Check Point Software Technologies’ Global Threat Index for July 2024 reveals a concerning rise in cyber threats across the African continent, with several countries now among the most attacked globally.

The recent exploitation of a security flaw in the CrowdStrike Falcon sensor has further underscored the vulnerabilities faced by organisations in the region, particularly as cybercriminals increasingly target Africa.

Cybersecurity threats are intensifying across Africa, with multiple countries prominently featured in the global rankings for cyber-attacks. According to Check Point’s latest data:

Ethiopia holds the top spot among all the countries surveyed with a Normalised Risk Index of 78.9, highlighting its vulnerability to cyber threats.

* Zimbabwe ranks as the third most attacked country globally, with a Normalised Risk Index of 80.4.

* Nigeria has seen a sharp rise in its risk ranking, placing 19th globally with a Normalised Risk Index of 76.2.

* Kenya and Ghana have also experienced significant increases, ranking 11th and 15th, respectively, indicating the growing cyber threats across the continent.

* South Africa has moved up in the rankings, now placing 59th globally with a Normalised Risk Index of 72.1, reflecting the escalating cyber risks faced by organisations across the country.

* Other African countries placed in the Top 20 most vulnerable to malware attacks are Maldives (fourth), Angola (fifth) and Mauritius (ninth).

“These rankings highlight the urgent need for enhanced cybersecurity measures for African businesses and organisations. The evolving threat landscape, coupled with recent vulnerabilities like the CrowdStrike Falcon sensor exploit, continues to pose significant risk,” says Issam El Haddioui, head: security engineering: EMEA – Africa at Check Point.

In July 2024, the top malware families impacting Africa included:

FakeUpdates (SocGholish): The most prevalent malware globally, FakeUpdates remains a significant threat in Africa, employing fake browser update prompts to install Remote Access Trojans (RATs) like AsyncRAT.

Remcos: Following the CrowdStrike update issue, Remcos has emerged as a prominent threat, particularly in Africa, where it has been used to gain unauthorised access to systems.

Qbot: Continues to pose significant risks, targeting organisations in South Africa and beyond with credential theft and ransomware deployment.

 Phorpiex: Known for orchestrating large-scale spam campaigns, Phorpiex has been particularly active in Zimbabwe and Mozambique.

Vidar: An infostealer malware operating as malware-as-a-service, Vidar has been increasingly observed across African networks, collecting sensitive data from browsers and digital wallets.

The sectors most affected by these rising threats include:

* Government/Military: High-value targets requiring robust defence mechanisms to protect national security interests.

* Finance/Banking: Financial institutions continue to face persistent threats, jeopardising sensitive data and critical operations.

* Utilities: The utilities sector remains vulnerable, with potential disruptions to essential services.

* Communications: A key target for cyber adversaries, threatening both infrastructure and data.

* Education/Research: Educational institutions and research organisations are increasingly targeted, risking the loss of sensitive information.

Maya Horowitz, vice-president of research at Check Point Software, emphasises the importance of a multi-layered security strategy: “The continued rise of malware like Remcos, driven by security flaws, highlights the opportunistic nature of cybercriminals. Organisations in Africa must adopt robust endpoint protection, vigilant monitoring, and comprehensive user education to mitigate these growing threats.”

El Haddioui adds: “As cyber threats continue to increase across Africa, it is imperative for organisations to invest in advanced security solutions and foster a culture of cyber resilience. By staying proactive and informed, businesses can better defend against the increasing number of cyber threats and safeguard their digital assets.”