Why cybercriminals are targeting South Africa and Kenya

January 7, 2017

Cyber criminals are having a field day in Africa and particularly in South Africa and Kenya. Studies show that many victims will be unaware that they have been compromised by cyber criminals until it’s too late. One of the challenges for law enforcement agencies is informing the public on the need to be vigilant and pro-active.Hatched and executed in Eastern European countries of Bulgaria, Poland, Hungary and Ukraine, an underground cyber-criminal gang is targeting vulnerable networks in Kenya and South Africa according to a private cyber security report. The report found Kenya and South Africa cyber threats includes but not limited to malicious IP addresses, suspicious URLs and phishing sites and they more than tripled in 2016. As two governments grapple with an increasing number of cyber attacks, an insider in cyber security agencies in one those countries, admitted to your blogger that most malicious attacks originate in Eastern Europe.It was found that in 2016 13,000 new harmful IP addresses were created every month in Kenya and South Africa alone.With cyber crime on the rise, the two countries have in recent past launched cyber security programs to ensure better protection for government agencies, business operations and individuals. But in this virtual world there are no national boundaries and criminals from any part of the world can launch an attack. Cyber attacks to these two countries in 2016 were routed through multiple jurisdictions to disguise the source and some insiders believe there may have been roles by states organs in those countries to launch the attacks. The eastern European phenomenon helps explains why in Kenya, authorities have joined forces with overseas law enforcement agencies to better coordinate efforts to combat criminal networks.The country has signed bi lateral agreements that can help in extradition of criminals in hacking systems in Kenya while Kenyans involved also face heft fines and deterring jail terms.

The data used for the report was captured, analysed and correlated by a data security platform, which reviewed URLs, domains, IP addresses and mobile apps. Although South Africa and Kenya only accounted for less than 1 per cent of global attacks, they featured in the top 10 most attractive locations for cyber threats. Phishing attacks have increased in Kenya but stagnated in South Africa. “We’ve seen a lot of attacks, specifically coming after the Kenya and South Africa market,” one of the report authors told your blogger. “I guess it’s no surprise, given that both Kenya and South Africa a well-performing economies with very internet connected societies, so they poses an attractive opportunity for a lot of the cybercriminals. “The sheer rise in the volume of phishing attacks, in particular, continue to cause problems for both consumers and businesses.”Cybercriminals are mainly targeting all kinds of personal and business-related information. “They will typically come in to look for the financial information,” the author added. “So if they can get into your system and understand what your Mpesa PIN number are, they will certainly infiltrate that data back to their command and control centre quicker than you can blink and run down your Mpesa accounts.” The author said the report found South Africa was increasingly seen as a launch pad for malware attacks on other countries.Also, the use of mobile devices in Kenya, internet consumption and Kenyans immediate acceptance of new technologies appealed to cybercriminals. “South Africa is one of the best, if not the best, developed economies in Africa while Kenya is one of the best performing,” author said. “Kenya and South Africa are very much early adopters society, which means Kenyans and South Africans live a lot of their lives online and certainly have a high take-up rate of new technologies whether it’s mobile money payments, internet banking, or internet connectivity, the rise of tablets and stuff like that.”So both countries present a very attractive target for a lot of the cybercriminals.” The author in addition told your blogger the large number of small-to-medium businesses in Kenya was another allure for cybercriminals. “More than 90 per cent of Kenyan organisations are SMBs and if you think about the attacks on larger organisations, if a cybercriminal is going to go after a bank or one of the Nairobi Securities Exchange companies, they’re pretty much going to have that attack contained,” author noted.In conclusion, Kenya and South Africa needed to better invest in cybersecurity education in tertiary institutions and to reach out to the private sector in a bid to form alliances that will deter cyber criminals from attacking vulnerable networks.

Contador Harrison