ADF STAFF
As Africa’s online community continues to grow, hackers and other malicious actors are waiting to invade those expanding networks to steal valuable data.
A recent study by IBM’s Security X-Force cyberthreat analysts showed that so-called “backdoor” attacks were among the most popular way for hackers to gain access to computer systems across Africa. Like an army invading a castle by sneaking through its sewer pipe, the attacks give hackers a way around a computer system’s firewalls and other safeguards.
Those backdoor attacks can set the stage for the theft of personal data or the release of ransomware, which locks down a computer system until hackers are paid.
“Be prepared,” the report’s authors write. “Attacks are inevitable; failure doesn’t have to be.”
About 45% of Africa’s 1.3 billion people have internet access. Nigeria has the continent’s largest number of internet users at more than 109 million and is one of the countries in Africa most frequently targeted for cyberattacks.
The COVID-19 pandemic prompted African countries to expand their internet systems, with millions of users adopting online banking and money transfers.
However, the rapid internet growth happened with little consideration for the security measures needed to protect data and privacy, Nigerian cybersecurity expert Abdul-Hakeem Ajijola told ADF. Ajijola leads the Strategic Road Map Action Plan Committee of the Nigeria Data Protection Bureau.
A 2021 Interpol investigation of Africa’s cybersecurity system found that weak networks and poor security made the continent particularly vulnerable to online attacks.
The IBM X-Force report found that backdoor attacks account for 27% of hacking against computer systems in the Middle East and Africa, which IBM combines for its analysis. Nearly 45% of those attacks targeted the continent’s financial institutions.
At the same time that cyberattacks have shifted to backdoor invasions, credit card information theft dropped from 61% of cases in 2021 to less than a third of them in 2022, the report says.
The reason is simple: Hackers can charge clients with malicious intentions as much as $10,000 for backdoor access to a computer system. Credit card numbers, on the other hand, go for $10 each.
Extortion accounted for the single-largest form of backdoor attack, with 27% of cases. Although about 17% of cases were some form of ransomware, hackers more often appeared to be targeting personal identifiable information (PII), such as birthdates, identification numbers and biometric data.
“PII can either be gathered and sold on the dark web or other forums, or used to conduct further operations against targets,” the X-Force report notes.
Hackers most often gain access to networks when computer users fall victim to phishing attacks, according to the report. Phishing is when a hacker creates an email or website to trick a person into clicking on an attachment that downloads malware or logging onto a fraudulent website and sharing personal information such as passwords, account numbers and other private information.
More than 60% of phishing attacks used attachments to lure computer users into unwittingly inviting attackers into their networks. Malicious links accounted for a third of phishing attacks, according to the X-Force report.
To protect their systems from hackers, X-Force recommends that the companies and governments that maintain African internet systems pay attention to likely threats and act to prevent them.
“Organizations must assume that they already have been compromised,” the report’s authors wrote.
As part of the report, Frida Kleimert Knibbs, IBM’s security leader for the Middle East and Africa, stressed the critical role of threat intelligence in safeguarding computer systems from attacks.
“As the security landscape evolves, it is crucial to prioritize threat intelligence and strengthen defenses,” Knibbs said.