by Marc Ferranti

Africa faces new financial, hacker-for-hire cybersecurity threats

Oct 22, 20204 mins

The good news is that overall, malware is down in South Africa, Kenya and Nigeria, cybersecurity firm Kaspersky says. The bad news: New cybersecurity threats are on the rise, exploiting uncertainty during the pandemic.

hacker / bad actor / criminal / spy / crime
Credit: PeopleImages / Getty Images

Though several large African markets have experienced an overall decrease in malware attacks recently, hacking groups that have traditionally targeted Middle East organisations are emerging as top threat actors in sub-Saharan Africa, as the remote-work trend and uncertainty caused by the pandemic leave enterprises more vulnerable than ever to certain kinds of cybercrime, according to security firm Kaspersky.

The good news is that during the first half of the year the firm detected a 36% decline in malware attacks in South Africa, a 26% drop in Kenya and a 2.7% decrease in Kenya. Organisations and individuals in the region, however, should be aware that certain, specific types of attacks are on the rise, according to Kaspersky.

“Certain financial malware types are gaining in popularity thanks to their unique techniques which these groups are exploiting to monetise data. This emphasises that attacks are becoming more targeted and at specific companies, in specific regions and for specific purposes,” Kaspersky said in a press release.

maher yamout kaspersky Kaspersky

Maher Yamout is a senior security researcher for the Global Research & Analysis Team at Kaspersky.

Government, education, healthcare, and military entities are the main hacker targets in sub-Saharan Africa, while the top APT (Advanced Persistent Threat) hacking groups involved in attacks in the region are TransparentTribe, Oilrig, and MuddyWater. Up until recently, these groups typically targeted victims in the Middle East and the Indian subcontinent. TransparentTribe has been linked to Pakistan and OilRig to the Iranian government.

Hackers use spearphishing, ransomware

One of the techniques used by these hackers is spearphishing, a highly targeted form of phishing, that involves custom-crafted emails sent to well-researched victims, often inducing them to click on links that once opened, can launch malware. Ransomware, particularly the STOP ransomware, is increasingly popular, Kaspersky said. Once launched, STOP, like other ransomware, encrypts the victim’s data and offers to release it once a ransom has been paid.

As more people work remotely during the pandemic, APT hackers are exploiting the fact that  home computing setups are not as secure as those behind corporate firewalls. Kaspersky also said that during the pandemic it has noticed new phishing tricks — from HR dismissal emails to attacks disguised as delivery notifications.

These phishing techniques appear likely to have been crafted to take advantage of the uncertainty stirred up in workers by the massive move to working from home, economic concerns caused by pandemic, and a rise in deliveries from e-commerce websites, many of which have seen a rise in usage due to coronavirus lockdowns.

Some spearphishing emails appear to be from financial organisations or service providers and ask victims to fill out forms asking for information that can then be used by scammers to hack into the user’s enterprise network.

Hackers for hire emerge as threat

In addition, Kaspersky noted that so-called hackers for hire — an emerging threat globally  — may soon be paying more attention to Africa, where enterprise workers do not have as much experience with them as do IT users elsewhere  in the world. Hackers for hire are mercenaries who steal private data, often to provide third parties with advice or insights that may give them  a competitive advantage, Kaspersky said. Bank data, for example, may reveal insights about  market exposure, clients, and back-end systems, the firm said.

The breach of the South African branch of consumer credit reporting agency Experian was the largest in Africa this year, with the data of 24 million people and 800,000 businesses falling into the hands of a fraudster pretending to be a client of the firm.

“Africa will continue to see more sophisticated APTs emerge and we also suspect that the hacking-for-hire actor type could target companies in Africa in the future. We also anticipate that cybercriminals will increase targeted ransomware deployment using different ways,” said Maher Yamout, a senior security researcher at the Global Research & Analysis Team at Kaspersky, in the Kaspersky press release. “These can range from trojanised cracked software to exploitation across the supply chain of the targeted industry. Data breaches will certainly become more commonplace especially as people will continue to work remotely for the foreseeable future while exposing their systems to the Internet without adequate protection.”