Africa is not immune to evolving APT techniques
Research from Kaspersky revealed an overall decrease in certain malware families and types in sub-Saharan Africa (SSA) in H1 2020: 36% decrease in SA, 26% decrease in Kenya and a 2.7% decrease in Nigeria.
However, the company stresses that cyber threat remains rife, and Africa is not immune to the evolving techniques of advanced persistent threats (APTs), as well as the possibility of being a future target of hacking-for-hire threat actor groups.
Hackers for hire
Kaspersky research has found that globally, APT groups are evolving their techniques and are upgrading their toolset to continue stealing private data. In addition, the security company has seen a rise of hackers-for-hire or cyber mercenaries during the first two quarters of 2020. In fact, three cyber mercenary groups have been exposed across the world this year alone.
Although this type of activity has only taken place outside of Africa so far, Kaspersky warns that the region may become a focus of these groups in the coming months and businesses and entities need to have an understanding of these emerging threats, along with the threat of APTs.
Hackers-for-hire or cyber mercenaries are not always motivated by money like traditional cyber crooks, but often steal private data to monetise it in a different way – usually for the purpose of providing advice or insights, based on the data, to share value of a competitive advantage.
“For example, a bank might get targeted and have its data analysed to gain an understanding of its market exposure, clients, and back-end systems. A competitor can use that to gain significant benefit. The reality is that in this evolving cyber threat landscape, no company or government institution can consider themselves safe,” the company says.
In SA, Kenya and Nigeria, APT groups are exploiting the current uncertainty around COVID-19 to steal sensitive information.
In addition, several sophisticated techniques have also emerged that are delivering malware in non-conventional ways. While malware attacks in SA, Kenya and Nigeria decreased overall during the first two quarters of 2020, certain malware types, such as the STOP ransomware, are becoming increasingly popular with certain bad actors.
The same applies to financial malware in SA and Nigeria as examples. Although it decreased in these areas, some types of financial malware are growing in popularity thanks to their unique techniques. This highlights the fact that attacks are becoming more targeted at specific companies, in specific regions and for specific purposes.
The top industries under attack in Sub-Saharan Africa in H1 2020 include government, education, healthcare, and military. While government and military present compelling - and obvious - targets, education and healthcare are often used as pivot points to gain access to other institutions. Sometimes, an entity is a victim while other times it is the target.
The top three threat actors in these regions in this regard are TransparentTribe, Oilrig, and MuddyWater.
The rest of 2020 will likely see APT groups and hacking-for-hire threat actors increase in prominence across the globe, comments Maher Yamout, senior security research, Global Research & Analysis Team at Kaspersky.
“We also anticipate that cyber criminals will increase targeted ransomware deployment using different ways," Yamout adds. "These can range from trojanised cracked software to exploitation across the supply chain of the targeted industry. Data breaches will certainly become more commonplace especially as people will continue to work remotely for the foreseeable future while exposing their systems to the Internet without adequate protection,”
While prevention is ideal, detection is critical, he says.
“Realistically, no organisation or government department can prevent everything. But if there is an understanding of the technology environment and having the ability to detect any deviation from the baseline, decision-makers will go to great strides in mitigating the risk of compromise and by understanding the threat dynamics, organisations can better protect themselves from evolving cyber attacks.”