Africa continues to be plagued by malware.
Recently, countries such as Zambia, Uganda, and Tanzania have regularly been in the top ten threat indexed countries, last year it was Angola, Namibia, and Djibouti that tended to feature. The most recent threat index (Checkpoint, May 2017) lists Zambia as the highest risk country in the world, with Nigeria at number two. Uganda, Malawi and South Africa were ranked 7th, 8th, and 9th respectively. This demonstrates a jump for South Africa from 22nd position in April up to 9th in just one month. Volatility is the one defining characteristic for the rankings of African countries, and finding economic powerhouses Nigeria and South Africa both in the top ten is no surprise – these countries are where malware has the opportunity to do its most financial damage.
Mauritius 6th Globally for Cybersecurity
It’s not all bad news, however. Mauritius has made the top 10 Global Cybersecurity Index list for 2017, achieving a position of 6th globally and scoring particularly high in legal and technical areas.
The GCI is a survey produced by the International Telecommunication Union (ITU) to measure the commitment of Member States to cybersecurity in order to raise awareness. GCI 2017 highlights that the Computer Emergency Response Team of Mauritius (CERT-MU), through the Botnet Tracking and Detection project, is able to take proactive measures to curtail threats on different networks across the country. According to the report, capacity building is another area where Mauritius does well.
Seasonal Variations of Malware Attacks
That said, Africa, in general, continues to struggle under various waves of malware attacks. These waves fluctuate in direct correlation with times of year and socio-political events. Kenya for example, sees the cybercrime threat landscape accelerate during election cycles. With Kenya’s election looming, on August 8th, the government has taken steps to upgrade security measures – planned investment was cited at $50 million USD.
Governments have sizable budgets to allocate, but what about businesses? Malware families that target corporations in Africa continue to grow and are often resurrected versions of old malware variants.
Africa’s exponential growth and the associated expansion of IT connectivity and business has led to the continent becoming a high value target for cyber-attack. The key underlying reality that contributes to the spread of malware in Africa is that of pirated software. The infection rates for infrastructures in African countries run between 57% and 98%.
The Impact of Pirated Software
When businesses run off of pirated software there are no security patches or updates applied, which is the most glaringly obvious security lapse from an IT perspective.
However, even with valid and legal software, fully patched and updated, malware will still attack and some will succeed in overcoming defenses. A recent Crowd Research Partners report found that 44% of security threats go undetected by automated security tools. To make matters worse, the average security breach goes undetected for over 6 months. Six months is a long time for an organization to unknowingly live with malware.
Defense is Not Enough
Firewalls, AV, whitelisting and other defensive solutions simply cannot protect businesses against what they do not know exists. Malware is evolving all the time, whether modified versions of old malware, or zero day attacks of previously unseen and unheard of malware variants.
Whether it’s the Dexter malware that struck Point of Sale systems in South Africa or fileless malware that infected banks and institutions in Kenya and Uganda, the reality of malware and its impact on African enterprises is plain for all to see.
African countries lost over $2 billion USD in 2016, and that number is likely to climb once the numbers are tallied for this year.
Enterprises must take steps to combat malware proactively. One way to do that is to adopt a threat hunting platform, to buttress the defensive measures taken.
Whether executing regular compromise assessments or incorporating an enterprise solution such as Infocyte’s HUNT platform into the standard operating procedure, organizations simply must accept the new reality of today’s threat landscape and adjust accordingly.
Modernize Your Security Posture with Infocyte HUNT™
Enterprises using Infocyte HUNT are able to determine and enforce HOW LONG malware is allowed to persist undiscovered after it breaches existing defenses. That time frame may be one week, one day, 12 hours or any period of time that an enterprise decides is appropriate.
Infocyte HUNT uses dissolvable agents that validate that each endpoint in an organization is ‘clean’ and malware free. HUNT uses volatile memory analysis, memory un-mapping techniques and more to collect the required information from each endpoint. HUNT then analyses the gathered data and delivers clear, easy to read reports that even junior IT administrators can work with to address potential breaches.
HUNT effectively delivers a solution that equips enterprises with the skill set of a highly specialized Forensic Analyst, executing the work in a fraction of the time and cost that a dedicated specialist would require.
Read more about Africa’s unique challenges with malware, and how Infocyte HUNT can offer businesses an easy to use platform that hunts malware.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »