Source: CG Alex via Shutterstock
Most major economies in Africa experienced fewer overall cyber threats in 2023, but there were some dramatic exceptions: Kenya suffered a 68% rise in ransomware attacks, while South Africa saw a 29% jump in phishing attacks targeting sensitive information.
The overall trend is one of change. Cyber attackers are increasingly targeting critical infrastructure in Africa and experimenting with ways to incorporate artificial intelligence into their toolkits, according to telemetry data from Kaspersky. Threat actors are now routinely abusing AI large language models (LLMs) to create more convincing social engineering attacks and to quickly produce the lures for such attacks in a variety of languages, says Maher Yamout, lead security researcher at Kaspersky's threat research group.
"As more advanced technologies become available, cybercriminals will use these to help them become more effective in their cybercriminal tactics and strategies," he says. "We have seen how the cyber threat landscape continues to evolve, becoming somewhat different every year."
Africa historically has been a source of pervasive social engineering threats, including a "high concentration of BEC (business email compromise) actors" such as the SilverTerrier group, according to Interpol's African Cyberthreat Assessment 2023 report. Citizens in Africa and the META region (Middle East, Turkey, and Africa) as a whole are increasingly becoming the targets of cybercriminals, according to Kaspersky's report.
Currently, BEC attacks remain the primary cyber threat to organizations and individuals, with the financial, telecom, government, and retail sectors accounting for more than half of all attacks, according to a 2023 Positive Technologies report on threats to the Africa region. Eighty percent of attacks on African organizations involved malware, while 91% of attacks on African citizens included a social engineering component, the report stated.
"To effectively combat cyber threats, African organizations should invest in the development of their cybersecurity experts," Positive Technologies stated in its report. "Regular training and certification of cybersecurity employees will enhance their skills and knowledge, boosting the company with expert support in preventing and responding to cyberattacks."
AI Promises Benefits, Threats
One reason for the rise in attacks against organizations in this region is the use of AI technologies such as LLMs, which have lowered the bar to entry for would-be cybercriminals and professional groups alike, Kaspersky's Yamout says. The security vendor has seen signs of AI creating more convincing phishing email messages, synthetic identities, and deepfakes of real people, according to Yamout.
These cyber threats reinforce and worsen the historical inequities of AI, which include poor facial recognition of African citizens leading to unequal and unfair treatment; financial fraud powered by massive datasets collected from consumers; and AI-powered targeting, according to an analysis by the Africa Policy Research Institute.
"AI technologies pose real and potential threats to the societies involved in their design and construction and to those where the technologies are tested and used," Rachel Adams, a principal researcher at Research ICT Africa, stated in the analysis.
Hacking Critical Infrastructure
The adoption of operational technology to automate critical infrastructure systems is also under attack in Africa, with more than a third of OT computers (38%) encountering at least one threat in the second half of 2023, Kaspersky's Yamout says.
The source of attacks continues to be a mix of cybercriminals and nation-state groups. But as economic, political, and climate tensions rise, hacktivism has increased, he says.
"In addition to country-specific protest movements, the rise of cosmo-political hacktivism is expected, driven by socio-cultural and macro-economic agendas such as eco-hacktivism," Yamout says. "This diversification of motives may contribute to a more complex and challenging threat landscape."
Mobile Internet, Mobile Threats
Mobile devices are the primary way Africans access the Internet, so mobile threats continue to rise, according to Kaspersky. In 2023, the company saw a 10% increase in threats directed at mobile devices across the continent, with a rise in mobile ransomware and credential-seeking SMS phishing attacks becoming more common, Yamout says.
The rise in remote work globally has also contributed to the rise in mobile threats. While Africa lags behind in remote work, 42% of employees on the continent work offsite at least once per week, according to the World Economic Forum. Protecting these mobile employees represents more of a challenge for organizations, Yamout says.
"At a time when hybrid work has been normalized across the world, enterprises must also assess the potential privacy and security risks with employees being virtual," he says. "To this end, they must implement best practices when it comes to safeguarding personal and corporate data."
Kaspersky urges organizations to patch software and devices, manage credentials and identities more closely, and focus on locking down endpoints.
At present, the exploitation of unpatched software, vulnerable Web services, and weak remote access services are the most common ways that ransomware groups are gaining access to their victims in Africa, according to the firm.