Check Point says its recent investigations have unveiled cybercriminals' use of Virtual Hard Disk files to distribute Remcos, a remote access Trojan (RAT), circumventing conventional security protocols.

Eight African countries are among the top 20 countries targeted by cyber criminals.

This is according to Check Point Software Technologies, which provides AI-powered, cloud-delivered cyber security solutions.

Yesterday, Check Point released its Global Threat Index for March 2024, saying the African countries most under attack from cyber criminals are Ethiopia (2), Zimbabwe (3), Maldives (4), Kenya (7), Uganda (8), Angola (11), Morocco (17) and Nigeria (20).

South Africa has dropped eight places and ranks 64th on the list, said the company.

The company notes that the top three malware families in Africa are FakeUpdates, Qbot and Formbook.

FakeUpdates: a JavaScript downloader, known as SocGholish, responsible for distributing additional malware payloads. The average global impact of FakeUpdates is at 6.47%, in South Africa it’s at 8.55%, while for Nigeria it’s at 29.73%.

Qbot: a multipurpose malware targeting credential theft, keystroke logging, and additional malware deployment. The average global impact of Qbot is 2.66%, in South Africa it’s at three percent, in Nigeria it’s at 6.7% and 40% in Zimbabwe.

Formbook: an infostealer targeting Windows OS, renowned for its strong evasion techniques and affordability in underground forums. The average global impact of Qbot is 2.43%, in South Africa it’s less than one percent and in Mozambique it’s at 3.12%.

Further, Check Point says its recent investigations have unveiled cybercriminals' use of Virtual Hard Disk files to distribute Remcos, a remote access Trojan (RAT), circumventing conventional security protocols.

Check Point notes that Remcos, a well-known malware dating back to 2016, is being used in a new attack strategy, infiltrating victims' devices and granting cybercriminals unfettered access.

According to the company: “Initially intended for legitimate remote system management, Remcos has been repurposed by threat actors to execute malicious activities, including data exfiltration, keystroke logging, and transmission of sensitive information to designated servers.

“Moreover, the RAT boasts mass-mailer capabilities, enabling the orchestration of distribution campaigns and the establishment of botnets. In March, Remcos ascended to the fourth position on the top malware list, underscoring its escalating threat level.”

Check Point also adds that Lockbit3 has maintained its dominance as the most prevalent ransomware group in March, despite a significant decrease in activity following law enforcement intervention in February.

The UK’s National Crime Agency (NCA) launched an international investigation that disrupted LockBit, describing it as the world’s most harmful cybercrime group.

After infiltrating the group’s network, the NCA took control of LockBit’s services, compromising its entire criminal enterprise.

Maya Horowitz, VP of Research at Check Point Software, comments: "The evolving tactics of cyberattacks underscore the dynamic nature of cybercriminal strategies. It is imperative for organisations to adopt proactive cybersecurity measures, including robust endpoint protection and comprehensive employee training, to safeguard against evolving threats."