Kaspersky is warning Africa ’s cybersecurity operatives of the top IT security threats on the continent. In its latest insights on Africa’s security landscape, Kaspersky says the human cyber threat remains predominant.
The firm warns of Advanced Persistent Threats (APTs) ‘ evolving techniques and the possibilities of Africa being a target of hacking-for-hire threat actor groups in the future.
APT techniques are evolving with new tools unleashed to continue stealing sensitive data.
Despite that, Kaspersky noted an overall decrease in certain malware categories in South Africa, Kenya, and Nigeria in the first half of the year. In contrast, they also recorded an increase in hackers-for-hire or cyber mercenaries during the same period.
The security firm says in 2020 alone, three cyber mercenary groups have been unmasked. These have not affected the continent specifically, but the security firm warns the region may fall under such actors’ radar in the coming months.
As we speak, APT groups are already banking on the current uncertainty occasioned by COVID-19 to steal sensitive information in South Africa, Kenya, and Nigeria, according to the firm.
“The reality is that in this evolving cyberthreat landscape, no company or government institution can consider themselves safe,” the company says.
Kaspersky notes of increased activity in the use of certain malware strain in the three countries. For Nigeria and South Africa, the firm warns of a steady rise in certain financial malware types.
“Africa will continue to see more sophisticated APTs emerge, and we also suspect that the hacking-for-hire actor type could target companies in Africa in the future. We also anticipate that cybercriminals will increase targeted ransomware deployment using different ways,” says Maher Yamout, Senior Security Research, Global Research & Analysis Team at Kaspersky.
Cybersecurity attacks in Sub Saharan Africa in H1 commonly targeted government, education, healthcare, and military institutions.
Kaspersky says, “This emphasises that attacks are becoming more targeted and at specific companies, in specific regions, and for specific purposes.”
While it is true that no institution can prevent an attack, being in the know and prepared is crucial. Kaspersky calls on institutions and governments to work on mitigating the risk of compromise when an attack happens.