A new ChromeLoader campaign named “Shampoo” has been targeting Chrome browser users with malware-laden fake ads, while the communications sector has risen, displacing healthcare, to become the second most impacted industry this year.

Specifically for South Africa, Check Point Software Technologies’ Global Threat Index for August 2023 reveals the top threats to be Fakeupdates, FormBook, and Qbot, echoing the global trend.

South Africa’s normalised threat index stands at 42,2%, ranking the nation 45th globally in terms of vulnerability to cyber threats. This indicates a pressing need for robust cybersecurity measures to be implemented across various sectors.

Other highlights in the report include:

* An organisation in South Africa is being attacked on average 1 701 times per week in the last six months, compared to 1 179 attacks per organisation globally.

* The most targeted country in southern Africa is Mauritius.

* 59% of the malicious files in South Africa were delivered via Web in the last 30 days.

* The most common vulnerability exploit type in South Africa is Remote Code Execution, impacting 65% of organisations.

“The digital transformation wave in South Africa underscores the importance of steadfast cybersecurity. As one malware is countered, another emerges, highlighting the dynamic nature of cyber threats,” says Maya Horowitz, vice-president: research at Check Point Software.

South Africa’s top malware threats during the period were:

* Fakeupdates (AKA SocGholish): This JavaScript downloader led to compromises via other malwares such as GootLoader and Dridex.

* FormBook: Targeting Windows OS, it’s known for its strong evasion techniques and is used to steal sensitive information.

* Qbot (AKA Qakbot): A multipurpose malware, it’s designed to steal user credentials and deploy additional malware.

The global malware scene is dominated by the likes of ChromeLoader’s “Shampoo” campaign and Qbot’s significant presence, which the FBI recently countered in “Operation Duck Hunt”.

Check Point’s research further disclosed that “HTTP Headers Remote Code Execution” was the top exploited vulnerability globally, impacting 40% of organisations, followed by “Command Injection Over HTTP” and “MVPower CCTV DVR Remote Code Execution”.

In terms of mobile malware, Anubis took the lead, being the most prevalent threat. It was followed by AhMyth and SpinOk.