The good news is that overall, malware is down in South Africa, Kenya and Nigeria, cybersecurity firm Kaspersky says. The bad news: New cybersecurity threats are on the rise, exploiting uncertainty during the pandemic. Credit: PeopleImages / Getty Images Though several large African markets have experienced an overall decrease in malware attacks recently, hacking groups that have traditionally targeted Middle East organisations are emerging as top threat actors in sub-Saharan Africa, as the remote-work trend and uncertainty caused by the pandemic leave enterprises more vulnerable than ever to certain kinds of cybercrime, according to security firm Kaspersky. The good news is that during the first half of the year the firm detected a 36% decline in malware attacks in South Africa, a 26% drop in Kenya and a 2.7% decrease in Kenya. Organisations and individuals in the region, however, should be aware that certain, specific types of attacks are on the rise, according to Kaspersky. “Certain financial malware types are gaining in popularity thanks to their unique techniques which these groups are exploiting to monetise data. This emphasises that attacks are becoming more targeted and at specific companies, in specific regions and for specific purposes,” Kaspersky said in a press release. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Kaspersky Maher Yamout is a senior security researcher for the Global Research & Analysis Team at Kaspersky. Government, education, healthcare, and military entities are the main hacker targets in sub-Saharan Africa, while the top APT (Advanced Persistent Threat) hacking groups involved in attacks in the region are TransparentTribe, Oilrig, and MuddyWater. Up until recently, these groups typically targeted victims in the Middle East and the Indian subcontinent. TransparentTribe has been linked to Pakistan and OilRig to the Iranian government. Hackers use spearphishing, ransomware One of the techniques used by these hackers is spearphishing, a highly targeted form of phishing, that involves custom-crafted emails sent to well-researched victims, often inducing them to click on links that once opened, can launch malware. Ransomware, particularly the STOP ransomware, is increasingly popular, Kaspersky said. Once launched, STOP, like other ransomware, encrypts the victim’s data and offers to release it once a ransom has been paid. As more people work remotely during the pandemic, APT hackers are exploiting the fact that home computing setups are not as secure as those behind corporate firewalls. Kaspersky also said that during the pandemic it has noticed new phishing tricks — from HR dismissal emails to attacks disguised as delivery notifications. These phishing techniques appear likely to have been crafted to take advantage of the uncertainty stirred up in workers by the massive move to working from home, economic concerns caused by pandemic, and a rise in deliveries from e-commerce websites, many of which have seen a rise in usage due to coronavirus lockdowns. Some spearphishing emails appear to be from financial organisations or service providers and ask victims to fill out forms asking for information that can then be used by scammers to hack into the user’s enterprise network. Hackers for hire emerge as threat In addition, Kaspersky noted that so-called hackers for hire — an emerging threat globally — may soon be paying more attention to Africa, where enterprise workers do not have as much experience with them as do IT users elsewhere in the world. Hackers for hire are mercenaries who steal private data, often to provide third parties with advice or insights that may give them a competitive advantage, Kaspersky said. Bank data, for example, may reveal insights about market exposure, clients, and back-end systems, the firm said. The breach of the South African branch of consumer credit reporting agency Experian was the largest in Africa this year, with the data of 24 million people and 800,000 businesses falling into the hands of a fraudster pretending to be a client of the firm. “Africa will continue to see more sophisticated APTs emerge and we also suspect that the hacking-for-hire actor type could target companies in Africa in the future. We also anticipate that cybercriminals will increase targeted ransomware deployment using different ways,” said Maher Yamout, a senior security researcher at the Global Research & Analysis Team at Kaspersky, in the Kaspersky press release. “These can range from trojanised cracked software to exploitation across the supply chain of the targeted industry. Data breaches will certainly become more commonplace especially as people will continue to work remotely for the foreseeable future while exposing their systems to the Internet without adequate protection.” Related content news CIO Announces the CIO 100 UK and shares Industry Recognition Awards in flagship evening celebrations By Romy Tuin Sep 28, 2023 4 mins CIO 100 IDG Events Events feature 12 ‘best practices’ IT should avoid at all costs From telling everyone they’re your customer to establishing SLAs, to stamping out ‘shadow IT,’ these ‘industry best practices’ are sure to sink your chances of IT success. By Bob Lewis Sep 28, 2023 9 mins CIO IT Strategy Careers interview Qualcomm’s Cisco Sanchez on structuring IT for business growth The SVP and CIO takes a business model first approach to establishing an IT strategy capable of fueling Qualcomm’s ambitious growth agenda. By Dan Roberts Sep 28, 2023 13 mins IT Strategy IT Leadership feature Gen AI success starts with an effective pilot strategy To harness the promise of generative AI, IT leaders must develop processes for identifying use cases, educate employees, and get the tech (safely) into their hands. By Bob Violino Sep 27, 2023 10 mins Generative AI Innovation Emerging Technology Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe