Türkiye and Kenya had the highest number of users exposed to online threats in the first quarter of 2025, followed Qatar, Nigeria and SA, according to cyber security firm Kaspersky.
In the case of SA, 17.5% of internet users, or around 8.75 million people, were exposed to online threats in the first three months of 2025, which can include malware programs, remote desktop protocol attacks, phishing, exploits, botnets or injection attacks.
Türkiye had just over a quarter (26.1%) of its online population, or around 20 million people, affected by online threats. Kenya says 20.1% of its online population (5.5 million) was affected. Qatar was next (17.8%, or around half a million users), followed by Nigeria (17.5%, or almost 19 million), followed by SA.
Sergey Lozhkin, head of the company’s global research and analysis team in the APAC and META regions, speaking at the firm’s annual cyber security press conference in Phuket, Thailand, said the company gathers its threat statistics from botnets, honeypots and search bots, as well as spam traps and information gathered from the dark net.
“These countries were always important on the political stage, and this directly affects the cyber criminals' affinity with these countries,” he says.
Kaspersky said it was currently monitoring 25 APT groups active in the META region, including SideWinder, Origami Elephant and MuddyWater. Ransomware, meanwhile, remained one of the destructive cyber threats, and has affected a higher share of users in the Middle East due to rapid digital transformation in the region and varying degrees of cyber security maturity.
According to Kaspersky, ransomware is less prevalent in Africa because of lower levels of digitisation and less high-value targets compared to other regions. The company said, however, it expected ransomware incidents to rise in SA and Nigeria, as the countries expand their digital economies, with sectors such as manufacturing, financial services and the public sector particularly at risk.
Lozhkin said the last two years have seen the increasing adoption of AI technologies by cyber criminals. He said AI would be of limited assistance to inexperienced criminals, who will not be able to create dangerous malware that can bypass protection systems. “But if you’re an experienced malware developer, AI will help you.”
He said AI can also assist bad actors with mass phishing and targeted phishing campaigns. It can also be used to automate polymorphic stealth ransomware, which can change its own code and make it more difficult to detect.
Lozhkin said criminals are also making use of the Xanthorox AI framework, which was created specifically for cyber criminals. “You pay, login and then you can get all the power of dark AI to create malicious code, deepfake videos and professional phishing e-mails.” He said Xanthorox AI can also be used to create deepfake audio, which will reproduce someone’s speaking voice from a snippet of audio.
Share