Sunday, May 26, 2024
No menu items!

New Cyber Threats Emerge: Most Wanted Malware in Africa

Must Read

Check Point® Software Technologies Ltd. has released the Global Threat Index for March 2024. Recent investigations have unveiled cybercriminals’ use files to distribute the Remote Access Trojan (RAT) Remcos, circumventing conventional security protocols.

8 African countries are among the top 20 countries most targeted by cyber criminals.  These are Ethiopia (2), Zimbabwe (3), Maldives (4), Kenya (7), Uganda (8), Angola (11), Morocco (17) and Nigeria (20).  South Africa has dropped eight places and ranks 64th as the most targeted.

Remcos, a well-known malware dating back to 2016, has resurfaced with a new attack strategy, infiltrating victims’ devices and granting cybercriminals unfettered access. Threat actors have repurposed Remcos from its original use for legitimate remote system management to execute malicious activities, including data exfiltration, keystroke logging, and transmission of sensitive information to designated servers. Moreover, the RAT boasts mass mailer capabilities, enabling the orchestration of distribution campaigns and the establishment of botnets. In March, Remcos ascended to the fourth position on the top malware list, underscoring its escalating threat level.

Maya Horowitz, VP of Research at Check Point Software says, “The evolving tactics of cyberattacks underscore the dynamic nature of cybercriminal strategies. It is imperative for organizations to adopt proactive cybersecurity measures, including robust endpoint protection and comprehensive employee training, to safeguard against evolving threats.”

Check Point’s Ransomware Index sheds light on ransomware activities through “shame sites” operated by double-extortion ransomware groups. Lockbit3 continues to lead the ranking with 12% of reported attacks, followed by Play at 10%, and Blackbasta at 9%. Notably, Blackbasta has surged into the top three, following its recent cyberattack on Scullion Law, a Scottish legal firm.

Top Three Malware Families in Africa:

  1. FakeUpdates: A JavaScript downloader, known as SocGholish, responsible for distributing additional malware payloads. The average global impact of FakeUpdates is at 6.47%, in South Africa it is at 8.55% while Nigeria is at 29.73%
  2. Qbot: A multipurpose malware targeting credential theft, keystroke logging, and additional malware deployment. The average global impact of Qbot is 2.66%, in South Africa it is at 3%, Nigeria at 6.7% and Zimbabwe at 40%.
  3. Formbook: An Infostealer targeting Windows OS, renowned for its strong evasion techniques and affordability in underground forums. The average global impact of Qbot is 2.43%, South Africa at less than 1% and Mozambique at 3.12%.

Top Mobile Malware in Africa:

  1.  Anubis – Anubis is a banking Trojan malware designed for Android mobile phones.Since its initial detection, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger, audio recording capabilities, and various ransomware features. It has infected hundreds of different applications available in the Google Store.
  2. AhMyth – AhMyth, discovered in 2017, is a Remote Access Trojan (RAT). It is distributed through Android apps found on app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, usually used to steal sensitive information.
  3.  Cerberus – First seen in June 2019, Cerberus is a Remote Access Trojan (RAT) with specific banking screen overlay functions for Android devices. Cerberus operates in a Malware as a Service (MaaS) model, taking the place of discontinued bankers like Anubis and Exobot. Its features include SMS control, keylogging, audio recording, location tracker, and more.

Top-Attacked Industries in Africa and globally:

Last month Education/Research remained in first place in the most attacked industries globally, followed by Government/Military and Communications. In Africa however, Retail/Wholesale, Communications and Utilities are at the top of the list.

Global Industries

  1. Education/Research
  2. Government/Military
  3. Communications

Africa Industries

  1. Retail/Wholesale
  2. Communications
  3. Utilities
  4. Government/Military
  5. Finance/Banking

Top Ransomware Groups Globally

This section features information derived from ransomware “shame sites” operated by double-extortion ransomware groups which posted the names and information of victims. The data from these shame sites carries its own biases, but still provides valuable insights into the ransomware ecosystem.

Lockbit3 accounted for 12% of the published attacks last month, making it the most prevalent ransomware group, followed by Play with 10% and Blackbasta with 9%.

  1. Play – Play Ransomware, also referred to as PlayCrypt, is a ransomware group that first emerged in June 2022. This ransomware has targeted a broad spectrum of businesses and critical infrastructure across North America, South America, and Europe, affecting approximately 300 entities by October 2023. Play Ransomware typically gains access to networks through compromised valid accounts or by exploiting unpatched vulnerabilities, such as those in Fortinet SSL VPNs. Once inside, it employs techniques like using living-off-the-land binaries (LOLBins) for tasks such as data exfiltration and credential theft.
  2. Blackbasta – BlackBasta ransomware was first observed in 2022 and operates as ransomware-as-a-service (RaaS). The threat actors behind it mostly targets organizations and individuals by exploiting RDP vulnerabilities and phishing emails to deliver the ransomware.

The evolving threat landscape necessitates heightened vigilance and proactive cybersecurity measures across industries in Africa. Organizations should fortify their defenses and prioritize cybersecurity resilience to mitigate the risks posed by emerging malware strains and exploitation tactics.

- Advertisement -

Regular Vigilance Crucial for Spotting Software Breaches

Chief Technology Officer for Obsidian Systems, Karl Fischer, says "Constant vigilance is essential to identifying software security breaches." Fischer recounts,...
Latest News
- Advertisement -

More Articles Like This

- Advertisement -