Throughout 2023, Türkiye has emerged as one of the most targeted regions for cybercrime globally, according to findings released by Kaspersky, underscoring the nation's increased vulnerability to cyber threats as digitalization efforts persist among institutions.
As the digital landscape continues to expand, Türkiye has remained a focal point for cybercrime activities. Kaspersky's insights and statistics from the third quarter of 2023 reveal a concerning trend in the regional threat landscape. Moreover, the report offers predictions on how the cyber threat landscape might evolve in the coming year, highlighting the need for proactive measures.
Cyberattacks, particularly phishing attempts, have seen a notable surge in Türkiye. The third quarter of 2023 witnessed a 20% increase in phishing attacks compared to the previous quarter and a staggering 47% rise compared to the same period in 2022. These attacks, characterized by deceptive tactics, aim to illicitly acquire users' personal information such as passwords, credit card numbers and sensitive banking details.
Moreover, Türkiye is among the prominent regions targeted for attacks on industrial control systems (ICS computers). These systems play a pivotal role across various industries including energy, mining, automotive manufacturing and building automation. ICS computers support a range of operational technology functions, from engineers' workstations to supervisory control and data acquisition servers, making them a lucrative target for cyber threats seeking to disrupt critical infrastructure.
The heightened frequency and sophistication of cyber threats targeting Türkiye underscore the urgent need for bolstering cybersecurity measures across institutions and industries. As the digital landscape expands, it becomes increasingly crucial for Türkiye to fortify its defenses and adopt proactive strategies to counter evolving cyber threats.
Kaspersky ICS CERT's analysis reveals that 45% of ICS computers in Türkiye encountered and successfully thwarted various malicious threats at the outset of 2023, surpassing the global average of 38%.
Globally, the escalation in cyber assaults targeting Internet of Things (IoT) devices has shown exponential growth. This surge is attributed to criminal activities and the rising adoption of IoT gadgets among individuals, enterprises and industrial facilities.
The spectrum of IoT devices spans beyond wearables and smart home appliances, extending to encompass smart city infrastructures, autonomous vehicles, automated retail systems, and diverse smart gadgets for both domestic and commercial purposes. These devices possess the capability to gather and transmit data wirelessly without direct human intervention. Cybercriminals exploit networks comprising infected smart devices to execute malevolent actions such as DDoS attacks or other malicious activities.
Kaspersky identified over 27 million attacks directed at IoT devices in Türkiye throughout 2022, notably targeting critical elements of smart city infrastructures, particularly electricity and water systems. These assaults were flagged by Kaspersky's IoT honeypot traps designed to lure cybercriminals and analyze their behaviors.
Mert Değirmenci, a cybersecurity researcher at Kaspersky's Global Research and Analysis Team (GReAT) in Türkiye, commented on the future cyber threat landscape for 2024. He anticipates a dynamic evolution in cyber threats, with state-sponsored attacks on the rise and hacktivism becoming a standard aspect of cyber warfare. Predictions suggest that the widespread availability of generative artificial intelligence will facilitate an increase in spear phishing tactics, alongside the innovative exploitation of vulnerabilities in mobile and IoT devices.
Değirmenci stressed the need for businesses to take proactive measures by adopting threat feeds, security information and event management systems, endpoint detection and advanced response solutions. Incorporating digital forensics and incident response capabilities is crucial to effectively combat these evolving cyber threats.
Kaspersky experts offer comprehensive recommendations to fortify organizations against cyber threats:
– Regular Evaluation and Training: Regular cyber skills assessments among employees coupled with competent training are crucial. Kaspersky's Security Awareness portfolio provides adaptable training methods tailored for businesses of varying sizes.
– Privacy Education for Enterprise Users: Educate enterprise users about potential privacy hazards inherent in virtual environments. Implement robust data protection practices for safeguarding personal and corporate information.
– Firmware Updates: Swiftly install firmware updates for digital devices, including virtual headsets, as soon as they are released.
– IoT Security Measures: Employ Cyber Immunity solutions for safeguarding IoT devices within corporate networks. Prioritize dedicated IoT gateways ensuring inherent security and dependable data transfer.
– Leveraging Threat Intelligence: Utilize Kaspersky Threat Intelligence to thwart network connections from malicious addresses pinpointed by security researchers.
– Continuous Vulnerability Assessment: Establish continuous vulnerability assessment and triage as fundamental components of an effective vulnerability management process.
– Proprietary Solutions: Consider utilizing proprietary solutions such as Kaspersky Industrial CyberSecurity, which offer invaluable actionable insights not publicly accessible, serving as effective aids in bolstering cybersecurity measures.