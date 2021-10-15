Business

30,000 malware attacks blocked in Nigeria, others

Out of the over 206,000 mobile malware attacks blocked by Kaspersky solutions for the Middle East, Turkey and Africa (META) region in just six-months measured, between January and June 2021, over 30,000 of these attacks combined originated from Nigeria (14,071), Kenya (10,697), and South Africa (5,499). Significantly, for African countries monitored, Nigeria only trails Egypt (19,466) by the number of attacks blocked, pointing to how prevalent mobile threats have become in this highly connected country. In fact, Kaspersky’s latest research shows that when looking at the top ten countries by share of users attacked by mobile malware Nigeria places eighth (at 11.76 per cent). Even though Kenya and South Africa might not feature as prominently, the mobile malware threat is still a concern, along with the shift to more targeted based attacks these countries are seeing.

The top three most prevalent malware behaviours that Kaspersky has seen in Kenya and Nigeria are Trojans, Trojan-Downloaders and Trojan-Droppers. In South Africa, these are Trojans, Trojan- Proxy and Trojan-Downloaders. A Trojan is a type of malware that is often disguised as legitimate software, which attackers can use to try and gain access to user systems. As the name suggests, Trojan- Downloaders download and install new versions of malicious programmes, including Trojans and Adware on victim computers. Meanwhile, Trojan- Droppers usually save a range of files containing malicious programmes to the victim’s drive.

Once installed, a Trojan- Proxy allows an attacker to use the infected device as a proxy to connect to the Internet. “Mobile malware remains a significant threat for corporate and personal users across Africa. These attacks are usually very diverse with hackers leveraging a range of methodologies and technologies to compromise victim’s devices. Trojan-Downloaders and Trojan- Droppers are especially dangerous given their potential to contain significantly damaging payloads,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa. In addition to installing cybersecurity solutions on their mobile devices, like Kaspersky Total Security, the organisation also advised users to create a strong password. It noted that by putting a strong password on their smartphone, the device can become unusable if it is lost or stolen and the password attempt fails a certain number of times.

It also advised that since mobile malware uses text messages, users should never respond to requests for credit card details or other private information. “Check your browser for the lock symbol. The lock icon in the address bar indicates that the sight is secure when entering personal data. “Install apps from reputable sources. Popular shopping sites such as Amazon or eBay have their own mobile applications. You must check to see they are the official apps from the company before you initiate a download. This can be done by checking the developer information and user ratings on the download page,” it noted. Two months ago, Kaspersky researchers identified the top malware families in Nigeria, South Africa and Kenya as ransomware, financial/banking Trojans and crypto-miner malware. In a report, Kaspersky researchers said when comparing the first quarter of 2021 with second quarter of 2021, Kaspersky saw a 24 per cent increase in ransomware in the second quarter of 2021 in South Africa, as well as an increase of 14 per cent in crypto-miner malware.

In Kenya and Nigeria, Kaspersky saw a large increase in financial/banking trojans in the second quarter of 2021 when compared to the figures for the first quarter of 2021 – a 59 per cent increase in Kenya and a 32 per cent increase in Nigeria. “While the bulk of attacks are still speculative and randomly targeting individuals and businesses, there is a shift happening with the increase of APTs and more strategically targeted based attacks,” said David Emm, principal security researcher at Kaspersky. He said these use continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period, with potentially destructive consequences. “Because of the time and effort required to perpetrate such an attack, these are often levelled at high value targets, such as nation states and large businesses,” added Emm.

“Take ransomware as an example. In the beginning, it was very random targeting as many people as possible hoping for a relatively small amount of money paid in ransom. During the past five years, there has been a shift with a decline in the number of ransomware families being developed as well as an overall global decline in attacks. “However, attackers are now focusing on specific companies and individuals where they can get the maximum benefit. The new approach of ransomware is to expose data, negatively impacting the reputation of a company. To this effect, financial crime has become more sophisticated and organised.”

