There has been a sharp rise in cyber-attacks in Nigeria, as the country ranked 19th on the global rankings for attacks in July.
According to Check Point’s latest ‘Global Threat Index’ for July 2024, the country had a normalised risk index of 76.2. The cybersecurity provider stated that July recorded a concerning rise in cyber threats on the continent, with several countries now among the most attacked globally.
It highlighted that the recent exploitation of a security flaw in the CrowdStrike Falcon sensor underscored the vulnerabilities faced by organisations in the region. In July 2024, Ethiopia held the top spot among all the countries surveyed.
Zimbabwe was the third most attacked country globally. Kenya and Ghana ranked 11th and 15th, respectively. South Africa placed 59th. Other African countries in the top 20 most vulnerable to malware attacks are Angola (5th) and Mauritius (9th), reflecting the escalating cyber risks organisations face on the continent.
“These rankings highlight the urgent need for enhanced cybersecurity measures for African businesses and organisations. The evolving threat landscape, coupled with recent vulnerabilities like the CrowdStrike Falcon sensor exploit, continues to pose significant risk,” said Issam El Haddioui, Head of Security Engineering, EMEA – Africa.
In July 2024, FakeUpdates (SocGholish), Remcos, Qbot, Phorpiex, and Vidar were the most prevalent malware on the continent. The most attacked industries were government/military, finance/banking, utilities, communications, and education/research.
Read also: Africa worst hit as cyberattacks surge 30% globally
The most prevalent malware in Nigeria as of July included:
Androxgh0st: This botnet targets Windows, Mac, and Linux platforms. It exploits multiple vulnerabilities, specifically targeting- the PHPUnit, Laravel Framework, and Apache Web Server. The malware steals sensitive information such as Twilio account information, SMTP credentials, AWS key, etc.
FakeUpdates: Fakeupdates (AKA SocGholish) is a downloader written in JavaScript. It leads to system compromise via many additional malware, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.
Allcome Clipper: This clipboard hijacker targets cryptocurrencies by replacing clipboard (copy-paste buffer) data for outgoing transactions. It can result in severe privacy issues, significant financial losses, and identity theft.
Phorpiex: This botnet (aka Trik) has been active since 2010 and, at its peak, controlled more than a million infected hosts. It is known for distributing other malware families via spam campaigns and fueling large-scale spam and sextortion campaigns.
Expiro: This is a polymorphic file infector first seen in 2010. It inserts its malicious code into executable files on the infected host. These files lead to new infections when they are run on other machines. They steal user and system information from Windows and FTP credentials.
Read also: Cybersecurity is a global imperative as no one is immune — Will Stevens
Qbot: also known as Qakbot, is a sophisticated and multifunctional malware that emerged as a banking trojan in 2007. It facilitates various cybercriminal activities, including credential theft, ransomware delivery, and enabling backdoor access to compromised systems.
Remcos: This RAT first appeared in the wild in 2016. It distributes itself through malicious Microsoft Office documents attached to SPAM emails and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges.
DarkGate: Active since December 2017, is a sophisticated Malware-as-a-Service (MaaS) known for its wide-ranging capabilities, including credential theft, keylogging, screen capturing, and remote access. It is used in diverse attack strategies, including phishing emails and exploiting communication platforms like Microsoft Teams.
Nitol: This is a bot agent that targets the Windows platform. This malware collects basic system information and sends it to a remote server.
Vidar: This is an info stealer that targets Windows operating systems. It was first detected at the end of 2018 and is designed to steal passwords, credit card data, and other sensitive information from various web browsers and digital wallets.
El Haddioui further stated that it has become imperative for organisations to invest in advanced security solutions and foster a culture of cyber resilience.
“The continued rise of malware like Remcos, driven by security flaws, highlights the opportunistic nature of cyber criminals. Organisations in Africa must adopt robust endpoint protection, vigilant monitoring, and comprehensive user education to mitigate these growing threats,” Maya Horowitz, VP of Research at Check Point Software, added.
