Qatar:

1. How is Kaspersky business doing in the region and in Qatar?

   The Middle East is an important market for Kaspersky as the region continues to digitally transform and embrace new technologies such as 5G, IoT and Artificial Intelligence. Such new technologies expand the attack surface and and provide new avenues for targeted attacks and cyberthreats and we’re well positioned to help governments and businesses embrace the digital change without worrying about cyberthreats.

    

   We have had steady growth in our META businesses throughout the past years, our Q1 of 2022, among other things, shows a 42% YOY growth in our Enterprise segment. Kaspersky has been operating worldwide for 25 years and for more than 10 years in Qatar specifically, and our team continues to grow as our business expands in the country.

    

2. Where does Kaspersky process users' data?

   Within our Global Transparency Initiative (GTI), Kaspersky has relocated part of its data-processing infrastructure to Switzerland. Thus, malicious and suspicious files shared by users of our products in the Middle East, as well as a number of other regions, are stored and processed in two datacenters in Zurich, Switzerland. These are world-class facilities that comply with industry standards and ensure the highest levels of security. Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky are processed on our servers located in various countries around the world.

    

3. Tell us more about the APTs targeting Qatar?

   Kaspersky researchers have kept a close eye on Qatar for Advanced Persistent Threat (APT) groups and are currently monitoring at least 7 cyber gangs actively targeting the country in recent years. Kaspersky researchers issued over 14 threat intelligence reports as a result of investigations associated with these groups that are primarily targeting governmental and diplomatic entities as well as companies in the telecommunications sector. Kaspersky works closely with local reinforcement agencies internationally such as the INTERPOL as well as with law enforcement agencies in Qatar to provide them with information to track down and prosecute the groups responsible for such attacks.

   Our Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world issuing more than a 150 threat intelligence reports yearly. Today GReAT experts cover Europe, Russia, Americas, Asia, Africa and the Middle East – which gives us heightened visibility from east to west.

    

4. Has the war affected Kaspersky's operations in the region?

   We keep working as usual and our operations remain stable. Kaspersky is a global company registered in the UK — we operate in 200 countries and territories worldwide and have over 30 offices across the globe, including in the Middle East —The company guarantees the fulfillment of its obligations to both partners and customers – including product delivery and support and financial transaction continuity.

    

5. What incidents and cyberattacks connected to the Ukrainian crisis Kaspersky researchers see?

   Destructive attacks have been targeting Ukraine for the past 5 years in a constant manner and there is no reason to believe they will disappear. The attacks that have been seen recently, such as WhisperGate, were targeted in nature. At the same time, we have also witnessed activity of a new wiper dubbed as HermeticWiper. The wiper abuses legitimate drivers to corrupt the drivers of the compromised system.

   According to Kaspersky researchers, at the moment there is a huge spike in the amount of new infrastructure deployed by the APT group known as Gamaredon, Armageddon or ACTINIUM. This group has been actively targeting Ukraine for the past years and is probably the most active APT group in the area at the moment.

   There have also been reports on DDoS attacks targeting Ukrainian banks, the malware used to launch DDoS attacks against Ukrainian banks is a commodity Mirai variant known as Katana. It was previously for sales on underground forums and it is now available freely on Github. It is spreading by targeting vulnerabilities in outdated home routers and IoT equipment. It is very likely that the attacks will continue, probably focusing on national entities, large institutions and the banking sector. Companies outside Ukraine should also remain vigilant and take all precautions against targeted attacks as well as supply chain attacks.

    

6. How can business stay protected from escalating cyberthreats?

To protect your company from cyberattacks, Kaspersky recommends the following:

• Always update software installed on all devices to prevent possible exploitation of vulnerabilities.
• Pay special attention to outgoing traffic to identify communications among cybercriminals.
• Back up your data regularly. Make sure you can quickly access your backup in case of an emergency.
• Use up-to-date global cyberthreat monitoring data to stay informed of the latest TTPs being used by attackers.
• Use security solutions of the Endpoint Detection and Response and Managed Detection and Response classes, which help identify and stop an attack at an early stage.
• Train and instruct your employees on how to secure the corporate environment and increase their awareness of cyberthreats.