The telecommunications supplier for the African nation of Namibia suffered a major ransomware assault late final 12 months, changing into a visual image of the merging of two developments within the area: rising assaults on vital infrastructure and the rising risk of ransomware.
Final month, Telecom Namibia alerted prospects {that a} profitable assault by the ransomware-as-a-service (RaaS) group Hunters Worldwide led to customers’ data being leaked on-line. The corporate is working with legislation enforcement businesses and third-party incident responders to uncover extra particulars, CEO Stanley Shanapinda stated in a Dec. 16 assertion.
“Initially, it appeared that no delicate data was compromised, however current analyses confirmed that some buyer information was compromised,” he stated. “The risk was contained about three weeks in the past and additional assaults on our programs and third events have been prevented, [but the exposed information] was leaked on the darkish net … after we refused to barter to pay any ransom that will have been demanded.”
Namibia isn’t alone in changing into a goal for cyberattackers targeted on profiting off of compromised infrastructure programs. In June, South Africa’s Nationwide Well being Laboratory Service (NHLS) suffered a ransomware assault that disrupted programs, deleted backups, and took weeks for the government-run community of healthcare testing laboratories to get better. In July, Hunters Worldwide exfiltrated greater than 18GB of knowledge from the Kenyan City Roads Authority (KURA). The identical month, the Nigerian Laptop Emergency Response Staff (ngCERT) warned that the Phobos RaaS group had focused vital cloud companies serving the nation’s organizations, with at the very least one profitable compromise.
Telecoms, Essential Infrastructure within the Crosshairs
Total, ransomware accounted for a 3rd of profitable assaults within the area, together with assaults on power agency Eneo in Cameroon in January 2024 and industrial organizations in Egypt and South Africa all year long, in accordance with information from Optimistic Applied sciences, a cybersecurity agency that operates within the area.
The telecommunications and manufacturing sectors have been additionally closely focused, with every sector accounting for 10% of profitable assaults, says Alexey Lukatsky, managing director and cybersecurity enterprise marketing consultant at Optimistic Applied sciences.
“These assaults are pushed by components similar to speedy digital transformation, geopolitical tensions, and insufficient cybersecurity measures defending vital infrastructure,” he says. “The rising quantity of person information and increasing digital networks make sectors like telecommunications notably engaging targets for cybercriminals in search of monetary acquire or partaking in cyber espionage.”
The development will proceed in 2025, as a result of the speedy digitization throughout a number of industries continues to outpace implementation of cybersecurity measures, Lukatsky says. The outcome: a rising assault floor space that continues to be weak.
“Sectors similar to power, telecommunications, and manufacturing will proceed to be prime targets for cybercriminals and APT teams, motivated by monetary acquire, information theft, or geopolitical goals,” he says.
The Age of RaaS
The rise of ransomware-as-a-service choices has additionally accelerated assaults on vital infrastructure, says Avinash Singh, a pc science lecturer and head of the Clever Cyber Forensics Lab on the College of Pretoria in South Africa. RaaS has taken off in Africa, partly as a result of some ransomware gangs look like utilizing African organizations as testbeds for his or her newest assaults, in accordance with an October 2024 report.
“The RaaS mannequin permits attackers to concentrate on high-value targets, similar to giant firms or vital infrastructure suppliers, the place the potential ransom payout is considerably increased,” Singh says. “Cyberattacks on vital infrastructure stay among the many most profitable for cybercriminals, as these programs present important public companies, and their disruption may cause vital societal and financial injury.”
As well as, ransomware teams are usually not concentrating on simply African companies and authorities businesses, but additionally these organizations’ third-party suppliers, Singh says. Distributing malicious variations of standard software program has turn out to be a well-liked option to infect private and enterprise gadgets within the area. A March 2024 assault concentrating on members of a well-liked Discord neighborhood, for instance, contaminated builders with information-stealing malware by compromising a developer’s account and poisoning the repository.
Most of the threats affecting African builders are the identical as these affecting the worldwide cyber panorama, he says.
“Through the years, risk actors have demonstrated a broad array of techniques, strategies, and procedures, together with hijacking GitHub accounts, malicious Python packages, organising pretend Python infrastructures, and using subtle social engineering methods,” Singh provides.
African organizations must work to enhance the cyber consciousness of their workers and prospects and set up safe practices whereas pursuing digitization, he recommends. The dangers posed by cyberattacks will seemingly solely improve, because the geopolitical tensions rise within the area and worldwide, in accordance with Singh.
“Whereas Africa is probably not a primary goal in comparison with different continents,” he says, “many geopolitical components can affect cyber risk actions, notably when state-sponsored actors are concerned.”
