Kathy Gibson reports from Gitex Africa Morocco 2024 – Digital transformation has been rapid in Africa, bringing new growth opportunities. However, it has also brought a new flood of threats, says Sherif Magdy, senior researcher: Global Research and Analysis Team at Kaspersky.
In Africa and Middle East, threats can be classified as criminal attacks and advanced attacks.
Criminal attacks are generally scalable, launching attacks against multiple targets simultaneously; they have a monetisation motivation and they exhibit collaboration between cybercriminals in groups or networks.
Advanced attacks, on the other hand, tend to be more adaptable with methods and tools modified to overcome defences. They are generally more sophisticated, with the attackers using advanced technical skills and tools to evade detection and carry out attacks.
They also exhibit a high level of stealth and can go undetected for years.
Statistics reveal that the region is seeing an increase in attacks. They are mostly backdoor and spyware attacks, followed by exploits, then ransomware and, finally, banker attacks.
The number of infected zombie machines in Africa are rising, with more than 3-million in the top three African countries (South Africa, Kenya and Nigeria).
A number of ransomware gangs are active in the region, Magdy says.
Advanced persistent threat (APT) attacks target mostly government sector, then telecom and industrial sector, with critical systems in third place.
Artificial intelligence has had an impact on the threat landscape, while it can also increase the ability to counter threats.
On one side, says Magdy, it empowers companies and employees with large language model (LLM) capabilities which improve the efficiency of companies and the security industry.
But the cybercriminals also gain benefits from AI and LLMs, he points out.
Legitimate LLMs like ChatGPT won’t get involved in writing threats, but criminals are adept at getting around roadblocks like this.
Previously, WormGPT had been identified as a the only credible criminal LLM, training with malicious data.
Lately, however, “jailbreaking” of legitimate LLMs has become more popular – and is even being offered as a service on the dark web.
Service providers like OpenAI are continually patching their tools, Magdy says, but the criminals are responding with new exploits.
Another way that AI is being employed is in creating deepfakes.
“Deepfakes have been around for a while, but now criminal services are also using them effectively,” Magdy says.
For instance, new tools are now available to help cybercriminals to bypass know your customer (KYC) verification systems.
Magdy believes AI will become more popular with cybercriminals, who typically seek to minimise effort and risk while maximising their return on investment (ROI) and innovation. They also favour evolution rather than revolution, preferring incremental over radical changes.
“These principles explain why we haven’t seen a new criminal LLM since the launch of WomrGPT,” he says. “It is a lengthy and expensive process to develop an LLM and doesn’t offer much ROI. Jailbreaking as a service offers a better solution.”