Muscat – Kaspersky Security Network data indicates that the number of exploits detected in Q2 2022 in the Middle East increased compared to Q1. The company’s security solutions detected 1,258,283 cases in April-June 2022. Oman saw a 12 per cent rise in exploit detection cases to 16,871, with the share of affected users decreasing nine per cent.

Exploits are programs or pieces of code written by cybercriminals that are designed to take advantage of a bug or vulnerability in an application or operating system running on a local or remote system (PC, server, mobile device, IoT device, etc.). Using an exploit, attackers gain unauthorised access to the applications or operating systems on these systems.

‘Bahrain saw the most significant increase in exploit detections in Q2 compared to Q1 among the Middle East countries – up 137 per cent to 22,186 cases, with the share of affected users rising 36 per cent. It was followed by Saudi Arabia – exploit detection saw an increase of 57 per cent to 523,367, while the share of affected users decreased nine per cent,’ a Kaspersky press statement said.

‘Oman saw a 12 per cent rise in exploit detection cases to 16,871, with the share of affected users decreasing nine per cent. In the United Arab Emirates, the number of detections remained almost unchanged in Q2 at 192,959 (one per cent increase from Q1), and the share of users affected by exploits decreased ten per cent,’ it added.

Zero-day exploits – those relying on vulnerabilities that were previously unknown to the software vendor – are often used for cyberespionage on different organisations and are particularly dangerous for large businesses, government agencies, and individuals with access to valuable data.

In 2021, Kaspersky found four zero-day vulnerabilities in Microsoft products that cybercriminals could exploit – CVE-2021-28310, CVE-2021-31955, CVE-2021-31956, and CVE-2021-40449. These were discovered with Kaspersky’s Exploit prevention technology, which detects not only known exploits, but suspicious anomalies in programs’ behavior as well – and therefore helps cybersecurity practitioners reveal new vulnerabilities.

On the contrary, the most significant decrease in exploit detections in Q2 compared to Q1 in the Middle East countries happened in Egypt – down 19 per cent to 450,828 cases, with the share of users affected by exploits decreasing 11 per cent. Qatar saw a decrease in exploit detections of 12 per cent to 38,140 (seven per cent decrease in the share of affected users). Kuwait saw a decrease of eight per cent in exploit detections to 13,932 cases, however, the share of users affected rose 12 per cent.

“Over the last years we have seen the attackers’ firm interest in zero-day exploits – vulnerabilities previously unknown to vendors that pose a serious threat to all users, home and corporate. These exploits give attackers easy access to victims. That’s why it is important not only to constantly update your systems, but also to install security solutions that proactively discover unknown threats. Of equal importance is providing your cybersecurity team with access to the latest threat intelligence and regular professional trainings,” said Dr Amin Hasbini, Kaspersky’s head of Global Research and Analysis Team (GReAT), Middle East, Turkey and Africa region.

“Kaspersky’s Exploit Prevention technology was designed to add an additional layer of protection for the most frequently targeted programs and technologies. It provides an efficient and non-intrusive way for blocking and detecting both known and unknown exploits. EP is an integral part of Kaspersky’s behaviour-based detection capabilities.”