Source: Golden Dayz via Shutterstock
A combined effort among Interpol, Afripol, cybersecurity firms, and authorities in 19 different African nations resulted in the arrest of more than 1,000 suspects who allegedly took part in ransomware schemes, business email compromise (BEC), and other cybercrimes and digital fraud.
The collection of law enforcement investigations, dubbed Operation Serengeti, resulted in the arrest of 1,006 suspects linked to more than $192 million in financial losses and affecting at least 35,000 victims.
The African nations that took part in the joint law enforcement collaboration include Algeria, Angola, Benin, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, South Africa, Tanzania, Tunisia, Zambia, and Zimbabwe.
The investigators worked with private-sector companies, including cybersecurity firms and Internet service providers, to share intelligence and take action to disrupt cybercriminals' infrastructure, Interpol's Secretary General Valdecy Urquiza said in a statement.
"Operation Serengeti shows what we can achieve by working together, and these arrests alone will save countless potential future victims from real personal and financial pain," Urquiza said. "We know that this is just the tip of the iceberg, which is why we will continue targeting these criminal groups worldwide."
Cybercriminal organizations have expanded in Africa, attracted by the growing economy and relative lack of cybersecurity maturity. While Russia, Ukraine, China, and the US top the lists of cybercrime producers, Nigeria took the No. 5 spot in the World Cybercrime Index, an academic effort to identify the most significant exporters of cybercrime. The African nation has struggled against the stereotype of rampant fraud caused by the once-common Nigerian Prince email scam. Other nations — such as Egypt, Kenya, and South Africa — have also struggled with rising cybercrime.
Along with seven private-sector partners, Interpol and Afripol arrested more than 1,000 suspected cybercriminals in October and September. Source: Interpol
Yet global organizations are increasingly taking part in cross-border investigations, leading to arrests and increased pressure on cybercriminals, according to the World Economic Forum's Cybercrime Atlas, which collaborated with Interpol and Afripol on Operation Serengeti.
"As long as profits are high and risks are perceived to be low, organized criminals will continue to focus on cybercrime," the Cybercrime Atlas group stated in a November analysis. "But 2024 has shown that better collaboration between law enforcement, industry, and cybercrime experts gets results. It is supporting arrests, the disruption of criminals' online infrastructure and the seizure of criminal profits."
Card Fraud in Kenya, Cyber Trafficking in Cameroon
Two schemes described by Interpol in its release underscore the varied nature of cybercrime across the African continent.
A criminal group in Cameroon, for example, ran a multi-level marketing scam with a trafficking twist. By promising employment opportunities and training, the group attracted victims, who then paid a fee, but rather than meeting with instructors, were held captive until they brought other victims into the group. The scheme made the group at least $150,000, according to authorities.
In another scam, cybercriminals ran funds-stealing scripts on bank websites, which piggybacked on account holders' sessions to withdraw and redistribute funds to companies in China, Nigeria, and the United Arab Emirates, Interpol stated. Losses from the scheme exceeded $8.6 million. So far, nearly two dozen people suspected of taking part in the scheme have been arrested.
Other cybercriminal schemes include an investment scam run out of Nigeria, a $6 million Ponzi scheme in Senegal, and a virtual casino operated from Angola. Business email compromise continues to be among the most prominent threats affecting African organizations, says Derek Manky, global vice president of threat intelligence for Fortinet, a network-security firm that aided Interpol with technical and intelligence support.
"Users should be aware of this type of attack and always verify the identity of any source giving instructions, especially for payment and even within your organization," he says, adding, "Threat sharing is important to enable quick mobilization of protections for customers across many vendors and to help break down technical barriers to enabling protections."
A Hard-Won, but Short, Respite
Despite the large number of arrests, the operation will likely result only in a brief reduction in cybercriminal activity, as disrupted groups will quickly pivot and recreate their infrastructure, says Stephen Hilt, a senior threat researcher with cybersecurity firm Trend Micro, which also collaborated with authorities on the global intelligence support.
"While impactful, these efforts need to be part of a broader strategy," he says. "For long-term reductions in cybercrime, developing nations must strengthen their legal frameworks to increase the cost of cybercriminal activities. ... Without these measures, the underlying socioeconomic factors that drive cybercrime will persist."
African nations — and organizations worldwide — need to invest in cybersecurity education to bolster awareness of the current threats and safe behavior online, he says.