Nigeria, currently ranked 50th worldwide for online threats, South Africa at 82nd, and Kenya at 35th, have increasingly become focal points for cyber threats.
This is according to Kaspersky Security Network (KSN), which presented the reality of cyber threats in Africa at the recent Gitex Africa conference in Morocco.
Dr Amin Hasbini, head of the Global Research & Analysis Team (GReAT) for META at Kaspersky, cautions business and technology leaders about two primary forms of cyberattacks – criminal and advanced.
“Criminal attacks are mainly driven by the pursuit of financial profit, whereas advanced attacks indicate how cyber threat actors continually adapt their tactics and tools to breach security measures. A significant portion of the attacks witnessed across Africa are shaped by the rapidly changing geopolitical landscape. However, a growing concern is that cybercriminals are learning from successful advanced attacks to refine their craft,” says Dr Hasbini.
In the first quarter of 2023, Kaspersky reported that backdoor and spyware attacks were the most common threat types in South Africa, amassing to 106 000 attack attempts. Similar attacks attempts were observed in Nigeria, totalling 46 000, while the same type of attacks peaked at 143 000 in Kenya. However, in Kenya, exploits emerged as the most dominant form of attack with 177 000 incidents blocked.
Kaspersky also highlighted the growing surge of zombie machines – a connected device that becomes part of a botnet. Examples include legacy, old and forgotten devices, IoT devices, network equipment, printers, cameras, even coffee machines. In the year to date, 1,6-million zombie machines have been detected in South Africa and 300 000 in Kenya.
Dr Hasbini’s flags several ransomware groups setting their sights on African targets. “Threats to critical infrastructure, financial institutions, government entities, and service providers have predominated the cyber threat landscape over the past year. We have witnessed different threat actors target various businesses across industries.”
In response to these increasingly sophisticated cyber threats, businesses are advised to adopt a multi-layered defensive strategy.
This is where extended detection and response (XDR) solutions become essential – they analyse data not only from endpoints, but also from other sources. XDR introduces another layer of protection as attacks on infrastructure can occur through any entry point. XDR also adds analytical and automation functions for the detection and elimination of current and potential threats.
Furthermore, continuous security awareness training for employees and real-time access to intelligence on the latest attack methods should supplement any cybersecurity strategy.
Dr Hasbini adds: “Businesses should consider leveraging advanced technologies such as threat feeds, security information and event management systems, endpoint detection and response solutions, and tools with digital forensics and incident response features. It is vital to understand that cyber security measures are an ongoing endeavour – and that there is no universal solution to secure a corporate network or data.”