Internet attacks are targeting new organizations, particularly those located in regions where the idea of information security and prevention management is still in infancy. Cybercriminals spare none — they target new startups and smaller businesses with almost an equal force as they would do it to any high-value organization. Today, we will focus on the rise in internet attacks on organizations based in Africa. African countries such as South Africa, Ivory Coast, Nigeria, Uganda, and Kenya have emerged as hot targets for internet attackers. For example. MTN Uganda had reported a mobile internet fraud in 2020 targeting its service provider Pegasus Technologies. The hack had led to millions of dollars in loss, followed by an “indefinite suspension” of mobile money transaction services. Nigerian banks too suffered an onslaught of internet attacks in the same period, which forced The Central Bank of Nigeria (CBN) to take a few corrective measures against information leaks perpetrated through mobile devices using advanced cybercrime techniques for phishing, impersonation, COVID-19 relief fund frauds, social engineering and ‘donation frauds.’
Compared to the global scenario, Africa continues to lag behind other regions in online activities and internet penetration rates. In December 2021, the internet penetration rate in Africa hovered at around 43%, abysmally below the global average of 66.2%. However, this hasn’t prevented attackers from targeting internet users in Africa. According to Kaspersky researchers, businesses in Kenya reported 88 455 infections in 2021, which swelled to 130 111 infections in the first four months of 2022. Similarly, small businesses in Nigeria are still in danger, facing an 89% increase in Remote Desktop Protocol attacks in 2022. In 2022, the number of Trojan-PSW (Password Stealing Ware) detections in Nigeria more than doubled when compared to the same period in 2021.
InfoSec Insights:
How MSPs Can Stand Out as Cybersecurity Leaders
Internet attacks in 2022 are a clear indication of Africa’s lack of preparedness.
A part of the problem lies with overlooked IT security — which is not just prevalent in Africa, but across all parts of the world. Another problem is linked to the workforce ignoring red flags while working remotely.
Denis Parinov, a security researcher at Kaspersky says –
“With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups. Cybercriminals are already way ahead of the curve, so much so that virtually every organization will experience a breach attempt at some point. For small companies today, it’s not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT specialist is no longer a luxury but a must-have part of your business development.”
When a small business owner is faced with the responsibilities of production economics, financial reports, and marketing all at the same time, cybersecurity can often appear complicated and, at times, unnecessary. However, this disregard for IT security is being exploited by cybercriminals.
Kaspersky researchers have assessed the dynamics of attacks on small and medium-sized businesses between January and April 2022 and the same period in 2021, to identify which threats pose an increasing danger to entrepreneurs.
Malware Insertion and Trojan Password Heists are Major Internet Attacks
In 2022, the number of Trojan-PSW (Password Stealing Ware) detections in Kenya increased by 16% when compared to the same period in 2021 – 12 639 detections in 2022 compared to 10 934 in 2021. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the corporate network and steal sensitive information.
Recommended ITechnology News: Mendix Expands Relationship with Capgemini to Digitize and Streamline Insurance Industry
Another popular attack tool used on small businesses in Kenya is Internet attacks, specifically, web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&C centers, etc. The number of these attacks increased by 47% in the country. In comparison to 88 455 infections in 2021, Kaspersky researchers detected 130 111 infections in the first four months of 2022.
With the shift towards remote working, many companies have introduced the Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home. While the overall number of attacks on RDP has decreased slightly in Kenya, globally this threat is still a challenge.
For example, in the first trimester of 2021, there were about 47.5 million attacks in the U.S., whereas for the same period in 2022 the number had risen to 51 million.
How IT Security Prevents Internet Attacks
Having a special security solution enables attack visualization and provides IT Administrators with a convenient tool for incident analysis. The faster they can analyze where and how a leak occurred, the better they will be able to solve any negative consequences. The new edition of Kaspersky Endpoint Security Cloud, dubbed Kaspersky Endpoint Security Cloud Pro contains advanced new capabilities, including automated response options and an extended set of security controls in a single solution. The Pro version also includes built-in training for IT workers seeking to boost their cybersecurity skills and make the most out of their specialized security products.
Even small businesses with limited IT resources still need to protect all their working devices, including computers and mobile phones, from cyber threats. The updated Kaspersky Small Office Security (https://bit.ly/3t4dH5i) is a key tool for startups, small online stores, and local businesses to keep all of their work devices protected, and safely transfer any valuable business-related files and avoid falling victim to ransomware.
More from Kaspersky:Kaspersky Survey Shows Cybersecurity Incidents Remain Significant Consumer Stressor
How can Businesses in Africa Protect their Online Assets
To protect your business, Kaspersky recommends:
Cybersecurity training and InfoSec Frameworks: Provide your staff with basic cybersecurity hygiene training as many targeted attacks start with phishing or other social engineering techniques.
Use Endpoint Security Tools: Use a protection solution for endpoints and mail servers with anti-phishing capabilities to decrease the chance of infection through phishing emails.
Take Data Backups: Always safeguard corporate data and devices, including by using password protection, encrypting work devices, and ensuring data are backed up.
Don’t Ignore Device Safety: Keeping work devices physically safe – do not leave them unattended in public, always lock them and use strong passwords and encryption software.