Africa sees increase in ransomware, botnet attacks – but online scams still pose biggest threat
Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market report
Online scams are still the biggest cyber threat to African citizens, a new report has revealed, though ransomware attacks are “expanding rapidly” across the continent.
The study (PDF), published by Interpol yesterday (October 25), found that internet-enabled fraud was the biggest risk to African countries, which have reported a sharp increase in the number of online banking scams, including instances of banking and credit card fraud, in 2021.
Digital extortion – defined as “allegations of sexually compromising images or direct blackmail campaigns” – was the second highest recorded cyber threat.
While business email compromise (BEC) scams have also risen in prominence during the Covid-19 pandemic, due, in part, to the increase of businesses and organizations relying on bank wire transfers.
The number of African citizens who have access to the internet is estimated to be around 500 million, which is a huge figure in itself, though when compared to the overall population only equates to 38%.
Leading the way is Kenya with 83% of its population being online, Nigeria with 60%, and South Africa with 56%.
Fraud has historically been an issue across the continent – in particular, phishing campaigns and romance scams – however the report found that the increase in digitization across Africa has created new avenues for crime.
The report reads: “… the move towards a digital society – particularly within the African region – has created new attack vectors for criminals to both obfuscate their identity and target new victims.”
While social engineering remains the most popular attack vector in Africa, the study found that instances of ransomware and botnet attacks are also rising.
Ransomware is the fourth most prevalent cyber-attack identified in the report, which states that more than 61% of companies in the region were affected by ransomware in 2020 alone.
“These attacks targeted some African countries’ critical infrastructure, including healthcare and maritime sectors,” it reads.
In fifth place was botnets, networks of compromised machines used as a tool to automate largescale campaigns such as DDoS attacks, phishing, and malware distribution.
The report reads: “The number of botnet victim detections in Africa [in 2021] was around 50,000, with a monthly average detection of 3,900.”
The damage done
This shift in tactics is blamed, in part, by Interpol on the lack of cybersecurity practices for businesses in the region, particularly worrying due to the widespread adoption of online banking.
Interpol claims in the report that 90% of African businesses are operating “without the necessary cybersecurity protocols in place”.
In 2016, says Interpol, cybercrime cost the South African economy $573 million, while the Nigerian economy lost $500 million and Kenyan economy an estimated $36 million.