According to global cybersecurity company ESET's bi-annual Threat Report, South Africa is the most targeted country in Africa for infostealer and ransomware attacks. Data and insight collected between June and November 2024 revealed that over 40% of ransomware attacks and just under 35% of infostealer incidents on the continent occurred in South Africa. Across Africa, phishing remains the top threat, making up 34% of all detected attacks. 

“Being at the forefront of the continent’s digital transformation and having a relatively strong economy puts South Africa in the crosshairs for sophisticated cyber-attacks. Cybercriminals know that businesses, government and individuals store a significant amount of their information online, which means ample opportunity for attacks. Given the country's economic status, they are also likely to be able to pay ransoms and meet demands,” says Chief Security Evangelist at ESET, Tony Anscombe. 

In June 2024, South Africa’s National Health Laboratory Service (NHLS) reported that it was hit with a ransomware attack, which disrupted its systems, deleted backups, and stole 1.2 terabytes of data – in the middle of dealing an mpox outbreak. The breach also put millions of patients' sensitive medical data at risk. More recently, in January 2025, the South African Weather Service disclosed that its ICT-base systems were disrupted by an attack led by ransomware-as-a-service group RansomHub – who have racked up hundreds of victims since they were first detected in early 2024. 

“Ransomware, infostealers and phishing are not new threats – but they are always evolving, which means our defences must adapt to protect us. Ransomware perpetrators, for example, used to cast a wide net to see how many victims they could catch, but the new trend is that cybercriminals are being more specific about who they are targeting based on who has the power to pay, or is likely to have cyber insurance – including government, financial institutions, insurance companies and medical digital infrastructure,” says Anscombe.  

Global data – emerging trends 

Company-branded and deepfake content that targets social media users with fraudulent investment schemes increased by 335% - ESET bi-annual Threat Report. 

The ESET Threat Report also highlighted worldwide trends, including a rise in so-called crypto stealers across multiple platforms; “With cryptocurrencies reaching record values in the second half of 2024, cryptocurrency wallet data and credentials have become one of the prime targets of malicious actors. According to our data, the increase was the most dramatic on macOS, where password-stealing ware more than doubled compared to the first half of the year,” says Anscombe. 

The rise in deepfake scams aligns with the growth of generative AI over the past year – a trend that ESET expects to continue into 2025. Cybercriminals leverage the AI-generated content to lure people into fraudulent investment schemes, buy specific cryptocurrencies, or pull their money from banks, as a way to benefit their own investment strategies.

The ESET Threat Report is released twice a year and includes data from across the globe – as well as expert insight on key trends. To access the full report, click here.