Kaspersky’s Global Research and Analysis Team has unveiled critical insights into the evolving cybersecurity landscape of the Middle East, Türkiye, and Africa region. The findings, presented during the annual Cyber Security Weekend, underscore a significant uptick in ransomware activities, the emergence of sophisticated advanced persistent threats, and the growing utilization of artificial intelligence by cybercriminals.

In the META region, Kaspersky is tracking 25 active APT groups, including SideWinder, Origami Elephant, and MuddyWater. These groups are increasingly targeting mobile platforms using sophisticated methods to exploit weaknesses and avoid being detected. This growing focus on mobile devices aligns with the region’s digital transformation, making them key targets for cyber espionage and data breaches.

Data from the first quarter of 2025 reveals a concerning rise in web-based cyber incidents. Türkiye reported the highest rate, with 26.1% of users affected, followed by Kenya at 20.1%. Other countries experiencing significant impacts include Qatar (17.8%), Nigeria (17.5%), and South Africa (17.5%). These statistics highlight the pressing need for enhanced cybersecurity measures and awareness campaigns to protect users from increasingly sophisticated online threats.

Ransomware continues to pose a significant threat globally, with a modest increase in incidents from 0.42% in 2023 to 0.44% in 2024. However, certain regions within the META area have experienced more pronounced rises. The Middle East saw an increase to 0.72%, Türkiye to 0.46%, and Africa to 0.41%. The proliferation of ransomware in these regions is attributed to rapid digitization and varying levels of cybersecurity preparedness, particularly in sectors like manufacturing, finance, and government.

A notable development in the cyber threat landscape is the rise of AI-driven ransomware groups, exemplified by the emergence of FunkSec in late 2024. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec has surpassed established groups like Cl0p and RansomHub by leveraging AI-generated code, complete with professional-quality annotations likely produced using large language models. Their strategy focuses on low-cost, high-volume attacks, utilizing automation to reduce operational expenses and expand their reach. This approach not only enhances efficiency but also poses significant challenges for traditional cybersecurity defenses.

The evolving threat landscape in the META region underscores the urgent need for robust cybersecurity frameworks. Organizations are encouraged to invest in advanced threat detection systems, employee training programs, and collaborative efforts with cybersecurity experts to mitigate risks. As cybercriminals continue to adopt AI and other emerging technologies, proactive and adaptive security strategies will be essential in safeguarding digital assets and maintaining trust in digital infrastructures.