Spyware incidents surge in Pakistan, banking malware attacks decline

LAHORE: Pakistan's digital infrastructure faced a surge in spyware attacks in the first quarter of 2024, with incidents rising 300 percent from the same period last year, a report by cybersecurity firm Kaspersky stated.

However, banking malware attacks show a more than 50 percent decline from 2023.According to the Kaspersky annual Managed Detection and Response (MDR) Analyst Report, comparing cyberattack statistics between Pakistan's first quarters of 2023 and 2024, reveals a mixed landscape of threats.

The data shows that backdoor attacks saw a moderate increase in 2024, indicating persistent vulnerabilities in digital infrastructures. The most notable surge was observed in spyware attacks, showing an increase of 300 percent of cases during the first quarter of 2024 as compared to the corresponding period of 2023. This exposes growing concerns over espionage and data exfiltration.

MDR Reports identified that the frequency of high-severity incidents with direct human involvement exceeded two per day in 2023. This trend was observed across all industries with financial, IT, government, and industrial sectors at the top of the list. Furthermore, 22.9 percent of all detected high-severity incidents were recorded in the government sector, IT companies stood second at 15.4 percent, followed by financial and industrial companies that reported 14.9 percent and 11.8 percent of incidents respectively.

MDR identified that nearly 25 percent of incidents were driven by humans. It was found that the proportion of incidents involving the detection of targeted attack artefacts, publicly available critical vulnerabilities and the use of social engineering was around 4 to 5 percent.

Azam Mughal, chair of the Cyber Security Committee of P@SHA, believed that the 300 percent rise in spyware suggests a significant increase in attempts to steal information. This may be due to a change in political polarisation of the region where Pakistan is playing a very important role. Especially when it comes to CPEC and easing tensions with neighboring countries where non-state actors are trying hard to destabilize the country.

“The report mentions persistent backdoor vulnerabilities, which are essentially weaknesses that allow attackers continued access. Patching these vulnerabilities is crucial to prevent spyware installation,” Mughal said.

The P@SHA Cybersecurity chair committee considers some policy drawbacks which result in increasing attacks. "A lack of strong cybersecurity policies or lax enforcement could make it easier for attackers to operate. This might include limitations on data protection or investigation. The Government of Pakistan and its allied departments are working hard to devise and enforce required compliances for companies that are operating in the country to protect the data of the nation."

However, the presence of unpatched vulnerabilities suggests weaknesses in Pakistani digital infrastructure. This could be due to outdated systems, lack of awareness about patching, or insufficient resources for cybersecurity measures. Overall, it's likely a combination of increased espionage attempts and vulnerabilities in Pakistani digital infrastructure that's fueling the rise of spyware attacks. These fluctuations emphasize the imperative for continuous enhancement of cybersecurity measures to protect Pakistan's digital infrastructure from diverse and evolving threats, Mughal suggested.

“In 2023, Kaspersky detected a smaller number of high-severity incidents, but observed a simultaneous increase in the number of medium and low severity ones. It’s important to understand that the low number of high-severity incidents does not necessarily indicate low damage. Targeted attacks are now planned more carefully, and have become more dangerous. Therefore, it is recommended to use effective automated cybersecurity solutions managed with the help of experienced SOC analysts,” commented Hafeez Rehman, technical group manager at Kaspersky.

Arsalan Bokhari, a cybersecurity expert, believes that there is something wrong with the decline of banking malware attacks. The complaints of the individuals are growing on banking frauds in recent times. In such complaints the users didn’t get OTP, on mobile and emails nor the transaction details while the amount was being deducted from their accounts by the hackers. In such a scenario, a 50 percent decline in banking malware attacks might be under reported numbers, he commented.