Cybersecurity firm Positive Technologies has revealed a worrying increase in cyberattacks targeting government institutions and financial organizations across Africa in its 2023–2024 report. These sectors remain the most attractive to cybercriminals, driven by motives such as financial gain, espionage, and activism.
Key Insights from the Report
Targeted Sectors
- In Ghana, 29% of successful cyberattacks are directed at government institutions, while 22% focus on financial organizations.
- On the dark web, government and financial sectors dominate discussions, accounting for 19% and 13% of listings, respectively.
Threat Actors and Motivations
- APT groups are responsible for 46% of attacks on government institutions, aiming to collect data and conduct cyber espionage.
- Hacktivists account for 18% of attacks on government entities, often with ideological motives.
- Financial institutions are primarily targeted for data theft and unauthorized access to sensitive systems, with 64% of dark web posts about this sector focusing on selling stolen data.
Methods of Attack
- Malware leads as the most common tool, used in 43% of attacks on organizations and 53% of attacks on individuals.
- Ransomware and spyware were employed in one-third and one-fourth of successful cyberattacks, respectively.
- Vulnerabilities in network perimeters and poorly configured services were exploited in 18% of attacks on organizations.
Regional Impact
- Cyberattacks in Africa are concentrated in South Africa (22%), Egypt (13%), Nigeria (27%), and Algeria (17%).
- The industrial sector accounts for 10% of attacks, targeting production processes and sensitive information.
- Telecommunications organizations are also heavily targeted due to their vast personal data repositories.
Dark Web Data
- More than half of African-related databases on the dark web are distributed for free, while network access is sold for an average of $2,970.
- 74% of dark web posts involving African organizations center on selling access to major corporate networks.
Recommendations for Strengthening Cybersecurity
Positive Technologies recommends the following steps to combat the growing threats:
- Regularly update cybersecurity strategies and conduct risk assessments.
- Identify critical infrastructure vulnerabilities and mitigate risks.
- Train employees in basic cybersecurity practices.
- Allocate funds for developing in-house cybersecurity expertise.
- Encourage collaboration between government and private sectors to strengthen defenses.
- Promote international partnerships for threat intelligence sharing and capacity building.
Conclusion
The rapid adoption of digital technologies across Africa has created new opportunities for cybercriminals. Governments and businesses must work together to safeguard sensitive data, prevent disruptions, and enhance the continent’s cybersecurity posture.