Most major African economies experienced fewer cyber threats overall in 2023, but there were some dramatic exceptions: Kenya saw a 68% increase ransomware attackswhile South Africa reported a 29% increase in phishing attacks targeting sensitive information.
The general trend is that of change. According to telemetry data from Kaspersky, cyber attackers are increasingly targeting critical infrastructure in Africa and experimenting with ways to incorporate artificial intelligence into their toolkits. Threat actors are now routinely abusing AI’s Large Language Model (LLM) models to create more convincing social engineering attacks and to quickly produce bait for such attacks in a variety of languages, says Maher Yamout, lead researcher on the security at Kaspersky’s Threat Research Group.
“As more advanced technologies become available, cyber criminals will use them to become more effective in their cyber criminal tactics and strategies,” he says. “We have seen how the cyber threat landscape continues to evolve, becoming slightly different every year.”
Africa has historically been a source of pervasive social engineering threats, including “a high concentration of BEC (business email compromise) actors” such as the Silver Terrier groupsecond Interpol’s African Cyberthreat Assessment 2023 report. Citizens of Africa and the META (Middle East, Turkey and Africa) region as a whole are increasingly becoming targets of cyber criminals, according to Kaspersky report.
Currently, BEC attacks remain the leading cyber threat to organizations and individuals, with the financial, telecommunications, government and retail sectors accounting for more than half of all attacks, according to one study. Positive Technologies 2023 report on threats to the African region. According to the report, 80% of attacks against African organizations involved malware, while 91% of attacks against African citizens included a social engineering component.
“To effectively combat cyber threats, African organizations should invest in developing their own cybersecurity experts,” Positive Technologies says in its report. “Regular training and certification of cybersecurity employees will improve their skills and knowledge, strengthening the company with the support of experts in preventing and responding to cyber attacks.”
Artificial intelligence promises benefits, threats
One reason for the increase in attacks against organizations in this region is the use of AI technologies such as LLMs, which have lowered the level of access for both would-be cybercriminals and professional groups, says Kaspersky’s Yamout. According to Yamout, the security vendor has noticed signs of artificial intelligence creating more convincing phishing email messages, synthetic identities, and deepfakes of real people.
These cyber threats reinforce and worsen historical AI inequalities, which include poor facial recognition of African citizens leading to unequal and unfair treatment; financial fraud fueled by massive data sets collected from consumers; and AI-based targeting, according to an analysis by the Africa Policy Research Institute.
“AI technologies pose real and potential threats to the companies involved in their design and construction and to those in which the technologies are tested and used,” Rachel Adams, principal researcher at Research ICT Africa, said in the analysis.
Hacking of critical infrastructures
The adoption of operational technology to automate critical infrastructure systems is also under attack in Africa, with more than a third of OT computers (38%) experiencing at least one threat in the second half of 2023, says Kaspersky’s Yamout.
The source of attacks continues to be a mix of cybercriminals and nation-state groups. But as economic, political and climate tensions rise, hacktivism has increased, he says.
“In addition to country-specific protest movements, the rise of cosmo-political hacktivism is expected, driven by socio-cultural and macroeconomic agendas such as eco-hacktivism,” says Yamout. “This diversification of motivations can help create a more complex and challenging threat landscape.”
Mobile Internet, mobile threats
According to Kaspersky, mobile devices are the main way Africans access the internet, so mobile threats continue to increase. In 2023, the company saw a 10% increase in threats targeting mobile devices across the continent, with an increase in mobile ransomware and credential-seeking SMS phishing attacks becoming increasingly common, Yamout says .
The rise of remote working globally has also contributed to the rise of mobile threats. Although Africa lags behind in remote working, 42% of the continent’s employees work off-site at least once a week, according to the World Economic Forum. Protecting these mobile employees presents a greater challenge for organizations, Yamout says.
“At a time when hybrid working has been normalized around the world, companies must also evaluate the potential privacy and security risks of having employees virtual,” he says. “To this end, they must implement best practices in terms of safeguarding personal and business data.”
Kaspersky urges organizations to patch software and devices, manage credentials and identities more carefully, and focus on blocking endpoints.
Currently, exploiting unpatched software, vulnerable web services, and weak remote access services are the most common ways for ransomware groups to gain access to their victims in Africa, according to the company.