At the annual Cyber Security Weekend hosted by Kaspersky for the Middle East, Turkiye, and Africa (META) region, the cybersecurity firm’s Global Research and Analysis Team revealed fresh insights into evolving cyberthreat trends. Among the headline findings, Pakistan emerged as one of the least-affected countries by web threats in Q1 2025, second only to Saudi Arabia. This positions Pakistan well below regional peers like Turkiye, Kenya, Qatar, Nigeria, and South Africa, which reported the highest shares of users attacked by online threats.
The report offers a nuanced look at how ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, and AI-driven exploits are shaping the cyber landscape. Kaspersky’s ongoing tracking of cybercrime trends found that 25 APT groups remain active across the META region, including notorious actors such as SideWinder, Origami Elephant, and MuddyWater. These groups continue to evolve their techniques to bypass traditional security measures, with a sharp rise in creative mobile exploits and tactics aimed at detection evasion.
Despite the positive figures for Pakistan, ransomware remains a leading concern globally and in the META region. Kaspersky data shows a 0.02 percentage point (p.p.) increase in ransomware victims globally, raising the affected share to 0.44% from 2023 to 2024. Within the region, Turkiye recorded a 0.06 p.p. increase to 0.46%, while the Middle East saw the highest jump of 0.07 p.p. to 0.72%. Africa experienced more modest growth in ransomware incidents, attributed in part to its relatively lower level of digitization and limited number of high-value targets.
The META region’s increased vulnerability is largely linked to rapid digital transformation, expanding digital footprints, and uneven levels of cybersecurity maturity. These dynamics have made businesses more attractive to attackers who now use targeted ransomware campaigns rather than widespread distribution. High-value sectors—such as government, finance, technology, and education—remain prime targets.
A particularly alarming trend is the emergence of AI-powered ransomware groups, such as FunkSec, which surfaced in late 2024. Despite being new, FunkSec quickly surpassed well-established groups like Cl0p and RansomHub. Operating under a Ransomware-as-a-Service (RaaS) model, the group uses double extortion methods—encrypting data while also stealing it for blackmail. FunkSec’s use of Large Language Models (LLMs) and automation tools allows even low-skilled cybercriminals to launch sophisticated ransomware attacks.
According to Sergey Lozhkin, Head of META and APAC regions at Kaspersky’s Global Research and Analysis Team, the ransomware landscape is growing more dangerous. “Ransomware groups are evolving by adopting techniques such as cross-platform functionality, self-propagation, and zero-day vulnerabilities, which were once exclusive to APT groups. They are increasingly exploiting less monitored entry points such as IoT devices, outdated hardware, and misconfigured systems,” he said. Lozhkin advocates for layered security approaches, including real-time monitoring, system updates, employee education, and robust backups.
Kaspersky urges organizations to implement industry best practices for ransomware protection. This includes keeping all systems updated to prevent exploitation of vulnerabilities, ensuring that SOC teams are equipped with up-to-date threat intelligence, and using tools such as the Kaspersky Anti-Ransomware Tool for Business. For broader protection, the company recommends its Kaspersky Next product line, offering real-time defense, threat visibility, EDR/XDR capabilities, and automated incident response.
While Pakistan’s lower share of users affected by web threats is encouraging, the evolving threat landscape calls for constant vigilance and proactive cybersecurity practices. The Kaspersky report serves as a reminder that cyberthreats are dynamic and no region can afford complacency.
