Check Point’s Global Threat Index for August 2024 reveals that ransomware remains a dominant force, with RansomHub sustaining its position as the top ransomware group.
This Ransomware-as-a-Service (RaaS) operation has rapidly expanded since its rebranding from Knight ransomware, breaching over 210 victims worldwide.
Meanwhile, Meow ransomware has emerged, shifting from encryption to selling stolen data on leak marketplaces.
Last month, RansomHub solidified its position as the top ransomware threat, as detailed in a joint advisory from the FBI, CISA, MS-ISAC, and HHS. This RaaS operation has aggressively targeted systems across Windows, macOS, Linux, and especially VMware ESXi environments, using sophisticated encryption techniques.
August also saw the rise of Meow ransomware, which secured the second spot on the top ransomware list for the first time. Originating as a variant of the leaked Conti ransomware, Meow has shifted its focus from encryption to data extraction, transforming its extortion site into a data-leak marketplace. In this model, stolen data is sold to the highest bidder, diverging from traditional ransomware extortion tactics.
This month’s analysis also uncovers major changes in the African landscape and highlights pressing cybersecurity challenges specific to the continent. With seven African countries among the top 20 most targeted globally, the findings stress the urgent need to enhance cybersecurity readiness across the region.
Cybersecurity threats are escalating across Africa, with several countries appearing prominently in the global rankings for cyber-attacks. According to Check Point’s latest data:
Ethiopia ranks as the most attacked country in Africa and holds the top global position with a Normalized Risk Index of 100.0, reflecting the heightened cyber threat landscape in the region.
Angola and Kenya are also among the most vulnerable. Angola is ranked 7th globally with a Normalized Risk Index of 74.2, and Kenya is ranked 10th globally with a Normalised Risk Index of 65.9.
Other African countries in the top 20 most targeted are:
Uganda ranked 6th with a normalised risk index of 66.6
Mauritius ranked 12th with a Normalised Risk Index of 63.8
Nigeria ranked 14th with a Normalised Risk Index of 61.9
Mozambique ranked 15th with a Normalised Risk Index of 61.4
These rankings highlight the urgent need for African businesses and organizations to bolster their cybersecurity defences against evolving threats.
South Africa is ranked 67th in the Global Threat Index, highlighting a relatively lower position compared to other African countries, but still facing significant cyber threats.
Despite being 67th globally, South Africa continues to experience frequent malware attacks, with Qbot and FakeUpdates being among the most prevalent malware strains affecting organizations across the country.
Targeted Sectors: The finance/banking and government/military sectors in South Africa are particularly targeted, facing ongoing threats that jeopardise critical data and national security.
In August 2024, the top malware families impacting Africa included:
- Phorpiex: This notorious botnet, known for its large-scale spam campaigns, has been particularly active in Zimbabwe, Nigeria, and Mozambique.
- Allcome Clipper: A malware that targets cryptocurrencies, hijacking clipboard data for outgoing transactions, leading to significant financial losses and identity theft.
- Expiro: A polymorphic file infector that compromises data integrity by stealing user and system information, particularly affecting organizations in Nigeria with a country impact of 20.00%
- Qbot: A versatile malware responsible for credential theft, ransomware delivery, and unauthorized backdoor access, posing severe risks to businesses in Zimbabwe and South Africa.
- FakeUpdates (SocGholish): This downloader malware, prevalent in South Africa and Nigeria, facilitates further infections by deploying additional malicious strains, including ransomware.
The following sectors continue to be high-value targets for cyber adversaries:
- Government/Military: Agencies and military institutions face persistent threats, emphasizing the need for robust cybersecurity measures to safeguard national security.
- Finance/Banking: Financial institutions are under constant cyber threat, jeopardising sensitive data and critical financial operations.
- Utilities: Cyber-attacks on utilities can disrupt essential services, making this sector particularly vulnerable.
- Education/Research: Educational and research institutions are frequent targets, risking the exposure of sensitive information.
- Communications: This industry remains a key target, with attacks threatening critical infrastructure and data.
Rudi van Rooyen, security engineer at Check Point, says there is an urgent need for strengthened cybersecurity practices. “These concerning figures highlight the importance for African organizations to shift towards a more strategic and anticipatory stance on cybersecurity. Adopting advanced threat intelligence, implementing strong defence protocols, and having comprehensive incident response plans in place are critical actions to counter the growing cyber risks.”