Oil & gas sector facing cybersecurity threats: Kaspersky

ISLAMABAD: Pakistan is facing cybersecurity threats (Advance Persistent Threats) in government organizations and corporate sector particularly oil and gas sector where attempts were made to steal vital information and 2.5 million web-based threats were witnessed in the country during January-September 2025.

Addressing a press conference here on Friday, the global cybersecurity company Kaspersky presented statistics, unpacking Pakistan’s current cyberthreat landscape, and shared practical advice for staying cyber secure.

During a media briefing session, Dmitry Berezin, Kaspersky’s Global Security Expert, focused on pressing cyberthreats facing the country, including exploits, ransomware and advanced targeted attacks. Understanding the growing and increasingly sophisticated cyberthreat landscape is crucial for organizations, while individuals should also stay aware and follow fundamental cyber hygiene principles, Kaspersky advices.

Within the financial sector, if any bank’s data is compromised, the incidents are usually not reported by banks to retain banking clients, expert responded to a query.

According to data from Kaspersky, over 5.3 million on-device attacks were detected in Pakistan in three quarters of 2025 (January-September): 27 percent of all users and 24 percent of corporate entities faced malware delivered via infected USB drives, CDs, DVDs, and hidden installers, including ransomware, worms, backdoors, trojans, password stealers, and spyware. In the same period, over 2.5 million web attacks were blocked by Kaspersky solutions: 16% of all users and 13% of corporate entities faced web-based threats that include phishing scams, exploits, botnets, Remote Desktop Protocol attacks, and network spoofing, such as fake Wi-Fi networks.

More detailed statistic by malware types showed over 354,000 exploitation attempts stopped by Kaspersky solutions, 166,000 banking malware detections, 126,000 spyware attacks prevented, 113,000 backdoors and 107,000 password stealers blocked. Ransomware attacks, which are not characterized by mass distribution, but are more targeted on specific victims, were detected 42,000 times.

Top exploited vulnerabilities in Pakistan included two from 2025 in 7-Zip and several from previous years in Microsoft Office, HTML, WinRar, VLC player and Notepad++. This underscores the importance of timely updates both by individuals and organizations.

Furthermore, ransomware remains a leading reason of corporate cyber incidents globally and in Pakistan, with targeted groups selecting high-value victims across government and enterprise. Effective defence requires a combination of prevention and response actions. These include adopting rigorous patching, strong authentication, restricted remote access, deployment of endpoint detection and response (EDR) and extended detection and response (XDR) solutions such as those from the Kaspersky Next product line, regular backups, and continuous user awareness to mitigate phishing-driven initial access.

Kaspersky shared that the Pakistan is a focus for seven Advanced Persistent Threat (APT) groups. These both established and emerging groups target telecoms and financial services, critical infrastructure and government entities, while also extending their reach into commercial and emerging industries, Dmitry said.

APT groups quickly adapt their tactics, techniques, and procedures. One such example of significant shift in tactics is seen in the recent targeted campaign, monitored by Kaspersky, by the APT group called ‘Mysterious Elephant’ that primarily targets organizations across the Asia-Pacific region, including in Pakistan. It aims to steal highly sensitive information, including documents, images, and archived files, with WhatsApp data targeted for exfiltration.

In their 2025 campaign the attackers use a combination of exploit kits, personalized spear-phishing emails, and malicious documents, tailoring each attack to specific victims to gain initial access. Once inside the network, the threat actor employs a variety of tools and techniques to escalate privileges, move laterally, and exfiltrate sensitive data.

“Some threats are distributed widely, while others are highly focused. For example, exploitation of 0-day vulnerabilities is a tactic that is used by sophisticated cybercriminals in attacks such as ransomware and advanced persistent threats,” commented Dmitry Berezin, Kaspersky’s Global Security Expert. “Understanding the threat landscape becomes an operational necessity: when you know which threats are active in the region, you can fine-tune the security controls to be proactively protected against them.”

Copyright Business Recorder, 2025