In its latest bi-annual Threat Report, digital security firm ESET reveals that phishing attacks constitute 34% of all detected cyber threats across Africa.
The report revealed that South Africa was the most targeted country in Africa, accounting for 40% of ransomware attacks and nearly 35% of info stealer incidents in the second half of 2024.
ESET’s Chief Security Evangelist, Tony Anscombe, attributes this heightened targeting to South Africa’s advanced digital infrastructure and robust economy.
“Being at the forefront of the continent’s digital transformation and having a relatively strong economy puts South Africa in the crosshairs for sophisticated cyberattacks,” Anscombe notes.
He emphasizes that the substantial online presence of businesses, government entities, and individuals presents ample opportunities for cybercriminals.
“Given the country’s economic status, they are also likely to be able to pay ransoms and meet demands,” he adds.
Also read: Ransom payment decreased by 35% in 2024
Notable Cyber Incidents in South Africa
A notable incident occurred in June 2024 when South Africa’s National Health Laboratory Service (NHLS) suffered a ransomware attack. This breach disrupted operations, erased backups, and compromised 1.2 terabytes of sensitive patient data amidst an mpox outbreak.
More recently, in January 2025, the South African Weather Service reported disruptions to its ICT systems due to an attack orchestrated by the ransomware-as-a-service group RansomHub, which has amassed hundreds of victims since its emergence in early 2024.
More About the Report
On a global scale, the report identifies a 335% surge in deepfake scams and company-branded content used to deceive social media users into fraudulent investment schemes during the six-month period.
This rise correlates with the growth of generative AI, a trend ESET anticipates will persist. Cybercriminals are leveraging AI-generated content to entice individuals into bogus investments, promote specific cryptocurrencies, or withdraw funds from banks to manipulate markets for their gain.
Additionally, there has been an uptick in cryptostealer malware across various platforms. “With cryptocurrencies reaching record values in the second half of 2024, cryptocurrency wallet data and credentials have become one of the prime targets of malicious actors,” Anscombe observes.
ESET’s data indicates that macOS experienced the most significant increase, with password-stealing malware incidents more than doubling compared to the first half of the year.
The report also sheds light on a new scam targeting users of popular accommodation booking platforms like Booking.com and Airbnb.
Utilizing a toolkit named Telekopye, originally designed to defraud online marketplace users, scammers compromise legitimate accommodation provider accounts to deceive recent bookers with fraudulent payment requests.
Furthermore, the ransomware landscape has been reshaped following the takedown of the former leading group, LockBit.
This has created a void now being filled by other actors, notably RansomHub, which has established itself as a dominant player since its first detection in early 2024.
These findings underscore the critical need for continuous vigilance, advanced security measures, and user education to combat the evolving cyber threat landscape in Africa and beyond.
About Author
