A ransomware bug infecting computer systems across Africa is the latest evidence that cybercriminals are using the continent as a testing ground for new attacks.
The Medusa virus targets businesses and government agencies, locking users out of the system and threatening to expose sensitive information if a ransom is not paid. It has hit the Kenya Airport Authority, banks in South Africa, and other companies and organizations. The London-based cybersecurity company Performanta studied the attacks and discovered what appears to be a strategy to focus initially on organizations in countries with limited experience in cyber defense, including countries in Africa.
“In order to achieve a more cyber-safe environment for all organisations globally, we need to increase awareness of this growing issue,” said Performanta CEO Guy Golan, as reported by the cybersecurity news site Dark Reading. “It is only through understanding the trends and patterns of geopolitical cyber warfare that will enable us to bring clarity to the global threat landscape.”
Dr. Robinson Sibe, CEO of the Nigeria-based cybersecurity company Digital Footprints, says that although the “rapid growth in connectivity” in Africa has been positive from a developmental perspective, “it also translates to a sudden surge in vulnerable users and a widened attack surface.” Via email, Sibe told ADF that cybercriminals “simply take advantage of the low cybersecurity readiness and capability maturity of institutions in the African continent.”
“A lot of the institutions in Africa, both public and private, have a very low level of cybersecurity readiness and are therefore vulnerable,” he wrote. “The cybercriminal will be more motivated to target a vulnerable target.”
Cybercrime takes many forms. Norwich University notes that criminals who infiltrate computers and networks have developed malicious software and social engineering techniques to commit different types of cybercrime. The university breaks cybercrime into five categories:
- Criminal hacking is the act of gaining unauthorized access to computer or network data. Hackers exploit weaknesses in the systems to steal data ranging from personal information and corporate secrets to government intelligence. Hackers also penetrate networks to disrupt government and business operations. Authorities say that such hacks cost billions of dollars each year.
- Malware, or malicious software, refers to any programming designed to interfere with a computer’s normal functioning or to commit a cybercrime. Malware has been around since computers became widely available, with an entire industry devoted to blocking it. Common types of malware include viruses, worms, invasive trojans and various hybrid programs. Subsets of malware include adware, spyware and ransomware. “Locking valuable digital files and demanding a ransom for their release, ransomware attacks are commonly executed using a trojan — malware that disguises its true intent,” Norwich reports. “Ransomware typically infiltrates via email, luring a user to click on an attachment or visit a website that infects their computer with malicious code.” Ransomware targets have included utilities, hospitals, schools, state and local governments, law enforcement agencies, and businesses.
- When someone unlawfully obtains another person’s personal information and uses it to commit theft or fraud, it’s identity theft. Not all identity thefts are a result of cyberattacks, but malware such as trojans and spyware is often used to steal personal information. Phishing, the fraudulent practice of sending emails or other messages purporting to be from reputable companies to obtain personal information such as passwords and credit card numbers, is a form of identity theft. Phishing attacks on businesses now have their name: business email compromise.
- Social engineering is the psychological manipulation of people into performing actions or disclosing confidential information. Cybercriminals use social engineering to commit fraud online. Online dating sites can provide opportunities to initiate conversations with potential victims to cone them out of their money.
- Software piracy is the unauthorized reproduction, distribution and use of software. In the early days of personal technology in African countries, computers commonly were loaded with pirated software containing viruses. Pirated software takes the form of counterfeited commercial products, including operating systems and office software. The trade group BSA estimates that as much as 37% of software installed on personal computers globally is unlicensed. Cybercriminals often add malware to pirated software.
The advent and improvement of artificial intelligence (AI) will add another layer of complexity to dealing with cybercrime. The X-Force Threat Intelligence Index 2024, compiled by a team of hackers, responders, researchers and analysts, noted that generative artificial intelligence, which uses deep learning models to create new content including text, images, music, audio and videos, will force everyone to review how they define and respond to cyber threats.
“Policymakers, business executives, and cybersecurity professionals are all feeling the pressure to adopt AI within their operations,” the index noted, as reported by Business Insider Africa. “And the rush to adopt [generative] AI is currently outpacing the industry’s ability to understand the security risks these new capabilities will introduce.”
The plague of ransomware
Ransomware dates to 1989 and has become a destructive force nearly everywhere computers are used. Victims often refuse to disclose whether they paid ransoms, and if so, how much. In its annual crime report, cryptocurrency-tracing company Chainalysis calculated that ransomware payments exceeded $1.1 billion in 2023, based on its tracking of those payments across blockchains. It was the highest number the company had ever measured for a single year, and nearly double for the year before.
Dr. Nate Allen, an associate professor at the Africa Center for Strategic Studies, says that African countries and companies have become ransomware targets.
“Ransomware is a big threat, in part because at times ransomware will hit key elements of critical infrastructure, such as ports, electricity grids or government services,” he said in an email to ADF. “All have been disabled by ransomware in various parts of Africa in recent years. And it is a particular challenge for Africa because, while African countries do not have the same degree of technology-dependent critical infrastructure found in Western countries, what they do have often serves significant portions of the population and can run on outdated software, which makes for an appealing target.”
Sibe and Allen agree that business email compromise, or BEC, has become a huge scam in Africa and will result in sophisticated phishing attacks on unsuspecting users.
“According to FBI estimates, BEC actors have been responsible for tens of billions of dollars of losses,” Allen told ADF. “They were among the most prolific groups of hackers that committed insurance and benefit fraud during the COVID-19 pandemic, stealing hundreds of millions, if not billions, of dollars in aid meant for people who had lost jobs or had to put their lives on hold due to the pandemic.”
In a 2023 report, the consultancy Control Risk reported that cybercrime issues likely will become “increasingly relevant” across Africa as cybercriminals become more sophisticated. The report said that businesses operating in Africa and African companies looking to expand outside the continent “will increasingly need to consider cybersecurity alongside physical security in their planning.” Businesses operating in Africa are likely to face increasingly sophisticated cybersecurity threats and growing exposure to physical issues, such as geopolitical competition or crime, becoming more prominent in cyberspace, the report said.
Outside hackers
Studies show that some cybercrime in Africa is homegrown. But Sibe noted that there are “abundant sources” to show that many cyberattacks in Africa come from bad actors in countries outside the continent.
“There have been several reports of cyberattacks in Africa, linked to Russian threat actors and their proxies in the African space,” he wrote. “Also, last year, during Nigeria’s elections, the Minister of Communication and Digital Economy announced millions of cyberattacks targeting the country’s election infrastructure. According to the statement, most of these originated outside the country (and continent).
“In one of the earlier state elections, some of the attacks reportedly emanated from Asia. In 2021, the Nigerian Computer Emergency Response Team issued an advisory that an Iranian hacking group known as Lyceum was targeting telecoms companies and Ministries of Foreign Affairs, in Nigeria and other African nations.”
Sibe also noted that in 2022, Russian cybercriminals were blamed for attacks on popular Nigerian betting websites and others. He noted that in 2023, there were reports of Chinese state-sponsored threat groups carrying out sustained attacks targeting telecommunications companies and government institutions in African countries.
Lack of awareness
Sibe says that a major problem for many African nations is that they suffer from a lack of cybercrime awareness.
“Like it is commonly said, the user is quite often the weakest link in a security implementation,” Sibe told ADF. “No matter what security deployments are put in place, without a capable user, there will always be challenges. That said, African institutions and countries need to invest in cybersecurity to improve their resilience and readiness. Most institutions have little or no budget for cybersecurity. Organizations need to build their cyber-resilience through improved infrastructure, processes and regular training of staff.”
He added that there needs to be closer collaboration between public and private institutions, as well as better follow-through on prosecuting cybercrime cases. He noted that there is dedicated cybercrime legislation in most African countries, but unless the justice systems and law enforcement agencies are “forensically ready,” the cybercriminals will always take advantage of the gaps in prosecution.
“Beyond this, Africa has one of the lowest numbers of cybersecurity experts in the world,” he said. “You cannot wage a formidable war against cyber criminals without competent staffing. To solve this sustainably, governments need to strategically strengthen educational institutions. The idea is to raise competencies to fill the widening gap in cybersecurity talents.”
Allen said that fighting cybercrime is complicated by the fact that it may be too confining a term for what is happening in Africa.
“This is because there is increasingly a ‘cyber’ element to most everything we do, including in the security domain,” he said. Abuse of cyber resources, he said, can include state-sponsored espionage and surveillance; cyber subversion or blackmail targeting key institutions or individuals; and the increasing reliance of military systems, including those being deployed in Africa, on a variety of digital technologies.
Allen noted that economic growth in Africa will depend largely on how well nations deal with cybercrimes.
“Economic growth in Africa and across the world is increasingly tied to digital growth,” he wrote. “Studies have estimated, for example, that for every 10% increase in connectivity in Africa, you get a 2.5% increase in gross domestic product. At the same time, cybercrime is on pace to become a $10 trillion industry by 2025. The point is you can’t have digitally enabled growth without secure digital systems, and in so far as systems in Africa are particularly vulnerable to cyber threats, it will be a drag on economic prosperity.”
By ADF