Positive Technologies analyzed the 2022–2023 cybersecurity threatscape in Africa and presented the results of the research at the second Russia–Africa Summit in Saint Petersburg. According to our experts, the financial sector in Africa suffers most from cyberattacks (almost 18 % of attacks on organizations in the region), with cybercriminals being mainly driven by direct financial gain and theft of confidential information. Apart from hacktivists, organized hacker groups are also active in the region, motivated by cyberespionage in addition to financial gain. Most of the attacks were targeted.
Financial organizations are one of the most attractive attack targets in Africa. In most cases, criminals are focused on financial gain. Financial organizations store large amounts of customer data, including payment information, which allows attackers to use stolen information for further attacks on users.
Telecommunications is the second most attractive industry for cybercriminals (13%). The five most frequently attacked sectors also included government (12%), retail (12%), and industry (10%).
“These top five most attacked industries in Africa differ from global statistics, with telecommunications and commerce among the top five targets of attackers,” Positive Technologies analyst Ekaterina Semykina comments. “The significant increase in customers of telecommunications companies across the continent allows attackers to seriously impact both individual companies and entire regions. Criminals attack organizations to disrupt their operations and demand a ransom for restoring systems, as well as to steal user data. Companies must take measures to prevent the exploitation of vulnerabilities and the occurrence of non-tolerable events. To achieve this, we recommend paying more attention to the vulnerability management process in your organization.”
68% of successful attacks were targeted: perpetrators were focused on a specific organization, person, or industry. In attacks on organizations, criminals most often target computers, servers, and network equipment (85%).
Web resources were targeted in 15% of attacks; typically, in those cases, attackers managed to successfully carry out DDoS attacks. African financial and government organizations regularly face DDoS attacks by hacktivists. These attacks can seriously impact the operation of critical infrastructure systems and services.
Most often, attacks were aimed at obtaining confidential information: 38% of companies experienced this. Criminal actions also frequently caused disruptions in organizational operations: for example, in every third successful attack, the main activities of companies were disrupted (35%). 7% of incidents resulted in direct financial losses.
Ransomware attacks are a serious threat to the region: ransomware was registered in one in three malware attacks against organizations. Most often, attackers compromised computers, servers, and network equipment, which indicates that companies are poorly protected and have vulnerabilities in the network perimeter.
Dark web forums are important hubs of criminal activity where bad actors sell access to the networks of large African companies, including government, financial institutions, retail, and IT companies. According to open sources, criminals are willing to pay about $300 for access with domain administrator privileges and $170 for access with local administrator privileges. Also on these underground forums, attackers share and advertise databases for sale containing information about employees and customers of various companies.
In order to successfully thwart cyberthreats in the region, Africa needs to develop and implement cybersecurity measures. Amidst rapid digital transformation, it is vital to change the approach to information security in African countries. With the increasing availability of the Internet in Africa, an increase in the activities of international organized cybercrime networks in the region is to be expected. The more digitally developed the country is, the more attractive it is for criminals. The region lacks proper cybersecurity measures, the legislation is insufficiently developed to deal with cyberthreats, and people have very little information security awareness. All this has led to an increase in cyberattacks and significant damage to the countries[1].
Alexey Novikov, Head of the PT Expert Security Center at Positive Technologies, says: “To ensure cyberresilience of African companies, including government and private organizations, it is crucial to identify non-tolerable events and protect critical assets. It is also recommended that companies adopt modern defenses and implement effective cyberthreat monitoring and response measures. Educating employees and investing in the training of information security professionals will also play an important role in improving the cybersecurity of African companies.”
Recommendations for governments to strengthen their cybersecurity include developing national-level policies and strategies in the field of information security, forming legislative regulation for personal data protection, protecting critical information infrastructure, and establishing national cyberincident response teams. Strengthening international cooperation will also be a crucial step towards ensuring cybersecurity in the region.