Check Point Software’s latest Global Threat Index for September unveils the emerging and worrying use of artificial intelligence (AI)-driven malware techniques – alongside persistent ransomware campaigns – with notable rankings for African nations.
In this month’s findings, researchers uncovered a cyberattack method likely created using AI delivering AsyncRAT malware which ranked 10th on the list of most prevalent malware globally. This discovery highlights a growing trend of cybercriminals leveraging AI to craft malware more efficiently and making the digital landscape even more dangerous for organisations worldwide.
“The rise of AI-driven threats underscores the evolving sophistication of cyberattacks,” Maya Horowitz, VP of research at Check Point Software, says. “AI’s involvement in cyberattacks reveals a new frontier in the cybersecurity battle. Organisations need to prioritise advanced prevention methods and robust defences to keep pace with the rapid evolution of cyber tactics.”
South Africa has made a significant leap in its cybersecurity standing, moving from 67th to 73rd in the global threat index. With a Normalised Risk Index of 37, it now ranks as the third-safest country in Africa showing notable improvements in its defences against rising cyberthreats. Egypt and Zambia lead as the safest African countries in terms of malware threats, ranking 97th and 82nd respectively among the 110 countries surveyed in the Index.
Key African countries in the top 20 rankings include:
- Ethiopia: Ranked 2nd globally with a high-risk index of 95.4, showing the urgent need for stronger cyberdefences.
- Angola: Placed 5th globally with a risk index of 75.5, reflecting high vulnerability.
- Mali: Holding 11th place globally, showing the continent’s significant exposure to cybersecurity risks.
- Botswana: Ranked 19th globally, with cybercriminals increasingly targeting its systems.
“These rankings highlight the varied cybersecurity readiness across the African continent, with some nations making progress while others face growing challenges,” says Issam El Haddioui, head of Engineering Security Sales: Africa. “South Africa’s rise to the third-safest African nation underscores its commitment to improving its cybersecurity defences.”
Top malware and ransomware trends
Globally, FakeUpdates (SocGholish) remains the most prevalent malware impacting 7% of organisations worldwide, followed by Androxgh0st and Formbook. Meanwhile, RansomHub continues to dominate the ransomware scene, responsible for 17% of all reported ransomware attacks globally, with a particularly aggressive focus on Windows, macOS, Linux, and VMware ESXi environments.
In South Africa, 11,06% of malware attacks were attributed to FakeUpdates, followed by QBot at 6,97%. Qbot, also known as Qakbot, is a sophisticated and multifunctional malware that emerged as a banking trojan in 2007. Over the years, it has evolved to facilitate a range of cybercriminal activities including credential theft, ransomware delivery, and enabling backdoor access to compromised systems.
Since December 2023, there has been a noticeable resurgence with threat actors experimenting with new builds. Qbot’s distribution main methods are phishing campaigns targeting specific industries, exploiting vulnerabilities, and adapting to various infection vectors including malvertising.
Emerging threats: AI and ransomware evolution
Researchers also noted a critical trend in ransomware operations. RansomHub – a Ransomware-as-a-Service (RaaS) group – maintained its position as the top ransomware group, responsible for 17% of the posted attacks on ransomware “shame sites.” However, what stands out this month is the rise of AI-driven attacks.
“Cybercriminals are now using generative AI (GenAI) to develop malware, significantly lowering the technical barrier to creating sophisticated malware strains. One such example is the AsyncRAT campaign where AI likely helped structure the malicious code,” El Haddioui says.
“The fact that threat actors are integrating AI into their malware development process shows how rapidly cybercriminals are evolving. This trend is reshaping the entire threat landscape and making AI-driven security solutions more crucial than ever.”
Top-attacked industries globally
Education and research institutions continue to face the brunt of cyberattacks followed closely by government/military organisations and the healthcare sector. These industries remain high-value targets due to the sensitive data they manage – making them prime targets for both ransomware and AI-driven malware.