A recent report from the Kaspersky Response and Detection Team has unveiled a staggering 300 percent increase in espionage-related cyber-attacks in Pakistan during the first quarter of 2024 compared to the same period in 2023.
The findings underscore a concerning trend in cyber warfare, with attacks involving direct human involvement exceeding two per day in 2023.
Across various industries, including finance, IT, government, and industrial sectors, the surge in cyber incidents has been evident.
The public sector recorded a 22.9 percent increase in attacks, followed by IT companies with 15.4 percent, and financial and industrial sectors reporting 14.9 percent and 11.8 percent increases, respectively.
The report provides comprehensive insights into the annual incidents, their nature, distribution by industry, and geographical regions, highlighting prevalent tactics, techniques, and tools employed by attackers, with human-driven events constituting 25 percent of the total incidents.
While malware attacks witnessed a slight decrease in 2023, the threat landscape in Pakistan remained mixed during the first quarters of 2023 and 2024.
Backdoor attacks saw a slight uptick in 2024, indicating persistent vulnerabilities in digital infrastructure. Notably, spyware attacks surged by a remarkable 300 percent in the first quarter of 2024 compared to the same period in 2023, raising concerns over espionage and data breaches.
In contrast, banking malware attacks are projected to decline by over 50 percent from 2023, highlighting evolving threat dynamics. These fluctuations underscore the imperative for continuous enhancement of cybersecurity measures to safeguard Pakistan’s digital infrastructure against diverse and emerging threats.
Hafeez Rehman, Kaspersky’s technical group manager, emphasized the detection of a small number of high-severity incidents alongside an increase in medium and low-severity incidents. He cautioned that fewer high-severity events do not necessarily indicate reduced harm, as targeted attacks are becoming more sophisticated and perilous.
To bolster protection against severe attacks, Rehman recommended the implementation of effective automated cybersecurity solutions. Additionally, companies are advised to adopt managed security services such as Managed Detection and Response (MDR) and incident response, along with hiring qualified practitioners for detection and management of cyber threats.
