Photo credit: www.darkreading.com

Increasing Cyber Threats in Africa: A Case Study of Namibia

Telecommunications provider Telecom Namibia recently became a focal point in the escalating issue of cyberattacks in Africa, particularly those targeting critical infrastructure. The company faced a serious ransomware attack late last year, highlighting an alarming trend in the region which has seen a spike in such threats.

In December, Telecom Namibia informed its customers that their data had been compromised due to an attack by the ransomware-as-a-service (RaaS) group known as Hunters International. The company’s CEO, Stanley Shanapinda, mentioned that despite initial assessments indicating no sensitive information was at risk, subsequent evaluations revealed that customer data had indeed been affected. Following the incident, the company has sought assistance from law enforcement and external cybersecurity experts to understand and mitigate the situation. Shanapinda stated, “The threat was contained about three weeks ago, but the exposed information was leaked on the dark web after we refused to negotiate any ransom.”

This attack on Namibia is emblematic of a broader pattern across the continent. In June, a ransomware incident severely affected South Africa’s National Health Laboratory Service, crippling critical healthcare systems and causing significant delays in recovery. Soon after, more than 18GB of data was stolen from the Kenyan Urban Roads Authority by the same group. Moreover, Nigeria’s Computer Emergency Response Team has alerted organizations about targeted attempts by the Phobos group against critical cloud services, leading to at least one confirmed breach.

Telecommunications and Critical Infrastructure Under Siege

Recent data from Positive Technologies reveals that ransomware attacks account for a substantial portion of cybersecurity incidents across Africa, comprising roughly one-third of all successful attacks. Notable incidents have included ransomware operations against energy firms, such as Eneo in Cameroon, and various industrial companies in Egypt and South Africa throughout the previous year.

The telecommunications and manufacturing sectors rank among the most targeted, with each representing around 10% of successful attacks, according to Alexey Lukatsky, a cybersecurity expert at Positive Technologies. Lukatsky attributes the surge in these cyber threats to several factors, including rapid digital transformation, rising geopolitical tensions, and insufficient cybersecurity defenses. As digital networks and user data proliferate, the telecommunications sector becomes an increasingly attractive target for cybercriminals, who often seek financial gain or engage in cyber espionage.

Looking ahead, experts predict that the situation will only worsen. The ongoing digitization across various industries continues to evolve faster than the deployment of adequate cybersecurity protocols, thereby expanding the vulnerability landscape. Lukatsky emphasizes that sectors like energy, telecommunications, and manufacturing will remain prime targets in 2025 and beyond.

The Proliferation of Ransomware-as-a-Service

The emergence of ransomware-as-a-service (RaaS) has accelerated cyber threats against essential infrastructure, according to cybersecurity scholars such as Avinash Singh from the University of Pretoria. RaaS is gaining traction within Africa, with numerous ransomware criminals allegedly using the continent’s organizations for testing their attack methodologies, as noted in a recent report.

The RaaS framework allows perpetrators to target high-value entities—such as major corporations and infrastructure services—where the potential for ransom payouts is notably higher. Singh points out that attacks on critical infrastructure represent some of the most rewarding ventures for cybercriminals because disruptions to these systems can inflict widespread economic and societal damage.

In a worrying trend, ransomware groups are not just going after African organizations; they are also targeting their suppliers. Attack vectors include distributing infected software, which has become a common strategy for infiltrating devices. A security breach in March 2024, for instance, impacted developers by using compromised developer accounts to introduce information-stealing malware into their systems.

Singh warns that many cybersecurity threats facing African developers mirror those found globally. Over time, cybercriminals have employed diverse tactics, including hijacking accounts on platforms like GitHub and utilizing malicious software packages. He emphasizes the urgent need for African organizations to enhance cyber awareness and implement secure practices amid aggressive digitization efforts.

Amid rising geopolitical tensions, Singh predicts that the risks associated with cyberattacks are likely to amplify. “While Africa may not be the primary target compared to some other regions, various geopolitical factors can significantly influence cyber threats, particularly those linked to state-sponsored actors,” he observes.

Source
www.darkreading.com