Cyberattacks targeting government agencies and organizations have seen a sharp increase in Nigeria, other African countries, and across the Middle East. Recent data from Check Point® Software Technologies Ltd’s Global Threat Index for October 2023 revealed the severity of these attacks on the African continent, placing Mauritius, Nigeria, Morocco, and Kenya among the top 25 most-affected nations globally. South Africa followed closely, ranking 55th.

The report highlighted a significant surge in the use of Remote Access Trojan (RAT) attacks, which moved from sixth to second place in prevalence, focusing on government and organizational targets in the Middle East and Africa. The report noted that the RAT AgentTesla, a sophisticated form of malware, has expanded its reach through a complex “mal-spam” campaign that uses corrupted email attachments. Notably, education remains a primary target sector for these attacks.

Check Point’s Sales Engineer, Rudi van Rooyen, warned of the growing sophistication of cybercriminals’ tactics, including impersonating trusted brands and using malicious email attachments. He urged vigilance, particularly as the holiday season approaches, a period when online activities tend to increase.

The report further revealed that FormBook was the most prevalent malware in October, affecting approximately 3 percent of global organizations. As an infostealer targeting Windows operating systems, FormBook has impacted Kenya and Nigeria significantly, with rates of 16.9 percent and 9.2 percent, respectively, and 3 percent in South Africa. Marketed as “Malware as a Service” (MaaS) in underground forums, FormBook’s popularity stems from its evasion techniques and low cost, making it accessible to a broad range of cybercriminals. It can harvest credentials, take screenshots, log keystrokes, and execute remote commands.

Additional prevalent malware included NJRat, which focuses heavily on government agencies in the Middle East but is now growing across Africa, and Remcos, which spreads through malicious Microsoft Office attachments in SPAM emails. Remcos is designed to bypass security protocols on Microsoft Windows and run malware with elevated privileges, although its impact in Africa remains limited.

Recently, Nigeria experienced a cyberattack attempt by Anonymous Sudan, a hacktivist group attempting to disable MTN Nigeria’s network to protest Nigeria’s stance on the political situation in Niger. In response to increased cyber threats, Nigeria’s National Information Technology Development Agency (NITDA) recently issued a warning about cyber campaigns targeting government digital services, highlighting the hacktivist group’s politically motivated cyber actions and the associated risks to critical infrastructure.

The report emphasizes that across Africa, communications, ISPs/MSPs, finance and banking, and government and military sectors remain the most frequently attacked, underscoring the need for stronger cybersecurity measures across these high-risk industries.