Market Research
FortiGuard Labs Predicts the Convergence of Advanced Persistent Threat Methods with Cybercrime
Fortinet has unveiled predictions from the FortiGuard Labs global threat intelligence and research team about the cyber threat landscape for the next 12 months and beyond. From quickly evolving Cybercrime-as-a-Service (CaaS)-fueled attacks to new exploits on nontraditional targets like edge devices or online worlds, the volume, variety, and scale of cyber threats will keep security teams on high alert in 2023 and beyond.
Derek Manky, Chief Security Strategist and VP for Global Threat Intelligence, FortiGuard Labs said, “As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponize new technologies at scale to enable more disruption and destruction. They are not just targeting the traditional attack surface but also beneath it, meaning both outside and inside traditional network environments. At the same time, they are spending more time on reconnaissance to attempt to evade detection, intelligence, and controls. All of this means cyber risk continues to escalate, and CISOs need to be just as nimble and methodical as the adversary. Organizations will be better positioned to protect against these attacks with a cybersecurity platform integrated across networks, endpoints, and clouds to enable automated and actionable threat intelligence, coupled with advanced behavioral-based detection and response capabilities.”
Success of RaaS is a Preview of What Is to Come with CaaS
Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors will be made available as a service through the dark web to fuel a significant expansion of Cybercrime-as-a-Service. Beyond the sale of ransomware and other Malware-as-a-Service offerings, new a la carte services will emerge. CaaS presents an attractive business model for threat actors. With varying skill levels they can easily take advantage of turnkey offerings without investing the time and resources upfront to craft their own unique attack plan.
And for seasoned cybercriminals, creating and selling attack portfolios as-a-service offers a simple, quick, and repeatable payday. Going forward, subscription-based CaaS offerings could potentially provide additional revenue streams. In addition, threat actors will also begin to leverage emerging attack vectors such as deepfakes, offering these videos and audio recordings, and related algorithms more broadly for purchase.
One of the most important methods to defend against these developments is cybersecurity awareness education and training. While many organizations offer basic security training programs for employees, organizations should consider adding new modules that provide education on spotting evolving methods such as AI-enabled threats.
Reconnaissance-as-a-Service Models Could Make Attacks More Effective
Another aspect of how the organized nature of cybercrime will enable more effective attack strategies involves the future of reconnaissance. As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching an attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints to include an organization’s security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack.
Attacks fueled by CaaS models mean stopping adversaries earlier during reconnaissance will be important. Luring cybercriminals with deception technology will be a helpful way to not only counter RaaS but also CaaS at the reconnaissance phase. Cybersecurity deception coupled with a digital risk protection (DRP) service can help organizations know the enemy and gain an advantage.
Money Laundering Gets a Boost from Automation to Create LaaS
To grow cybercriminal organizations, leaders, and affiliate programs employ money mules who are knowingly or unknowingly used to help launder money. The money shuffling is typically done through anonymous wire transfer services or through crypto exchanges to avoid detection. Setting up money mule recruitment campaigns has historically been a time-consuming process, as cybercrime leaders go to great lengths to create websites for fake organizations and subsequent job listings to make their businesses seem legitimate.
Cybercriminals will soon start using machine learning (ML) for recruitment targeting, helping them to better identify potential mules while reducing the time it takes to find these recruits. Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace. Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. And for the organizations or individuals that fall victim to this type of cybercrime, the move to automation means that money laundering will be harder to trace, decreasing the chances of recovering stolen funds.
Looking outside an organization for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and help gain contextual insights on current and imminent threats before an attack takes place.
Virtual Cities and Online Worlds Are New Attack Surfaces to Fuel Cybercrime
The metaverse is giving rise to new, fully immersive experiences in the online world, and virtual cities are some of the first to foray into this new version of the internet-driven through augmented reality technologies. Retailers are even launching digital goods available for purchase in these virtual worlds. While these new online destinations open a world of possibilities, they also open the door to an unprecedented increase in cybercrime in unchartered territory.
For example, an individual’s avatar is essentially a gateway to personally identifiable information (PII), making them prime targets for attackers. Because individuals can purchase goods and services in virtual cities, digital wallets, crypto exchanges, NFTs, and any currencies used to transact offer threat actors yet another emerging attack surface. Biometric hacking could also become a real possibility because of the AR and VR-driven components of virtual cities, making it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans and then use them for malicious purposes.
In addition, the applications, protocols, and transactions within these environments are also possible targets for adversaries. Regardless of work-from-anywhere, learning-from-anywhere, or immersive experiences-from-anywhere, real-time visibility, protection, and mitigation is essential with advanced endpoint detection and response (EDR) to enable real-time analysis, protection, and remediation.
Commoditization of Wiper Malware Will Enable More Destructive Attacks
Wiper malware has made a dramatic comeback in 2022, with attackers introducing new variants of this decade-old attack method. According to the 1H 2022 FortiGuard Labs Global Threat Landscape report, there was an increase in disk-wiping malware in conjunction with the war in Ukraine, but it was also detected in 24 additional countries, not just in Europe. Its growth in prevalence is alarming because this could be just the start of something more destructive.
Beyond the existing reality of threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact, the concern going forward is the commoditization of wiper malware for cybercriminals. Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organized nature of cybercrime today.
This makes time for detection and the speed at which security teams can remediate paramountly. Using AI-powered inline sandboxing is a good starting point to protect against sophisticated ransomware and wiper malware threats. It allows real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.
What These Attack Trends Mean for Cybersecurity Professionals
The world of cybercrime and the attack methods of cyber adversaries, in general, continue to scale at great speed. The good news is that many of the tactics they are using to execute these attacks are familiar, which better positions security teams to protect against them.
Security solutions should be enhanced with machine learning (ML) and artificial intelligence (AI) so they can detect attack patterns and stop threats in real-time. However, a collection of point security solutions is not effective in today’s landscape. A broad, integrated, and automated cybersecurity mesh platform is essential for reducing complexity and increasing security resiliency. It can enable tighter integration, improved visibility, and more rapid, coordinated, and effective response to threats across the network.
Leading cybersecurity provider Sophos has released findings from a new study quantifying the financial impact of various cybersecurity controls on cyber insurance claims. The research compares the effect of endpoint solutions, EDR/XDR technologies, and MDR services on claim amounts, offering valuable insights for both insurers and organizations.
Sally Adam, Senior Director, Solution Marketing at Sophos, said, “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options. At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place. This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”
The Sophos study reveals a dramatic difference in cyber insurance claims: organizations using MDR services claim a median compensation of just $75,000, a staggering 97.5% less than the $3 million median claimed by organizations relying solely on endpoint solutions. This means that endpoint-only users typically claim 40 times more in the event of an attack. The study attributes this significant reduction to the rapid threat detection and blocking capabilities of MDR services, which can effectively prevent extensive damage.
The study also highlights a clear benefit to combining EDR or XDR with endpoint solutions, as the average insurance claim for users of these tools is just $500,000, which is one-sixth of the $3 million average claim for those using only endpoint solutions.
The Sophos study indicates that the predictability of cyber insurance claims varies significantly depending on the security controls in place. Claims from organizations utilizing MDR services show the highest predictability, suggesting consistent and reliable threat mitigation. This is likely due to the 24/7 expert monitoring, investigation, and response that allows for swift action against threats at any time. Conversely, claims from users of EDR/XDR tools are the least predictable, implying that their effectiveness in preventing major damage heavily depends on the user’s expertise and speed of response.
The Sophos study also reveals significant differences in recovery times from ransomware attacks. Endpoint solution users average a 40-day recovery, while EDR/XDR users take the longest at 55 days. In stark contrast, organizations using MDR services recover the fastest, with an average downtime of just three days. These findings underscore MDR’s effectiveness in minimizing the impact of cyberattacks and highlight the less predictable recovery experiences associated with EDR/XDR tools, whose success is dependent on user expertise.
Adam concludes, “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”
State-sponsored cyber threats, including Advanced Persistent Attacks (APTs) and hacktivism, saw a sharp rise in the Middle East during 2024, with GCC countries identified as primary targets. These cyberattacks, largely driven by geopolitical tensions, are highlighted in Group-IB’s High-Tech Crime Trends Report 2025.
The report offers a detailed analysis of the interconnected nature of cybercrime and the shifting threat landscape in the Middle East and Africa. It provides actionable insights for businesses, cybersecurity professionals, and law enforcement to strengthen their defense strategies. While APTs in the Middle East saw a 4.27% rise compared to a global surge of 58%, a significant 27.5% of these state-backed espionage threats specifically targeted GCC nations, underlining the region’s vulnerability.
Commenting on the release of the report, Ashraf Koheil, Regional Sales Director MEA at Group-IB, said: “Our report captures the dynamic and complex nature of cyber threats faced by the Middle East today. It shows that cybercrime is not a collection of isolated incidents, but an evolving ecosystem where one attack fuels the next. From sophisticated state-sponsored attacks to rapidly evolving hacktivism and phishing campaigns, the insights presented in this report are essential for organizations seeking to strengthen their cybersecurity defenses.”
GCC nations remained prime targets for cyberattacks in 2024 due to their strategic economic and political significance. Other notable targets included Egypt (13.2%) and Turkey (9.9%), reflecting their geopolitical roles, while countries such as Jordan (7.7%), Iraq (6.6%), Nigeria, South Africa, Morocco, and Ethiopia also faced rising threats.
The Middle East and Africa (MEA) ranked third globally for hacktivist attacks, accounting for 16.54% of incidents, trailing Europe (35.98%) and Asia-Pacific (39.19%). Key industries affected included government and military sectors (22.1%), financial services (10.9%), education (8%), and media and entertainment (5.2%), with attacks often targeting critical infrastructure and essential services. These assaults were largely fueled by geopolitical tensions, serving as tools for ideological expression or political retaliation.
The report also highlighted persistent cybersecurity challenges in the MEA region, such as phishing and data breaches. With rapid digital transformation, the region has become a prime target for sophisticated scams, particularly in the energy, oil and gas (24.9%) and financial services (20.2%) sectors, driven by economic motives. Phishing attacks continue to be a major threat, heavily affecting internet services (32.8%), telecommunications (20.7%), and financial services (18.8%) in the META region.
“We must embrace a collective defense strategy that unites financial institutions, telecommunications providers, and law enforcement agencies. By sharing intelligence, coordinating proactive security measures, and executing joint actions, we can disrupt fraudulent activities before they cause harm. This collaborative approach not only enhances our ability to detect and prevent fraud but also strengthens the resilience of our critical infrastructure, protects our national security,” added Ashraf Koheil.
The report revealed that ransomware attacks in the MEA region remained relatively low, with only 184 incidents, marking the lowest globally. However, significant concerns persist regarding Initial Access Brokers (IABs) and the vulnerabilities they exploit. In 2024, IAB activity was notable, with GCC nations (23.2%) and Turkey (20.5%) as the most targeted areas. Egypt reported the highest number of compromised hosts (88,951), followed by Turkey (79,789) and Algeria (49,173), highlighting substantial cybersecurity gaps.
Stolen credentials and sensitive corporate information sold on the dark web have become critical entry points for cybercriminals, including ransomware operators and state-sponsored attackers. The report disclosed over 6.5 billion leaked data entries, with nearly 2.5 billion unique email addresses and 3.3 billion leaked entries containing phone numbers (631 million unique). Additionally, 460 million passwords were exposed globally in 2024, 162 million of which were unique. This surge in leaked data fuels the dark web economy and heightens risks for organizations and individuals worldwide.
Dmitry Volkov, CEO of Group-IB, said, “Group-IB played an intensified role in its global fight against cybercrime and contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures. These efforts disrupted large-scale cybercriminal networks, highlighting the critical role of collaboration between private cybersecurity firms and international law enforcement.”
The report highlighted that threat actors utilized advanced tactics, techniques, and procedures (TTPs) like social engineering, ransomware, and credential theft. Emerging methods, including the Extended Attributes Attack, the Facial-Recognition Trojan (GoldPickaxe.iOS), and the ClickFix infection chain, illustrate the growing complexity and sophistication of cyber threats in the region.
Qlik has announced findings from an IDC survey exploring the challenges and opportunities in adopting advanced AI technologies. The study highlights a significant gap between ambition and execution: while 89% of organizations have revamped data strategies to embrace Generative AI, only 26% have deployed solutions at scale. These results underscore the urgent need for improved data governance, scalable infrastructure, and analytics readiness to fully unlock AI’s transformative potential.
The findings, published in an IDC InfoBrief sponsored by Qlik, arrive as businesses worldwide race to embed AI into workflows, with AI projected to contribute $19.9 trillion to the global economy by 2030. Yet, readiness gaps threaten to derail progress. Organizations are shifting their focus from AI models to building the foundational data ecosystems necessary for long-term success.
Stewart Bond, Research VP for Data Integration and Intelligence at IDC, emphasised, “Generative AI has sparked widespread excitement, but our findings reveal a significant readiness gap. Businesses must address core challenges like data accuracy and governance to ensure AI workflows deliver sustainable, scalable value.” Without addressing these foundational issues, businesses risk falling into an “AI scramble,” where ambition outpaces the ability to execute effectively, leaving potential value unrealized.
“AI’s potential hinges on how effectively organizations manage and integrate their AI value chain,” said James Fisher, Chief Strategy Officer at Qlik. “This research highlights a sharp divide between ambition and execution. Businesses that fail to build systems for delivering trusted, actionable insights will quickly fall behind competitors moving to scalable AI-driven innovation.”
The IDC survey uncovered several critical statistics illustrating the promise and challenges of AI adoption: Agentic AI Adoption vs. Readiness:
- 80% of organizations are investing in Agentic AI workflows, yet only 12% feel confident their infrastructure can support autonomous decision-making.
- “Data as a Product” Momentum: Organizations proficient in treating data as a product are 7x more likely to deploy Generative AI solutions at scale, emphasizing the transformative potential of curated and accountable data ecosystems.
- Embedded Analytics on the Rise: 94% of organizations are embedding or planning to embed analytics into enterprise applications, yet only 23% have achieved integration into most of their enterprise applications.
- Generative AI’s Strategic Influence: 89% of organizations have revamped their data strategies in response to Generative AI, demonstrating its transformative impact.
- AI Readiness Bottleneck: Despite 73% of organizations integrating Generative AI into analytics solutions, only 29% have fully deployed these capabilities.
These findings stress the urgency for companies to bridge the gap between ambition and execution, with a clear focus on governance, infrastructure, and leveraging data as a strategic asset.
The IDC survey findings highlight an urgent need for businesses to move beyond experimentation and address the foundational gaps in AI readiness. By focusing on governance, infrastructure, and data integration, organizations can realize the full potential of AI technologies and drive long-term success.
Positive Technologies Discovery Leads D-Link to Recommend Router Replacements
Sophos Study: MDR Users Claim 97.5% Less in Cyber Insurance
Fortinet Strengthens OT Security for Critical Infrastructure
ManageEngine’s Open API Platform Enables Unified, Customisable Security Analytics
AI-Driven Deception: A New Face of Corporate Fraud
UAE Cyber Security Council and CPX Unveil Cybersecurity Report 2025
Proactive Threat Intelligence is Essential in Securing Critical Infrastructure
“We Can All Do Better By Treating Women in Tech as Equals”
Supply Chain Vulnerabilities Are Becoming a Growing Concern
“Having Mentors Who Believe in You Can Make All the Difference”
UAE Workforce in 2025: Cybercrime, Stress, and Burnout Take the Spotlight
Video: Toshiba Presents Latest Hard Drives and QNAP NAS System Live Demo at INTERSEC 2025
Video: Toshiba Showcases its Latest Hard Disk Drives Through Live Demos at Intersec 2025
Video: Interview with Meriam ElOuazzani of SentinelOne
Video: Interview with Fred Crehan of Confluent at GITEX Global 2024
-
Artificial Intelligence1 week ago89% of Companies Update AI Data Strategies, But Gaps Remain
-
News1 week agoMatrix Announces IoTSCS-ER Compliant Network Cameras Certified by STQC
-
Cyber Security1 week agoHalcyon Launches 24/7 Ransomware Detection and Recovery (RDR) Solution
-
Artificial Intelligence1 week agoKaspersky Detects Sophisticated Scam Using DeepSeek AI
-
Artificial Intelligence6 days agoUiPath Acquires Peak to Drive Next-Gen AI Decision Intelligence
-
Cyber Security1 week agoNew Research from Palo Alto Networks and Siemens on OT Security Risks
-
Cyber Security1 week agoForcepoint to Acquire Getvisibility
-
Cyber Security7 days agoGroup-IB Outs High-Tech Crime Trends Report 2025 for META