Cyberattacks: five reasons why Africa is vulnerable

According to “ethical hacker” Clément Domingo (@_SaxX), 26 June was a red-letter day for BGFI Bank. In a tweet, Domingo said the Gabonese banking group headed by Henri-Claude Oyima was facing an ultimatum to pay a ransom of 55 bitcoins (just over €1m) to the hacker group BianLian.

Domingo, a whistleblower who claims he never publishes on a cyberattack unless it is proven, says the cyber-extortion of BGFI began on 22 June and resulted in the theft of 256 gigabytes (GB) of internal financial data (customer data, credit and bank loan reports, administrative and financial files, contact details).

This information was allegedly stolen via a breach detected in the computer system of BGFI’s DRC subsidiary, and disseminated on platforms and forums popular with hackers even before the deadline for the ransom payment.

BGFI Bank denies the attack happened. On 26 June the bank put out a statement to this effect, arguing in passing that it complies with international digital security standards: ‘Our entire banking system is currently operating correctly. The security of customer information and data, as well as the quality of our services, are constantly monitored to ensure the confidentiality, safety and integrity of our stakeholders’ data and information,’ the bank said.

A few months ago, one of BGFI Bank’s competitors, Bank of Africa, allegedly suffered a similar attack in Mali.

And on 26 May Senegal’s government websites went down. Sénégal Numérique, which manages the State’s digital infrastructure, put out a statement that service had been restored after an ‘attempted sabotage’ that had been ‘rapidly contained’.

1. Why is Africa a target?

In recent years, the African continent has seen exponential growth in mobile and fixed internet penetration. The influx of new users, the gradual digitisation of businesses and government departments and the spread of teleworking have all brought an increase in the number of ‘entry points’ for malicious hackers.

Be it a password that is too easy to guess, a telephone scam, or an email with a malicious link, various methods are used by online criminals to penetrate individual or professional telephones and computers, as well as entire corporate computer networks. The continent, less digitally secure than the global average, offers hackers an ideal gateway into international corporate networks. In response, governments are stepping up campaigns to raise awareness of good digital practices and are putting in place tools to prevent attacks. Businesses, meanwhile, are gradually realising the importance of investing in protection tools.

2. Which countries are the most affected?

The number of cyberattacks is directly correlated with the level of internet penetration in a country. With 44% of the population covered by mobile internet across the continent, Africa is only at the beginning of the threats it will have to face in the years to come. Africa’s regions are not equipped equally. Southern Africa is the best connected, ahead of North and West Africa.

This is also true of the countries considered by experts to be the most targeted. According to the Interpol report on cyber threats in Africa in 2022 (published in March 2023), Trojan horses (malicious software used to steal sensitive information) in the banking sector affected Morocco most, with 18,827 detections, ahead of South Africa (6,560), Nigeria (5,366), Cameroon (1,462) and Algeria (691).

The Shadowserver Foundation, which specialises in collecting and analysing online malicious activity, points out that South Africa was the preferred target for ransomware in 2022, account for 42% of attacks, well ahead of Morocco (8%), Botswana and Egypt (6% each), and the Kenya-Tanzania duo (4%).

3. Are some sectors targeted more than others?

Historically, the banking and financial sectors have been the first to fall victim, in particular to the false transfer order scam, which is not really a cyberattack but more a matter of social intelligence. In this technique, an offender pretends to be someone else over the phone or by email to get his target to make a transfer in his favour. Banking and insurance companies are the main targets of phishing attacks (messages sent by fake email accounts or websites urging victims to provide personal information), but they are also the most aware of and best equipped to deal with cyber threats. When it comes to ransomware, on the other hand, Interpol stresses that critical energy and transport infrastructures are among the favourite targets of hackers.

4. What motivates hackers?

Phishing, ransomware, Trojan horses, cyber-extortion, criminal software – the modus operandi may differ, but the motives are always either economic or political. Last March, for example, hackers from the Medusa group, who infiltrated the Malian subsidiary of Bank of Africa, put their booty of two terabytes of data up for sale on the dark web for $2m. It is unclear whether they were finally able to sell the database. According to Interpol, the average ransom for attacks carried out in 2022 was $812,000, although 21% of them were under $10,000.

On the other hand, the attack that targeted various departments of the Senegalese government at the end of May was perpetrated in the name of freedom of expression and for the withdrawal of Macky Sall’s candidacy for the next presidential election in February 2024.

5. How far can they go?

From the simple suspension of access to a site to the blocking of sensitive infrastructure, identity theft, or extortion of funds, a cyberattack can cause substantial financial damage to companies and governments, as well as political destabilisation and even loss of life when blackmail based on stolen information is used specifically against one or more people. This is all the more reason for African companies and governments to step up their cybersecurity measures.