From Spy Trojans to Ransomware: Cyberthreats industrial organisations in Africa should be aware of

From Spy Trojans to Ransomware: Cyberthreats industrial organisations in Africa should be aware of

02 Jun 2024

Share

According to Kaspersky statistics, in the first quarter of 2024, the percentage of Industrial Control Systems (ICS) computers globally on which malicious objects were blocked decreased by 1.3 percentage points (pp) from the first quarter of the previous year - to 24.4%. In Africa the amount of malware remained almost unchanged, on a level much higher compared to other regions - 32.4% of ICS computers in Africa faced cyberthreats in the first quarter of 2024. In South Africa the figures are 23.5% in Q1 2023 and 25.5% in Q1 2024, Kenya – 28.1% and 30.5%, while in Nigeria – the figures grew from 25.3% to 28%.

In the first quarter of 2024, Kaspersky's protection solutions blocked malware from 10,865 different malware families of various categories on industrial automation systems. The African region is over-exposed to threats spreading via the Internet, which are the most common initial-access tools for cyber attackers. The region also leads in charts of malware spread via removable devices (5.6% of ICS computers faced it, compared to the global figure of 1.13%), which is the other way for cyber attackers to try to bypass the safeguards at the perimeter and to spread within the internal infrastructure.

Malicious objects that are used for initial infection of computers include dangerous Internet resources that are added to denylists (this threat was blocked on 8.78% of ICS computers in Africa), malicious scripts and phishing pages (6.9%), and malicious documents (1.83%). These malicious objects are normally used at the initial phases of the attack chain. As a result, they are blocked by security solutions more often than everything else. This is normally reflected in Kaspersky Security Network statistics.

Malicious objects used to initially infect computers deliver next-stage malware – spyware, ransomware, and miners – to victims' computers. Spyware (Trojan-Spy malware, backdoors and keyloggers), which is mostly used to steal money or confidential data, is also widespread both globally and in Africa (blocked on 6.65% of ICS computers in Africa).

Worms and viruses are types of self-propagating malware. To spread across ICS networks, viruses and worms rely on removable media, network folders, infected files including backups, and network attacks on outdated software. This type of malware is very active in African countries compared to other regions and global average. Extremely high rates of self-propagating malware in the region most probably mean there’s a significant portion of OT infrastructure yet to be protected by security solutions (which is where the malware continuously spreads from) and there’s room for improving the overall cybersecurity culture to follow strict cybersecurity policies.

ICS computers in Africa continue to face covert crypto-mining programs - miners in the form of executable files for Windows and web miners, though this type of malware is decreasing in the recent years. If successfully installed these provide cybercriminals steady earnings from using victim’s computer processing power.

Since AutoCAD software is widely used in ICS organisations, cybercriminals also try to make use of this and similar programs creating special malware, detection of which increased in the first quarter of 2024 compared to previous quarters.

The Middle East and Africa lead among regions where ransomware is spread; though not high in numbers (0.28% and 0.27% of ICS computers faced these respectfully), this may pose serious risk to organisations, especially if data encryption scenario is selected by cybercriminals.

“Africa is actively integrating technologies, but it's important to keep cybersecurity in mind and apply it to both new technologies and currently used solutions. By a security mindset we mean implementing reliable solutions, setting up security policies and educating employees depending on their level of relation with OT. This applies to all infrastructures, but is especially important in operational technology, where risks of material consequences are very high and impact on safety is possible. We hope organisations in Africa will set the stage in the region for a future where technology and security go hand in hand,” says Evgeny Goncharov, Head of Kaspersky’s ICS Cyber Emergency Response Team.

A full report on ICS threats in the first quarter of 2024 is available at ICS CERT website.

 

Sign up to receive our newsletters and magazine free - click here.

Navigating the 6GHz spectrum dilemma: Balancing 5G and WiFi in South Africa

Wireless spectrum is the lifeblood of communication, and the most important legislative decisions is deciding who gets it and for what purpose

02 Jul 2024

SA company extends its footprint into Côte d'Ivoire

Côte d'Ivoire’s dynamic economy, coupled with ongoing infrastructure developments and increased mining is a key market for SA companies

Today 08:33

DORA: What you need to know if you trade in the EU

DORA, EU’s Digital Operational Resilience Act will come into force in January 2025.  There will be harsh financial penalties for non-compliance

03 Jul 2024

First samples from the moon’s farside

These samples could provide novel geologic insight into the Moon’s formation and history

03 Jul 2024

Recycling of end-of-life solar panels a costly process

It is illegal to landfill solar panels thus finding cost-effective and efficient recycling methods is essential.

03 Jul 2024

IITPSA scores three major sponsorships

Industry sponsorship of professional bodies, like the IIPSA , are important initiatives to support development of professionalism

02 Jul 2024

Breaking News: New Minister of Communications and Digital Technologies appointed

Communications and Digital Technologies boss becomes the deputy as  a new minster is appointed

30 Jun 2024

New technique to increase the capacity of sodium-ion batteries

The largest obstacle in renewable energy is thew development efficient storage systems  

 

 

30 Jun 2024

Taking the pressure out of water pressure measurement

Water treatment systems in metropolitan areas demand careful monitoring and management processes across sprawling networks

30 Jun 2024
Artist impression of Teraco CT2

Ecosystem-rich data centres become central to AI and data exchange

Ecosystem-rich data centres, with seamless movement of data are set to play a vital role in the future of AI and data-intensive applications

30 Jun 2024

Time magazine names semiconductor company as the “World’s most sustainable”

TIME has partnered with research agency Statista to name the World’s most sustainable companies

28 Jun 2024

The Rise of the Chief AI Officer: Keys to success

Organisations are strategising how they can accelerate and coordinate their adoption of the latest and greatest technology.

 

26 Jun 2024

MagazineClick to view

EngineerIT July 2024 Issue

View PDF

EngineerIT June 2024

View PDF

EngineerIT May 2024 Issue

View PDF

Podcasts / Panels

ARMCOIL WEBINAR OCTOBER 2023
01 Nov 2023
Efficiency and Reliability: Exploring Surface & Underground MV Substations with ArmCoil on 26 October 2023.
19 Oct 2023
The importance of Metrology in manufacturing PANEL DISCUSSION
26 Aug 2023
Is it the end of the road for on-premise data centres?
24 Jul 2023
Is facial recognition secure enough to replace fingerprints?
12 Jun 2023
More