Backdoor malware detections in the Middle East plunge by 35% in the second quarter of 2022, remains at a high level

According to Kaspersky Security Network data for corporate users, the number of backdoor malware detected in Q2 2022 in the Middle East decreased by 35% compared to the previous quarter – Kaspersky’s security solutions have detected 443,408 cases in April-June 2022. However, the number of backdoor detections remains high and poses a challenge for security operations centers in commercial and government organizations.

A backdoor is one of the most dangerous types of malware. Backdoors provide cybercriminals with remote administration of a victim’s machine. Unlike legitimate remote administration utilities, backdoors install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity and more.

Recently Kaspersky discovered a hard-to-detect backdoor dubbed SessionManager that targeted governments and NGOs around the globe. This backdoor was set up as a malicious module within the Internet Information Services (IIS), a popular web server edited by Microsoft. SessionManager enables a wide range of malicious activities from collecting emails to complete control over the victim’s infrastructure. First leveraged in March 2021, this backdoor hit government institutions and NGOs in Africa, South Asia, Europe and the Middle East. Many of the targeted organizations remain at risk.

According to Kaspersky data, Bahrain and Oman were the only countries in the Middle East to see increases in backdoor detections from Q1 to Q2. In Bahrain, the number of detected cases in Q2 increased from Q1 by 63% to 2,756 cases. In Oman, the increase rate for detections stood at 17% with the number of cases rising to 5,014.

However, the most significant decrease in backdoor detections in Q2 compared to Q1 among the Middle East countries happened in Qatar – by 53% to 2,466 cases. In Egypt the number of backdoor detections decreased to 212,011 by 47%. Kuwait and Saudi Arabia saw similar decreases in the share of backdoor detections in Q2 – by 22% to 4,240 cases and 169,373 cases, respectively. The United Arab Emirates saw a mild decrease in the number of backdoor detections to 47,548 (3% decrease).

“Backdoors enable a series of long unnoticed cyberespionage campaigns, which result in significant financial or reputational losses and may disrupt the victim organization’s operations. Corporate systems should be constantly audited and carefully monitored for hidden threats,” comments Dr. Amin Hasbini, Head of Global Research and Analysis Team (GReAT), Middle East, Türkiye and Africa region at Kaspersky. “Gaining insights into active cyberthreats is paramount for companies to protect their assets, and threat intelligence is the only component that can enable reliable and timely anticipation of complex backdoors. Threat intelligence powers Kaspersky Anti Targeted Attack platform, with which is an ultimate endpoint detection and response solution that delivers all-in-one protection against complex and targeted attacks. It gives cybersecurity teams full visibility of the network, web, email, PCs, laptops, servers and virtual machines in public clouds.”

To protect your organization from backdoors, Kaspersky experts recommend:

Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminal connections. Back up data regularly. Make sure you can quickly access it in an emergency.
Use a solution like Kaspersky Anti Targeted Attack with extended EDR at its core, which helps to identify and stop backdoor attacks in the early stages, before the attackers achieve their goals.
Use a reliable endpoint security solution, such as Kaspersky Endpoint Security for Business (KESB) that is powered by exploit prevention, behavior detection and a remediation engine that is able to roll back malicious actions. KESB also has self-defense mechanisms that can prevent its removal by cybercriminals.