‘Targeted Cyber attacks make up 68% of all attacks in Africa,’ says Russian Tech company

Home Uncategorized ‘Targeted Cyber attacks make up 68% of all attacks in Africa,’ says Russian Tech company
‘Targeted Cyber attacks make up 68% of all attacks in Africa,’ says Russian Tech company



Staff Reporter

Cybercriminals most often target African financial and telecommunications companies. This is according to the Russian Tech company, Positive Technologies, which analyzed the 2022–2023 cybersecurity threatscape in Africa and presented the results of the research at the second Russia–Africa Summit in Saint Petersburg.

According to Positive Technology experts, the financial sector in Africa suffers the most from cyberattacks (almost 18% of attacks on organizations in the region), with cybercriminals mainly driven by direct financial gain and theft of confidential information.

Apart from hacktivists, organized hacker groups are also active in the region, motivated by cyberespionage in addition to financial gain. Most of the attacks were targeted, according to the company.

The entity further shared that Financial organizations are one of the most attractive attack targets in Africa. In most cases, criminals are focused on financial gain. Financial organizations store large amounts of customer data, including payment information, which allows attackers to use stolen information for further attacks on users. Telecommunications is the second most attractive industry for cybercriminals (13%). The five most frequently attacked sectors also included government (12%), retail (12%), and industry (10%).

“These top five most attacked industries in Africa differ from global statistics, with telecommunications and commerce among the top five targets of attackers,” comments Positive Technologies analyst Ekaterina Semykina. “The significant increase in customers of telecommunications companies across the continent allows attackers to seriously impact both individual companies and entire regions. Criminals attack organizations to disrupt their operations and demand a ransom for restoring systems, as well as to steal user data. Companies must take measures to prevent the exploitation of vulnerabilities and the occurrence of non-tolerable events. To achieve this, we recommend paying more attention to the vulnerability management process in your organization.”

Semykina further said that 68% of successful attacks were targeted: perpetrators were focused on a specific organization, person, or industry. In attacks on organizations, criminals most often targeted computers, servers, and network equipment (85%).

Web resources were targeted in 15% of attacks; typically, in those cases, attackers managed to successfully carry out DDoS attacks. African financial and government organizations regularly face DDoS attacks by hacktivists. These attacks can seriously impact the operation of critical infrastructure systems and services.

Most often, attacks were aimed at obtaining confidential information: 38% of companies experienced this. Criminal actions also frequently caused disruptions in organizational operations; for example, in every third successful attack, the main activities of companies were disrupted (35%). 7% of incidents resulted in direct financial losses.

Semykina further said that ransomware attacks are a serious threat to the region: ransomware was registered in one in three malware attacks against organizations.

“Most often, attackers compromised computers, servers, and network equipment, which indicates that companies are poorly protected and have vulnerabilities in the network perimeter. Dark web forums are important hubs of criminal activity where bad actors sell access to the networks of large African companies, including government, financial institutions, retail, and IT companies. According to open sources, criminals are willing to pay about $300 for access with domain administrator privileges and $170 for access with local administrator privileges. Also on these underground forums, attackers share and advertise databases for sale containing information about employees and customers of various companies,” Semykina concluded.



Source link

Leave a Reply

Your email address will not be published.