Kaspersky’s latest research suggests that South Africa, Kenya and Nigeria are facing a decrease of ordinary threats
By Edlyn Cardoza
According to Kaspersky’s latest research on the threat landscape trends, South Africa, Kenya and Nigeria are facing a dramatic change in the threat landscape. While regular, self-propagating malware is decreasing dramatically, as it is no longer effective and cannot fly under security radars, the region will see the growth of new cybercrime models in the upcoming year.
While comparing the overall number of mass cyberattacks in 2021, security researchers at Kaspersky noticed a 7.5% decrease in Nigeria, a 12% decrease in South Africa and an unprecedented 28.6% decrease in Kenya. Such a change was the introduction and popularisation of new cybercrime models in the region, with cybercrime tools becoming more targeted and a long-running trend where malware creators rely not on the technical advantage of their technologies over security protection but on the human factor. This has stimulated the evolution of phishing schemes in 2021. In particular, the region saw a wave of ‘Anomalous’ spyware attacks.
The usual phishing spyware attack begins when attackers infect a victim by sending them an e-mail with a malicious attachment or a link to a compromised website and ends when the spyware is downloaded and activated on the victim’s device. Having gathered all necessary data, the operator usually ends the operation by leaving the infected system unnoticed. In anomalous attacks, however, the victim’s device becomes a source of data and a tool for spyware distribution. Having access to the victim’s email server, the malware operators use it to send phishing emails from a legitimate company’s email address. In this case, anomalous spyware attacks an organisation’s server to collect stolen data from another organisation and send further phishing emails.
“The Anomalous spyware attacks have a huge potential for growth in South Africa, Kenya and Nigeria in 2022, because unlike regular spyware the entry level for attackers who wish to employ this tactic is significantly lower – since instead of paying for their own infrastructure, they abuse and employ the victims’ resources. We see that cheaper attack methods have always been on the rise in the region and cybercriminals quickly pick up on new tactics. Kaspersky therefore suggests that in the nearest future, these countries should be prepared for such attacks”, says Maria Garnaeva, Senior Security Researcher at Kaspersky ICS CERT team.
However, the mass-scale attacks are not disappearing but instead transforming. Garnaeva also reports on mass-scale and pervasive fake installers campaigns, where fake pirated software sites serve up malware as a service. The scheme is usually the following: users search for a free version of an extremely popular legitimate spyware. The cybercriminals are offering them a fake installer using ‘black SEO technic’ – the abuse of the legitimate search engines, resulting in the offering of the fraudulent websites first. As a result of software installer execution, a few dozen malware samples are downloaded and installed to turn the infected devices into a part of the Glupteba botnet. The fake installers campaign and botnet have been highly active in South Africa in 2021 and continue to evolve, yet it is scarcely researched.
“While the Glupteba botnet seems to be a threat for consumers, we are still researching it and keeping an eye on its behaviour since some distributed malware resembles APT-related samples like Lazarus APT groups and were recently used in the largest DDoS attack in Russia. It is too early to say it with a high level of confidence, but these factors may suggest that we are now entering the era where APT actors start to use existing malware distribution platforms which makes an attribution of such attacks harder and opens a new vector similar to supply chain attacks,” adds Garnaeva.
IBSi Daily News Analysis
May 31, 2023
Deepfakes and generative AI trigger more online identity verification in FSRead More
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage