According to Kaspersky Lab research, South Africa suffers from 36.8% online threat detections, and while the number might seem high, Kaspersky Lab’s Sergey Novikov, Deputy Director of Global Research and Analysis , says it low when taken in context.
“It is low, but that is malicious hosts in the country for META region. Even Turkey on a global scale is small, and the US is number one. South Africa is very low, and it sits somewhere in the middle. In terms of Africa, as a developing market, it is similar to the global numbers. South Africa might be a bit behind, but sooner or later it comes to SA – like mobile threats, botnets and ransomware,” Novikov told IT News Africa during the company’s annual Security Analysis Summit in Budapest, Hungary.
He added that phishing and malware attacks are lower in Africa as compared to other continents, because language plays a huge role. Nigeria only suffered from 3.6-million local threat detections in 2013, while only 23.7% of Kenyans suffered a similar fate.
“Phishing attacks are mainly in the English language. Users in countries where the first language isn’t English are less likely to click on links if the mail is in English. But they are not immune – the local language is a different story, as new malware targeting like spearphishing has become more of a problem.”
Asked if it is known what the ratio is between the number of phishing mails sent out by cybercriminals and the click-through rate frm this emails, Novikov said that it is virtually impossible to know the numbers, and one would be better off asking the criminals themselves.
“We don’t know that ratio, and it’s better to ask the bad guys. But of course it is profitable, otherwise they wouldn’t be doing it. They are earning more money than the Anti-virus industry, and malicious mobile apps are very popular now, and to them it matters how many people are infected.”
In terms of the worst malware that Novikov has seen, he explained that Stuxnet ranks fairly high on his list.
“Stuxnet is a very good example of the worst malware – it was very sophisticated. It was the first real example of a cyber-weapon, and it was also the first example of nation-sponsored malware which changed the understanding of how it works. The Mask was also one of the biggest – it was the most complicated and had a huge amount of rootkit functionality and modules for all platforms, even iOS,” he explained.
He further stressed that iOS devices can be infected, and that it is purely a myth that Apple device are immune to malware or viruses.
“It is definitely a myth that iOS can’t be infected, and it is not true. It can still be infected but there are only about two or three malware that can infect it. There are real malware on the App store but Apple shuts it down completely when detected. It’s much better than Google’s market place.”
But Novikov was quick to add that that there are still content threats and that Apple’s App Store is still a problem. He added that phishing related to Apple devices are still high.
“Compared to PC malware it is low, but malware is increasing in the wild for Mac. FlashBack and FlashFake hit millions of Mac users and caused a global epidemic. If you compare the amount of users, there has never been such a high percentage of infections.”
With interesting names such as Stuxnet, FlashFake, The Mask and NetTraveler, one can only wonder how and who comes up with these catchy names.
Novikov explained that the anti-virus companies who discover the pieces of malware name them, but that they never use a word in the code of the malware as a name. “It will always be changed, and we like to play on words. It is just so that the malware creators don’t know that we are specifically talking about their code or malware.”
Charlie Fripp – Consumer Tech editor