to 286 in 2023. While the number of messages may not seem high, it doesn’t diminish the potential magnitude of the issue. With the looming threat of supply chain attacks in the coming year, even breaches targeting smaller companies could escalate to impact numerous individuals and businesses globally.“Not every message on the dark web contains new and unique information. Some offers can be repetitive; for instance, when a malicious actor aims to quickly sell data, they may post it on different underground forums to reach a larger audience of potential criminal buyers. Moreover, certain databases might be combined and presented as new. For instance, there are ‘combolists’ - databases that aggregate information from various previously leaked databases, such as passwords for a specific email address,” explains Anna Pavlovskaya, expert at Kaspersky Digital Footprint Intelligence.To further enhance security of businesses worldwide, Kaspersky Digital Footprint Intelligence experts tracked mentions of 700 random companies related to corporate data being compromised in 2022, providing information about cyberthreats originating from the dark web.The findings revealed that 233 organizations – one-in-three companies – were mentioned in dark web posts related to the illicit exchange of data. These references specifically involved topics such as data breaches, stolen access to infrastructure, or compromised accounts.More statistics about dark web discussions are presented on Securelist, while the Kaspersky Digital Footprint Intelligence website provides a comprehensive incident response playbook for handling leak-related incidents. To avoid threats related to data breaches, it is worth implementing the following security measures:Swift identification and response to data breaches is essential. Those facing a crisis should start by verifying the source of the breach, cross-referencing internal data, and assessing the information’s credibility. Essentially, a company must gather evidence to confirm the attack occurred and that data has been compromised.Continuously monitoring the dark web allows for the detection of both fake and real breach-related posts, as well as the tracking of spikes in malicious activity. Given the resource-intensive nature of dark web monitoring, external experts often take on this responsibility.It's beneficial to prepare a communications plan in advance to interact with clients, journalists, and government agencies.Developing comprehensive incident response plans that include designated teams, communication channels, and protocols allows for the prompt and effective handling of such incidents when they occur.

“The most wonderful time of the year” is known for its generous sales, holiday cheer, and the notion of miracles around the corner. Unfortunately, it’s also a hot time for scammers, who steal personal data and money, precisely when everyone is having fun and letting their guard down.At this time of year, Kaspersky experts identified cases of phishing built around the Christmas and New Year season of giving: scammers are disguising the theft of personal data and funds as holiday giveaways.Phishing scams targeting personal accountsSome phishing sites aim to obtain data by infiltrating users' personal social media and messenger accounts under various guises. They request information and once it is submitted, it is transmitted directly into the hands of the scammers.One of these phishing incidents was recently reported in Singapore. Scammers created a sophisticated phishing site targeting individuals with the promise of payments in the new year purportedly from Singapore's Ministry of Finance. This deceptive site was designed to mimic the ministry's branding, giving it an air of credibility. To receive the payout, visitors were prompted to enter their Telegram account details.Once the user enters the Telegram account details, fraudsters can then gain full access to the account, potentially leading to the digital identity theft, access to private conversations, and the ability to impersonate the victim for further malicious activity.Phishing sites mimicking banks for the New Year giveawaysAnother phishing technique designed to trap those who believe in miracles is a lottery featuring banks. As New Year's Eve is a time of lucrative offers and gifts, fraudsters have created phishing sites that invite users to participate in giveaways aimed at obtaining victims' bank details to steal from them.  One instance of the New Year's scam was specifically targeted at Filipino citizens. In this scheme, individuals were lured to a website where they were enticed to spin a wheel for a chance to win a sum of money. After the spin, users were shown their supposed winnings and asked to select between various banks where the alleged funds could be deposited. After they made the selection, users found themselves on phishing sites designed to mimic legitimate online banking interfaces. This deceptive tactic was the final move in the scam, aiming to swindle the victims by gaining access to their banking credentials and ultimately their funds.Fake New Year's crypto gift-boxes with no Pokémon  The stakes in the cryptocurrency market are very high. Stealing a wallet with even a few tenths of a bitcoin already brings scammers significant profit, so they put a lot of effort into creating believable phishing emails and sites, thus making it harder for the user to notice something wrong.The fraudsters in one such case created a phishing page copying the official offer of Courtyard.io, a website that allows users to convert physical collectibles into tokens. The original Courtyard.io site invited users to register and purchase a New Year's Eve box containing a Pokémon card. So, scammers created a phishing page with the same offer, however, to receive the surprise box, visitors had to connect a crypto wallet, resulting in the theft of their funds. “Scammers are inventive and cunning. In response we need to double check all those special offers that come through from unknown emails. Luckily, we can have a reliable ally here – a comprehensive cybersecurity solution that will protect personal data and money, and prevent malicious actors from stealing our holiday” Comments Olga Svistunova, Senior Web Content analyst at Kaspersky.To avoid scams connected to the season of giving, Kaspersky experts share some simple tips:Verify the source. Before engaging with any special offer, verify the legitimacy of the source. If it's from a known brand or organization, check their official website or social media channels to confirm the giveaway campaigns.Type the URL into the address bar.  Don’t open the link from the email: it could be a phishing link. Whenever there is a need to open a web site, it is always better to type its URL into the address bar avoiding any links in email.Look for the red flags in the offer. Be wary of offers that seem too good to be true, like winning a large sum of money or expensive prizes with little to no effort. This is especially tricky when it comes to cryptocurrency transactions: scammers will do their best to make an offer look valid.Do not share personal information. Legitimate giveaways rarely ask for sensitive personal information upfront. Be cautious of any request for details like your bank account numbers, passwords, or Social Security numbers.

Adopting a multifaceted approach, the analysis explores the implications of AI, focusing on its use by defenders and regulators, and separately assessing its potential exploitation by cybercriminals. This comprehensive examination – part of Kaspersky Security Bulletin (KSB) – is a yearly compilation of predictions and in-depth reports illuminating key shifts in the dynamic field of cybersecurity.Amid the rapid pace of technological progress and societal shifts, the term “AI” has firmly positioned itself at the forefront of global conversations. With the increasing spread of large language models (LLMs), the surge in security and privacy concerns directly links AI with the cybersecurity world. Kaspersky researchers illustrate how AI tools have helped cybercriminals in their malicious activity in 2023, while also showcasing the potential defensive applications of this technology. The company’s experts also reveal the evolving landscape of AI-related threats in the future that might include:More complex vulnerabilitiesAs instruction-following LLMs are integrated into more consumer-facing products, new complex vulnerabilities will emerge on the intersection of probabilistic generative AI and traditional deterministic technologies, expanding the attack surface for cybersecurity professionals to secure. This will require developers to study new security measures like user approval for actions initiated by LLM agents.A comprehensive AI assistant to cybersecurity specialistsRed teamers and researchers leverage generative AI for innovative cybersecurity tools, potentially leading to an assistant using LLM or machine learning (ML). This tool could automate red teaming tasks, offering guidance based on executed commands in a pentesting environment.Neural networks will be increasingly used to generate visuals for scamsIn the coming year, scammers may amplify their tactics using neural networks, leveraging AI tools to create more convincing fraudulent content. With the ability to effortlessly generate convincing images and videos, malicious actors pose an increased risk of escalating cyber threats related to fraud and scams.AI will not become a driver for groundbreaking change in the threat landscape in 2024Despite the above trends, Kaspersky experts remain skeptical about AI changing the threat landscape significantly any time soon. While cybercriminals do adopt generative AI, the same is true about cyberdefenders, who will use the same or even more advanced tools to test enhance security of software and networks, making it unlikely to drastically alter the attack landscape.More AI-related regulatory initiatives, with private sector’s contributionAs fast-growing technology develops, it has become a matter of policy making and regulation. The number of AI-related regulatory initiatives is set to rise. Non-state actors, such as tech companies, given their expertise in developing and utilizing artificial intelligence, can provide invaluable insights for discussions on AI regulation on both global and national platforms.Watermark for AI-generated contentMore regulations, as well as service provider policies will be required to flag or identify synthetic content, with the latter continuing to invest in detection technologies. Developers and researchers, on their part, will contribute to methods of watermarking synthetic media for easier identification and provenance.“Artificial Intelligence in cybersecurity is a double-edged sword. Its adaptive capabilities fortify our defenses, offering a proactive shield against evolving threats. However, the same dynamism poses risks, as attackers leverage AI to craft more sophisticated assaults. Striking the right balance, ensuring responsible use without oversharing sensitive data, is paramount in securing our digital frontiers,” comments Vladislav Tushkanov, security expert at Kaspersky.On December 11, Kaspersky experts joined by prof. Dr. Dennis-Kenji Kipker of cyberintelligence.institute will delve deep into the multifaceted current influence of AI on cyber threats and the privacy landscape. To join the session, register here for free.To learn more about AI in cybersecurity, visit Securelist.comv.These are part of Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts within the cybersecurity world. Follow?this link?to learn more about other KSB pieces.

Company bosses are boosting their cybersecurity following an alarming increase in cyberattacks, a new study commissioned by Kaspersky has found. The data shows that 71% of companies in Saudi Arabia suffered at least one cyber incident over the last two years. One of the main reasons cited was the shortage of qualified IT security staff (34%). Among measures to strengthen cybersecurity, overall up to 58% of respondents claimed that their companies plan to invest in different forms of outsourcing cybersecurity in the next 12 to 18 months.Kaspersky conducted a study to learn the opinions of IT security professionals working for SMEs and corporations worldwide regarding the impact people have on cybersecurity in a company. The survey gathered information about various groups of people who influence cybersecurity, looking at both internal staff, and external actors. It also analyzed levels and types of online safety company bosses believed warranted investment.In Saudi Arabia, more than three quarters (71%) of respondents reported that their company had experienced cybersecurity incidents within the last two years, with 75% of these judged as ‘serious’. Some said the main reasons for cyber incidents occurring in their company were a lack of necessary tools for threat detection (22%) and a shortage of internal IT security staff (34%).The respondents indicated that a variety of measures would be appropriate to address the gaps in cybersecurity. Specifically, 10% said they would like to see more external specialists brought in. One quarter of organizations (24%) plan to invest in third-party professional services, and as many as 42% of respondents are aiming to outsource their cybersecurity to MSP/MSSP (Managed Service Providers/Managed Security Service Provider). The most likely industries to invest in third-party services in the near future are critical infrastructure, energy and oil & gas companies.At the same time, many organizations plan to invest in automating their cybersecurity processes. In the next 12 months almost half of businesses globally (53%) have concrete plans to implement software that automatically manages their cybersecurity, while 13% are discussing the subject. “The automation and outsourcing of cybersecurity tasks are major areas that organizations struggling because of a lack of experts and alert fatigue can focus on. Turning to external experts, — whether it’s outsourcing, to manage the whole cybersecurity system, or adopting expert-level services to assist the IT Security department — is the optimal solution for many. Cybersecurity vendors, Managed Service Providers, Managed Security Service Providers are the companies that have relevant expertise, all the necessary tools, and can manage cybersecurity effectively for customers of any size. Additionally, they can provide the customer with various options, such as Managed Detection and Response services, where SOC experts continuously carry out monitoring, or assistance in case of emergency like investigating a particular incident. Automation tools provided by cybersecurity vendors is another way an organization can strengthen its cybersecurity. For example, our XDR and MDR has out-of-the-box automation through investigation and response playbooks and embedded AI, enabling clients and partners to significantly automate their information security processes. With all possible options provided by experts, each company can determine the scope of services that are needed, based on cybersecurity gaps or desired development trajectory,” comments Ivan Vassunov, VP, Corporate Products at Kaspersky.To cope with a shortage of tools or IT Security employees in-house, Kaspersky recommends:Make use of the expertise offered by managed security providers offerings. For example, Kaspersky Managed Detection and Response raises the overall protection level of an organization by monitoring of telemetry coming from the company's IT network 24/7, and helps with the development of in-house processes and best practices while following the incident response guidelines provided by Kaspersky experts. Additionally, the AI assistant in MDR automatically handles about half of all security alerts to ensure maximum protection.Implementing Kaspersky Professional Services optimizes the workload of a struggling IT department. Kaspersky experts assess the state of your current IT security, then deploy and configure Kaspersky software quickly and properly to ensure hassle-free ongoing performance. And Kaspersky Premium Support speeds up and boosts the efficiency of any Kaspersky-based IT security infrastructure.For SMBs that lack the budget to purchase some cybersecurity products and hire dedicated IT security professionals, just one IT administrator (even part time or outsourced) is enough to easily manage Kaspersky Endpoint Security Cloud through a console with numerous automated scripts.Invest in cybersecurity trainings so your current IT security specialists’ skills are always up-to-date and equipped to handle anything the cyber threat landscape throws at your organization. Kaspersky Cybersecurity for IT Online training helps build up simple yet effective IT security best practices and simple incident response scenarios for general IT administrators. And Kaspersky Expert Training equips your security team with the latest knowledge and skills to manage and mitigate threats, protecting your organization from even the most sophisticated attacks.The full report and more insights on the human impact on cybersecurity in business are available via the link.

As Black Friday approaches, Kaspersky has released a new report revealing the latest shopping-related cyber threats. The findings expose more than 13 million e-shop-related phishing attacks in 2023, with scammers mimicking popular marketplaces, luxury brands, and gadget stores.According to the company’s experts, scams and phishing are favored tactics for fraudsters seeking profit. In the first ten months of 2023, Kaspersky identified 30,803,840 phishing attacks targeting online shopping, payment systems, and banking institutions, with e-commerce platforms used as a lure in 43.5% of total attacks (13,390,142 attacks).Since October, a notable threefold increase in domains using the words "Black Friday" has been observed. Websites in these domains range from nonexistent stores to convincing replicas of real online outlets. Kaspersky consistently identifies numerous fake stores offering clothing, appliances, and gadgets since the beginning of fall. The most prevalent schemes center on creating fraudulent stores where individuals pay for products which they never receive.Another scheme involves linking a card to allegedly pay for goods, allowing scammers to gradually withdraw money and empty victims’ accounts. For instance, a deceptive website mimics a well-known shopping platform, enticing users with an offer to acquire an €800 gift card for €1.95. As the promised gift card is typically nonexistent, users lose money to the scammers behind this fraudulent setup.Example of shopping phishing pageKaspersky’s experts also revealed fraudsters targeted potential victims with scams using big brand industry leaders such as eBay, Walmart, Alibaba, and local platforms like Mercado Libre in 240,000 phishing attacks. The allure of greater theft prompts scammers to impersonate luxury brands.Scammers also target tech enthusiasts by mimicking Apple products and services around Black Friday. Kaspersky products have detected 2.8 million of such phishing attacks from January to October 2023. Gamers find themselves ensnared by console scams, promising purchases but ultimately leaving them out of pocket.“Online shopping, particularly during peak events like Black Friday, is a prime target for deceptive schemes. Fraudsters intensify their activities, capitalizing on the surge in online traffic and shoppers’ desire for deals. It’s crucial to be discerning and adopt secure online practices, protecting yourself against potential threats while enjoying the benefits of the digital marketplace,” comments Olga Svistunova, security expert at Kaspersky.To learn more about shopping threat landscape in 2023, visit Securelist.com.To enjoy the best that Black Friday has to offer this year, be sure to follow a few safety recommendations:Do not trust any links or attachments received by mail; double-check the sender before opening anything.    Double-check e-shop websites before filling out any information: is the URL correct? Are there any spelling errors or design bugs?Protect all the devices you use for online shopping with a reliable security solution. Kaspersky Premium is protecting its’ users from various range of shopping scams.If you want to buy something from an unknown company, check reviews before making any decision.Despite taking as many precautions as possible, you probably won’t know something is amiss until you see your bank or credit card statement. So, if you’re still getting paper statements, don’t wait until they hit your mailbox. Log in online to see if all of the charges look legitimate – if not, contact your bank or credit card company immediately to fix the situation.

Riyadh: Kaspersky, a global leader in cybersecurity solutions, has announced its participation in the highly anticipated Black Hat 2023 conference. Black Hat has long been a platform where industry pioneers come together to discuss the latest developments in cybersecurity.Kaspersky will take center stage to showcase its newly launched Managed Detection and Response (MDR) solution, which allows organizations in the Kingdom to leverage Kaspersky's experts while saving IT security teams’ resources for threat analysis, investigation, and response. The service was made possible through the public cloud service provided by Saudi Cloud Computing Company (SCCC Alibaba Cloud) which allows Kaspersky’s customers to comply with data sovereignty and privacy guidelines.Kaspersky will also showcase its Threat Intelligence service which has become an essential tool for organizations to safeguard their assets comprehensively. Kaspersky researchers actively engage in monitoring and tracking 16 Advanced Persistent Threat (APT) groups operating in the Kingdom of Saudi Arabia (KSA) and the surrounding region. These APT groups strategically select their primary victims, focusing on various sectors such as government entities, financial institutions, and manufacturing companies. This service enables organizations access to evidence-based knowledge, context, and actionable recommendations regarding cyber threats targeting their organization.Mohamad Hashem, General Manager of Kaspersky in KSA & Bahrain, expressed his excitement about the company's participation in Black Hat 2023: " Black Hat provides us with the perfect platform to discuss the vital cybersecurity issues and showcase our advanced cybersecurity solutions. With 16 years of experience in KSA, Kaspersky has consistently grown its business, achieving over 30% growth in the first three quarters of this year. We will continue working closely with governments and organizations to ensure they are protected throughout their digital transformation journey."Black Hat 2023 is set to be an exceptional event, with Kaspersky at the forefront of the cybersecurity conversation. We invite attendees to visit our booth to learn more about our MDR solution and discover how Kaspersky is dedicated to keeping organizations safe in an ever-evolving threat landscape.

According to Kaspersky research, the majority of employees in Saudi Arabia believe that the metaverse is the future of internet and will revolutionize entire industries (64,8%). Only few were skeptical of the metaverse and thought that it is a trend that will pass (19,5%). Many employees said their companies already have projects related to the metaverse (32,3%) or have specific plans for such projects (42,5%). However, with the metaverse come new cybersecurity challenges.The metaverse is a virtual, interconnected universe that merges physical and digital realities. In it, people can interact, socialize, work and engage in other activities through immersive technologies like virtual reality and augmented reality. The metaverse is often envisioned as the next-generation internet, blurring the boundaries between the online and offline worlds and offering limitless possibilities for social, economic, and entertainment experiences.Kaspersky experts warn that new phenomena like the metaverse bring cyber risks. VR headsets can be attacked to manipulate content, virtual assets earned in the metaverse can be stolen and whole virtual economies compromised. There are new privacy concerns as well: extensive data about users' actions, preferences, and behaviors is collected, which could be exploited for identity theft or surveillance. Protecting individuals' privacy in such a vast and interconnected digital space is a significant challenge. As the metaverse continues to evolve, cybersecurity strategies will need to adapt to address emerging threats and vulnerabilities.“When we discuss linking the metaverse and real-world objects and devices, technically we talk about the rising importance & new roles of IoT in the metaworld. Hence the attractiveness of the ‘Internet-of-Everything’ for global cybercrime increases as well,” comments Victor Ivanovsky, KasperskyOS Business Development Lead. “This is why IoT vendors should consider implementing a next generation cybersecurity approach on their devices. Kaspersky pioneers the Cyber Immune approach, where devices are able to be designed and developed with innate, built-in protection that would make them virtually impossible to compromise. For instance, Kaspersky IoT Secure Gateway is designed to serve as a secure gateway for the Internet of Things in Industrial IoT networks, Smart Cities and other modern use cases on the boundaries of the metaverse.”To keep your company protected from cyber threats in traditional and virtual environments, Kaspersky experts recommend:Organizations should conduct regular cyber skill checkups among employees and offer competent training. Kaspersky Security Awareness portfolio offers flexible ways to train staff, is easily customizable and scalable to meet the needs of any company size.Corporate users should be educated on potential privacy risks when working in virtual environments. Organizations should implement best practices in safeguarding personal and corporate data.Install updates for the firmware used on digital devices (including virtual headsets) as soon as they become available.Use Cyber Immune solutions for IoT protection on corporate networks. Use a dedicated IoT gateway that ensures inbuilt security and reliability of data transferring.Use Kaspersky Threat Intelligence to block network connections originating from malicious network addresses detected by security researchers.

According to the Digital Superstitions survey by Kaspersky, more than half of the respondents in Saudi Arabia (73%) do not post photos with their partners or spouses on social networks. Kaspersky is shedding light on how users feel about posting photos with their loved ones.Posting personal photos on social media can have certain negative consequences. Due to data breaches, photos can get accessible to unintended audiences, risking personal information exposure. Cybercriminals might use photos to gather information for identity theft or phishing attacks. Location data embedded in photos can even compromise physical security by revealing a user's whereabouts.Users provide different reasons for refraining from posting photos with their loved ones. In most cases (61%) people do not want anyone to know about their personal life. Every eighth (16%) respondent does not like how they look on the photos. 24% of respondents said that their partner does not want the joint photos shared publicly (men voiced this opinion more often than women). Apart from that, 25% of people surveyed are afraid that they or their relationships may get jinxed if photos are shared publicly.“In some cases, photos on social networks can become a source of information for intruders and cybercriminals – especially if they are accompanied by explicit captions or geotags. One of the possible risks is to face doxing. This is a phenomenon in which ill-wishers publicly post information about a person in order to harm their reputation or cause persecution. Doxers use, for example, personal photos or videos that can put a person in an awkward position, fragments of personal correspondence - usually taken out of context, home address, phone number, information about the place of work, etc. Therefore, before posting a photo with a description – personal or shared with another person – it is important to think about whether such a publication can do harm, and ask permission to post a post," says Emad Haffar, Head of Technical Experts at Kaspersky.To ensure that posting photos on social networks brings only joy, Kaspersky recommends:do not upload photos with confidential data, such as scans of documents;do not share information about your friends and family members on social networks if the account is public;check your privacy settings on social networks: it is better to keep your profile private and add people you know personally as friends;use strong and different passwords for each account, change them periodically, and use password managers to create and store them;set up two-factor authentication in those services that allow it;do not transfer data about other people without their consent to third parties.

Dubai: According to a recent survey by Kaspersky called Digital Superstitions, a fourth (40%) of respondents from KSA do not know what data about them is publicly available on the Internet.For those who recognized and are aware about their own personal information being available online, the survey showed that some have even tried to completely remove it from the Web. However, almost half of them (49%) did not take any actions. Among them,17% are sure that it is impossible to remove information about themselves from the Internet, while 9% do not know how to do it.According to those respondents from KSA who know what data about them is publicly available on the Internet, the most frequently mentioned data types are full names (77%), personal photos (54%) and e-mail addresses (49%). Moreover, some people let their personal phone number (53%), place of work or study (39%) and address of residence or registration (55%) be openly available online.However, it is also possible for personal data to end up online due to data breaches and data leakages on a company’s side. More than a quarter of the respondents (39%) are worried about such a possibility: they believe that they may run into trouble. 10% noted that they are only concerned about the possible leakage of bank card data. Over a third of respondents (34%) are not worried at all and believe that their personal data cannot be used for harm.“Unfortunately, users often underestimate personal data protection, despite that the leaked or stolen data can be used by cybercriminals in their fraudulent purposes – they can sell it, use it to hack personal accounts or for identity theft. Nevertheless, according to our survey, 48% of the respondents keep scans of passports and other confidential documents in correspondence in instant messengers, email inbox and social networks. You should not do this: under certain circumstances, attackers can steal such information,” comments Maher Yamout, Senior Security Researcher, Global Research & Analysis Team at Kaspersky. “There’s a simple basic test – to check what other people can know about you from scratch, type your first and last name between quotes in the Internet search engine and analyse the results”.To ensure personal data is protected properly, Kaspersky recommends following these security tips:Do not store or post confidential information (phone number, passport scan, etc.) on social networks, including in correspondence.Share confidential data in encrypted form, for example in an archive with a password.Ensure your accounts are well protected: use strong and unique passwords for each service (from 12 characters with letters in different case, numbers and special characters), store them in password managers.Set up two-factor authentication in those services that allow it.Use a reliable security solution like Kaspersky Premium – it will prevent you from finding yourself on a phishing site with the stolen personal or payment information.

Dubai: Kaspersky recently analyzed what digital superstitions Internet users in the UAE believe in nowadays and investigated whether there are grounds for these beliefs.According to the global Kaspersky Digital Superstitions survey, the most popular misbelief is that one should not pronounce “Yes” or “No” when speaking on the phone with strangers. Allegedly, the conversation can be recorded and used to steal money from banking accounts: the majority of respondents surveyed (79%) agree with this. In fact, voice identification systems are used in some banks, but only as an additional authentication tool which is not enough for carrying out a transaction, in particular to withdraw or transfer money.      Another common misconception that 80% of respondents believe in is that the HTTPS protocol of a website guarantees its authenticity. While in fact, the HTTPS certificate means that personal data can’t be reached from outside of the website, however this data can still be stolen by the site itself if it is a phishing resource.More than half (56%) of respondents believe that it’s possible to delete all information on a smartphone by rolling it back to factory settings. In reality, the data can often be recovered after a factory reset and formatting. Specifics of the storage space on gadgets implies that the data is deleted only in case it’s overwritten, which is not happening during a reset.56% of respondents from the UAE think that if the device is not connected to the Internet, it is impossible to infect it with malware. In fact, it’s possible to infect a device even if it is not connected to the Internet, for example, using a flash drive or other removable media.More than three quarters (78%) users think that the "Incognito" mode in the browser provides complete anonymity on the Internet. Though "Incognito" mode doesn’t guarantee absolute privacy. In this mode, the browser is not saving the history of visiting websites, cookies, download history and authorization data which is not equal to complete anonymity.“For over 25 years already we’ve been fighting not only various cyberthreats, but also digital superstitions. However, many of them are extremely durable. For example, it is interesting that more than a third of the users surveyed still believe that cactus plants absorb radiation from a monitor that may be harmful. That is why it is important to constantly improve digital literacy, as well as use reliable security solutions. There is nothing to be ashamed of not knowing something – and it is never too late to learn something new,” says Emad Haffar, Head of Technical Experts, Middle East, Turkey and Africa at KasperskyTo protect against various cyberthreats, Kaspersky experts recommend following the below tips:Pay attention to privacy settings in social networks and on popular platforms.Use strong and unique passwords for all your accounts (at least 12 characters with letters in different case, numbers and special characters), store them in password managers.In those services that allow it, set up two-factor authorization.Download applications only from official stores and periodically check which programs are installed on the device.Do not follow suspicious links in mail, instant messengers or social networks (even if they were sent by friends).Carefully check the name of the site in the address bar before entering your personal or payment data on it.Do not believe the myths and constantly improve your digital literacy, and in order not to worry about the safety of your data, install a reliable security solution on all of your gadgets, including mobile devices.

Kaspersky’s anti-phishing system prevented more than 500 million attempts at accessing fraudulent websites globally in 2022. This is twice more compared to 2021 figures. In the Middle East, 7.2% of individuals and corporate users faced phishing attempts, according to Kaspersky’s Spam and Phishing in 2022 report.CountryShare of usersQatar9.5%Bahrain9%Jordan8.5%Kuwait7.8%UAE7.5%KSA7.3%Oman6.9%Egypt6.9%Although spam and phishing attacks are not necessarily complex from a technological standpoint, they rely on sophisticated social engineering tactics, making them highly dangerous to those who are not aware of them. Fraudsters are skilled at creating phishing web pages identical to the original websites that collect private user data or encourage the transfer of money to fraudsters targeting both individuals and organizations. Kaspersky experts discovered that throughout 2022 cybercriminals increasingly turned to phishing. The company’s anti-phishing system successfully blocked 507,851,735 attempts to access fraudulent content globally in 2022, twice the number of attacks thwarted in 2021.The sphere most frequently targeted with phishing attacks was delivery services. Fraudsters send fake emails pretending to be from well-known delivery companies and claim there is an issue with a delivery. The email includes a link to a fake website, which asks for personal information or financial details. If the victim falls for the scam, they could lose their identity and banking information, which may be sold to websites on the dark web.Kaspersky experts have also highlighted a global trend in the phishing landscape of 2022: an increase in the distribution of attacks through messengers, with the majority of blocked attempts coming from WhatsApp, followed by Telegram and Viber.There is also growing demand among cybercriminals for social media credentials, with criminals exploiting people's curiosity and desire for privacy by offering fake updates and verified account status on social media platforms.An example of phishing page mimicking a social media alertMoreover, the experts found that cryptocurrency scams and the ongoing pandemic are still being used by phishing attackers to steal sensitive information from people who are afraid and worried. These scammers are taking advantage of people's fears and concerns to steal their sensitive information."Phishing is one of the most prevalent and pernicious threats in the cybersecurity landscape. Being the gateway to many of the worst cyber threats, phishing pages are the first step in a long chain of events that can result in identity theft, financial loss, and reputational damage for both individual consumers and businesses. It's crucial for everyone to understand the threat and take action to protect themselves," comments Olga Svistunova, security expert at Kaspersky.In order to avoid becoming a victim of spam or phishing-based scams, Kaspersky experts advise the following:Only open emails and click links if you are sure you can trust the senderWhen a sender is legitimate but the content of the message seems strange it is worth checking with the sender via an alternative communication channelCheck the spelling of a website’s URL if you suspect that you are faced with a phishing page. If you are, the URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of OUse a proven security solution when surfing the web. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and phishing campaigns.