South Africa saw a 123% increase in malware in the first half of this year, compared to the same period in 2024.
Furthermore, banking trojans grew 136%, and infostealers increased by 122%, over the same period.
These insights – as well as ransomware trends and the impact of supply chain attacks − were revealed during a media session on the local cyber threats landscape, hosted by cyber security firm Kaspersky, in Johannesburg, this week.
Maher Yamout, lead security researcher in Kaspersky’s Global Research and Analysis Team, explained that spyware attacks happened 3.6 times more often in that time period, up by 264%. “Now, a 264% increase…shows a lot of victims were affected and that there is a real increase in the numbers.”
On banking trojans, he said this is any trojan or malware that compromises banking financials, like the username and password for banking details or crypto accounts.
He noted that infostealers remain concerning for consumers and enterprises, becoming a mainstream trend over the last few years.
“For example, threat actors will send an attachment in an e-mail and once it is opened, it will exploit the weakness and malware will be installed. However, if you patch, you are likely to avoid being infected.”
Furthermore, ransomware remains a leading cause of corporate cyber incidents in SA, with targeted groups selecting high-value victims across government and enterprise.
Yamout described supply chain attacks as becoming a bit “too common”. The impact of supply chain associated risks usually lead to data leaks and breaches, unauthorised access and the potential to spread malware, he explained.
If an attacker wants to compromise an entity, the most common way nowadays is phishing attacks, he added.
“They send a phishing document with the link and hope to trick you to click or open the file. However, if 80% of the time they aren’t successful, they will rely on using other techniques for the other 20% of the time.
“One of these current techniques is supply chain attacks. They will compromise one of the entities that a victim (an intermediary) relies on and go through that trusted channel to get inside.
“This is a long shot that attackers are using, so that they can stay stealthy as much as possible because they are using or exploiting a trusted channel.
“One of the trusted channels…is the exploitation by the attackers of a known tool or known software on the internet, which is an open-source tool most of the time.”
Share