About 10% of computers experienced at least one malware attack in 2020, research by cybersecurity multinational Kaspersky shows.

In some African countries, including South Africa, the figure was only slightly under the global 10% average, making the African region comparable to North America or Europe in terms of cyberattacks, the firm notes.

In some parts of the continent, in countries like Liberia, Tunisia, Algeria and Morocco, Kaspersky has seen a slightly higher rate, while other parts show a lower rate of 5% or 6% on average.

Further, for the first quarter of this year, the figures were only slightly lower than 10% in relative and absolute terms.

Although Africa is not necessarily considered a focus area for the more sophisticated types of cybercriminal activity, such as targeted attacks or advanced persistent threats (APTs), the continent is not immune to these or other types of cyber-risks, warn Kaspersky’s researchers.

“Based on our research, Africa has the same hit rate as we would see for other parts of the globe when it comes to cyberattacks and activity.

“This only emphasises that the cyberthreat landscape truly does incorporate the whole globe, where no continent or country is free of this growing danger and where all consumers, businesses and industries need to pay attention to effective cybersecurity measures, and especially during the current pandemic and resultant turbulent times,” says Kaspersky principal security researcher David Emm.

In South Africa, Kenya and Nigeria, Kaspersky’s research has identified the top malware families as ransomware, financial or banking trojans, and crypto-miner malware.

When comparing the first and second quarters of this year, Kaspersky noted a 24% increase in ransomware attacks in South Africa, as well as an increase of 14% in crypto-miner malware.

In Kenya and Nigeria, Kaspersky saw a significant increase in financial or banking trojans in the second quarter, compared with the figures for the first quarter, with a 59% increase in Kenya and a 32% increase in Nigeria.

The financial services sector remains a top target in Africa when it comes to cybercriminal activity and cyberthreats, which is not surprising, considering the ‘digital first’ approach this sector continues to take, driven by the needs and expectations of its customers.

“It is relatively easy for a hacker to target an individual and capture passcodes, one-time passwords and install malware on their computers to get financial information. Increasingly, this is expanding to financial institutions, given the number of new entrants emerging in the market. For hackers, online or cyberfraud offers direct monetisation of an attack and gives them access to money as quickly as possible,” adds Emm.

Financial-based malware and cyberattacks are also becoming more targeted, complicated and difficult to prevent and, with digital transformation progressing at a rapid rate within this a sector, there is no shortage of attack surfaces for cybercriminals to exploit.

“While the bulk of attacks are still speculative and randomly targeting individuals and businesses, there has been a shift, with an increase in APTs and more strategically targeted attacks. These use continuous, clandestine and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period, with potentially destructive consequences.

“Owing to the time and effort required to perpetrate such an attack, these are often levelled at high-value targets, such as nation States and large businesses,” adds Emm.

While, on a technical level, not much has changed when it comes to cyberattacks, what is different is that the pandemic presents a persistent topic in which the world has a vested interest. Unlike the Olympics or Valentine’s Day, the pandemic offers a wealth of opportunities for cybercriminals to use malware to attack – from the daily numbers and lockdown restrictions to vaccinations.

Another concern is that, as the cyberthreat landscape evolves, the nature of malware is changing.

“Ransomware, for example, was initially randomly targeting as many people as possible, hoping for a relatively small amount of money paid in ransom.