Digital security company ESET, in its bi-annual ‘Threat Report’, says phishing remains the top cybersecurity threat across Africa, making up 34% of all detected attacks.

South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks, with 40% of ransomware attacks, and just under 35% of infostealer incidents, detected on the continent in the second half of 2024 occurring in South Africa.

“Being at the forefront of the continent’s digital transformation and having a relatively strong economy puts South Africa in the crosshairs for sophisticated cyberattacks. Cybercriminals know that businesses, government and individuals store a significant amount of their information online, which means ample opportunity for attacks,” says ESET chief security evangelist Tony Anscombe.

“Given the economic status of the country, they are also likely to be able to pay ransoms and meet demands,” he says.

In June 2024, South Africa’s National Health Laboratory Service reported that it was hit with a ransomware attack, which disrupted its systems, deleted backups and stole 1.2 TB of data, while it was dealing with an mpox outbreak. The breach put sensitive medical data of millions of patients at risk.

More recently, in January, the South African Weather Service disclosed that its ICT-base systems were disrupted by an attack led by ransomware-as-a-service group RansomHub, which has racked up hundreds of victims since they were first detected at the start of 2024, ESET says in the report.

Ransomware, infostealers and phishing are not new threats, but are always evolving, which means that defences need to adapt to keep companies protected.

“Ransomware, for example, used to cast a wide net to see how many victims they could catch, but the new trend is that cybercriminals are being more specific about who they are targeting based on who has the power to pay, or is likely to have cyber insurance, including government, financial institutions, insurance companies and medical digital infrastructure,” says Anscombe.

Meanwhile, in terms of emerging global trends, company-branded and deepfake content that targets social media users with fraudulent investment schemes increased by 335% during the six-month period.

The rise in deepfake scams aligns with the growth of generative AI over the past year, which is a trend that ESET expects to continue this year.

Cybercriminals leverage AI-generated content to lure people into fraudulent investment schemes, buying specific cryptocurrencies or pulling their money from banks, as a way to benefit their own investment strategies, ESET notes in the report.

Further, there was also a worldwide rise in so-called cryptostealers across multiple platforms.

“With cryptocurrencies reaching record values in the second half of 2024, cryptocurrency wallet data and credentials have become one of the prime targets of malicious actors. According to our data, the increase was the most dramatic on macOS, where password-stealing-ware more than doubled compared to the first half of the year,” says Anscombe.

The second half of 2024 also gave rise to a new scam targeting users of popular accommodation booking platforms, such as Booking.com and Airbnb.

Using a toolkit named Telekopye, originally developed to defraud people on online marketplaces, the scammers use compromised accounts of legitimate accommodation providers to single out people who have recently booked a stay, then target them with fraudulent payment pages, says ESET Threat Detection director Jiří Kropáč.

Further, the ransomware landscape was reshaped by the takedown of former leader LockBit, creating a vacuum to be filled by other actors. RansomHub, which was first spotted in the first half of 2024, had stacked up hundreds of victims by the end of second half of the year, establishing itself as the newly dominant player.

The data and expert insight for the report was collected between June and November 2024.