A concerning trend has surfaced in the ever-evolving landscape of cyber threats, putting African nations at the forefront of hacker targets.
Recent findings from Check Point® Software Technologies shed light on the top 10 African countries most susceptible to cyber threats, particularly through the use of Remote Access Trojans (RAT).
According to the report, cyber threats have been particularly severe in Africa, with countries like Mauritius, Nigeria, Morocco, and Kenya being targeted and attacked.
The report further highlights the expanding reach of the sophisticated RAT AgentTesla, driven by a new and complex mal-spam campaign using corrupted email attachments. The education sector continues to be the prime target, underscoring the ongoing vulnerability of this industry to cyberattacks.
The report, focusing on October 2023, underscores a significant uptick in cyber threats directed at government agencies and organizations across the Middle East and Africa. The primary weapon of choice? Remote Access Trojans, or RATs, are a form of malware enabling hackers to gain remote control over compromised systems.
Among the highlighted threats, the sophisticated RAT AgentTesla and NJRat take centre stage, propelled by a complex mal-spam campaign utilizing corrupted email attachments.
AgentTesla, for instance, cunningly disguises itself within archive files bearing a malicious Microsoft Compiled HTML Help (.CHM) extension. Often camouflaged as routine order and shipment documents, these files find their way into victims' systems through email attachments with .GZ or .zip extensions, leading unsuspecting recipients to unwittingly download the malware.
Once entrenched, AgentTesla exhibits a range of detrimental capabilities, from keylogging and capturing clipboard data to accessing file systems and clandestinely transmitting stolen data to a Command and Control (C&C) server.
NJRat, the other prominent player in this cyber threat landscape, boasts a multitude of capabilities, including keystroke capture, unauthorized camera access, credential theft from browsers, file uploads and downloads, process and file manipulations, and desktop surveillance.
Its mode of infection varies, spanning phishing attacks, drive-by downloads, and propagation through infected USB keys or networked drives, aided by Command & Control server software.
The impact of NJRat is particularly notable in South Africa, where its prevalence hovers just above 2%, while Morocco experiences a higher incidence at 8%, with a notable focus on governmental organizations in the Middle East.
Here are the top 10 African countries most vulnerable to cyber threats, according to the report.