An analysis of cyberattacks in Africa has revealed that internet users are more likely to face malware related attacks hidden within their devices.
This is according to research conducted by Kaspersky which showed that in 2020, 25% of private users in South Africa, 40% in Kenya and 38% in Nigeria experienced cyberattacks classified as ‘local’, which means they are detected either on users’ devices or on portable data storage devices, such as flash drives.
In comparison, web attacks only affected 9% of users in South Africa, 11% in Kenya and 8% in Nigeria.
The research also revealed that the statistics were similar for corporate users in these regions where South Africa had 23%, Kenya 29% and Nigeria 35% of users who encountered such local threats within 2020.
Kaspersky noted that there has been an increase in the sophistication of such threats, which may be hiding on the user’s device within a seemingly legitimate file for a while, to fly under the radar, and only strike later.
Denis Parinov, a cybersecurity expert at Kaspersky said, “The cyber threat landscape across Africa is constantly evolving. A few years ago, there were much more drive-by attacks – cases when different malicious software is downloaded and being run while the user simply browses the Internet.”
“Nowadays, most of the web-threats “stays in browser”: they specialise in content replacement, browser locking or clickjacking, online-skimming, cookie stuffing, etc.,” added Parinov. “Now the situation when a user could download a malicious file directly is not too often. It’s more common for a malware to be disguised as something else to hide from the security solutions, remaining an unseen threat to users.”
“The good news however is that modern security solutions are too advanced for such malware to fly under radars – it is more likely to be blocked either during the initial scan of the file by a security solution that happens by default, or within the very moment such programs attempt to launch,” concluded Parinov.
To protect against cyber threats including malware, it is recommended that users keep to the following guidelines:
- Do not follow dubious links from letters, messages in instant messengers or SMS.
- Regularly install updates for the operating system and applications.
- Install applications only from official stores.
- Use complex and different passwords for accounts.
- Regularly copy important data from your device to the cloud, to a USB flash drive or hard drive.
- Do not give applications access to those functions that they do not need.
- Install a reliable security solution.
Organisations are encouraged to provide training to improve cyber literacy among their employees.