Africa: 2023 Cyberthreats landscape and the year 2024 predictions
In recent years, of African countries are working hard to adopt 2030 African digital transformation agenda. Finance, education, agriculture, government, security, and manufacturing, are actively adopting digital technologies and transitioning their operations to online platforms.
As we advance in technology throughout the continent, Nations need to remember, cybersecurity and personal data protection are fundamental principles in the implementation of the digital transformation project in order to minimise the challenges that come along with the technology.
2023 cyberthreats landscape
The year 2023 was filled with countless cyberattacks across many countries — Some of these attacks targeted critical infrastructure, financial institutions, governments and other companies. As African countries are now pushing for digital transformation and experiencing rapid economic development, cybersecurity remains a pressing concern for businesses across Africa.
Unfortunately, some of the African countries indicate inadequate security measures to fight off cybercrime, leaving them highly susceptible to cyberattacks — They have weak prevention mechanisms to combat cyber threats and poor intrusion detection systems, thereby placing sensitive transactions at significant risk.
There is an increase in the volume and sophistication of cyberattacks in financial institutions. According to the 2023 Africa Financial Industry Barometer, 97% of surveyed leaders of financial institutions in Africa rank cybercrime and regulatory constraints on cybersecurity as the leading threat to the financial services industry alongside worsening economic conditions.
These massive cyberattacks in the region threatens the security of the growing economy and critical infrastructure. MTN Nigeria, lost $53 million from its mobile money service which forces them to sue several banks in the Nigeria, financial institutions and e-citizen portal where halted by distributed denial of service attack in Kenya, South Africa there is an increase in backdoor and spyware attacks with an alarming 106,000 recorded attempts.
There are many similar cybersecurity incidents in other African countries and there is a need of urgent action to strengthen protection measures. Failure to counter cyberthreats can have serious consequences for individuals, businesses and the socio-economic development of the continent.
Africa is not alone in this, In September alone other part of the world experience massive cyberattacks — To mention few notable cyberattacks; On September 6, the travel booking company Sabre experienced a serious ransomware attack where by 1.3 terabytes of data were stolen by Dunghill and just few days letter, on September 11th another ransomware attack on save the children lead to the loss of 6.8 terabyte of data and entertainment company MGM Resorts also suffered a cyberattack which was made public on X saying that the security incident severely impacted its business operations. The following day on September 12, Hong Kong-based cryptocurrency exchange platform, CoinEx, saw the loss of US$70 million in cryptocurrency following a cyberattack launched against it.
In 2023, the most common cyberthreats in Africa includes Insider threats, Social Engineering, Software update supply chain attacks, Phishing attacks, Mobile malware, online shopping fraud, Ransomware, Man-in-the-middle (MitM) attack, Cryptojacking attacks, IoT botnet DDoS attacks and Malware attacks among others.
According to the year 2023 Positive technology report, the most targeted organizations with cyberattacks were those in the financial sector (18%), followed by telecommunications companies (13%), government agencies (12%), and organizations from the trade (12%) and industrial (10%) sectors.
The impact brought by these growing cyberattacks includes, Loss of customer/business, Loss of organisation critical data, Threat to organisation/National Security, Damage of goodwill and Reputation, Loss of Revenue — Economic Losses, Temporary or permanent closure, Lawsuits and arbitrations, Danger of terrorism, Time wastage and System down time — reduce productivity.
2024 cyberthreats prediction
Many report shows Africa being the most targeted region with cyberattacks, the year 2024 new techniques of cyberattacks will likely emerge, such as the increase in AI usage, hacktivism and targeting of smart home tech. New botnets and rootkits will also likely appear, and hacker-for-hire services might increase, as will supply chain attacks, which might be provided as a service on cybercriminals’ underground forums.
According to Kaspersky, Advanced Persistent Threats (APT) is expected to expand surveillance efforts to include more smart home technology devices, such as smart home cameras and connected car systems. This is particularly interesting for attackers because those devices are often uncontrolled, not updated or patched and subject to misconfigurations. This is also a concern because more people work from home nowadays, and their companies could be targeted via weak points in the home worker devices.
More hacktivism is expected affect many parts of Africa. Hacktivists will run Distributed Denial of Service attacks, increasingly use tools for Deepfakes and impersonation/disinformation. In addition, destructive and disruptive operations can be done. The use of wipers in several current political conflicts or the disruption of power in Ukraine are good examples of both types of operations.
Cybercriminals are also expected to develop new methods for automating cyberespionage. One method could be to automate the collection of information related to victims in every aspect of their online presence: social media, websites and more, as long as it relates to the victims’ identity.
State-sponsored cyberattack numbers also have the potential to surge, amid increasing geopolitical tensions. These attacks will likely threaten data theft or encryption, IT infrastructure destruction, long-term espionage, and cyber-sabotage.
The generative AI tools usage will increase, this will facilitate the mass production of spear phishing email content, which is often used as the initial vector of infection when targeting organizations. The messages written by the tools are more persuasive and well-written compared to the ones written by cybercriminals. It might also mimic the writing style of specific individuals.
Key Recommendations
The widespread use of technology, combined with insufficient cybersecurity measures, lack of right skillset, inadequate legislation in the field of information security, and a low level of public awareness concerning information security, creates favorable conditions for cybercriminals. Moreover, many African countries are facing economic constraints, making it difficult to allocate sufficient funds for cybersecurity.
African governments must develop, implement and regularly update national cybersecurity policies and strategies, involving a wide range of stakeholders in the process.
Establishing a dedicated national institution (Cybersecurity authority) to coordinate cybersecurity activities, respond to cyber incident, monitor threats and help organizations recover from major cyberattacks should be a top priority for governments.
Governments should work on creating and implementing legislation for the protection of personal data. This legislation should combat cybercrime, guarantee the protection of personal data, and maintain the digital security of citizens and organizations.
Regular cybersecurity awareness should be conducted. People should be educated on potential privacy risks when working in virtual environments.
Governments should identify critical information infrastructure, disruption of which could cause non-tolerable events at the level of industries and countries.
Collaboration between governments and industry peers is also recommended to enhance collective defense against cyberattacks and exchange best practices and thoughts.
Organisations should implement best practices in safeguarding personal and corporate data.
Organizations should have an up to date incident response plan that will help in case of cyberattack. The plan should contain steps to take, as well as a list of people and services to reach in case of emergency. This plan should be regularly tested by conducting attack simulations.
Network segmentation might limit an attacker’s exploration of compromised networks. Critical systems in particular should be totally isolated from the rest of the corporate network.
Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process
Implementing strict access controls is highly recommended. The principle of least privilege should always be in use for any resource. Multifactor authentication should be deployed wherever possible.
All systems and devices must be up to date and patched to avoid being compromised by a common vulnerability.
