Africa faces new financial, hacker-for-hire cybersecurity threats
The good news is that overall, malware is down in South Africa, Kenya and Nigeria, cybersecurity firm Kaspersky says. The bad news: New cybersecurity threats are on the rise, exploiting uncertainty during the pandemic.
By Marc Ferranti
PeopleImages / Getty Images
Though several large African markets have experienced an overall decrease in malware attacks recently, hacking groups that have traditionally targeted Middle East organisations are emerging as top threat actors in sub-Saharan Africa, as the remote-work trend and uncertainty caused by the pandemic leave enterprises more vulnerable than ever to certain kinds of cybercrime, according to security firm Kaspersky.
The good news is that during the first half of the year the firm detected a 36% decline in malware attacks in South Africa, a 26% drop in Kenya and a 2.7% decrease in Kenya. Organisations and individuals in the region, however, should be aware that certain, specific types of attacks are on the rise, according to Kaspersky.
“Certain financial malware types are gaining in popularity thanks to their unique techniques which these groups are exploiting to monetise data. This emphasises that attacks are becoming more targeted and at specific companies, in specific regions and for specific purposes,” Kaspersky said in a press release.
Government, education, healthcare, and military entities are the main hacker targets in sub-Saharan Africa, while the top APT (Advanced Persistent Threat) hacking groups involved in attacks in the region are TransparentTribe, Oilrig, and MuddyWater. Up until recently, these groups typically targeted victims in the Middle East and the Indian subcontinent. TransparentTribe has been linked to Pakistan and OilRig to the Iranian government.
Hackers use spearphishing, ransomware
One of the techniques used by these hackers is spearphishing, a highly targeted form of phishing, that involves custom-crafted emails sent to well-researched victims, often inducing them to click on links that once opened, can launch malware. Ransomware, particularly the STOP ransomware, is increasingly popular, Kaspersky said. Once launched, STOP, like other ransomware, encrypts the victim’s data and offers to release it once a ransom has been paid.
As more people work remotely during the pandemic, APT hackers are exploiting the fact that home computing setups are not as secure as those behind corporate firewalls. Kaspersky also said that during the pandemic it has noticed new phishing tricks — from HR dismissal emails to attacks disguised as delivery notifications.
These phishing techniques appear likely to have been crafted to take advantage of the uncertainty stirred up in workers by the massive move to working from home, economic concerns caused by pandemic, and a rise in deliveries from e-commerce websites, many of which have seen a rise in usage due to coronavirus lockdowns.
Some spearphishing emails appear to be from financial organisations or service providers and ask victims to fill out forms asking for information that can then be used by scammers to hack into the user’s enterprise network.
Hackers for hire emerge as threat
In addition, Kaspersky noted that so-called hackers for hire — an emerging threat globally — may soon be paying more attention to Africa, where enterprise workers do not have as much experience with them as do IT users elsewhere in the world. Hackers for hire are mercenaries who steal private data, often to provide third parties with advice or insights that may give them a competitive advantage, Kaspersky said. Bank data, for example, may reveal insights about market exposure, clients, and back-end systems, the firm said.
“Africa will continue to see more sophisticated APTs emerge and we also suspect that the hacking-for-hire actor type could target companies in Africa in the future. We also anticipate that cybercriminals will increase targeted ransomware deployment using different ways,” said Maher Yamout, a senior security researcher at the Global Research & Analysis Team at Kaspersky, in the Kaspersky press release. “These can range from trojanised cracked software to exploitation across the supply chain of the targeted industry. Data breaches will certainly become more commonplace especially as people will continue to work remotely for the foreseeable future while exposing their systems to the Internet without adequate protection.”
Continue reading for free
Create your free Insider account or sign in to continue reading. Learn more