Post intrusion ransomware the biggest threat to businesses in Africa
Aside from an increase in malware and new malware samples, businesses must also be alert to the capability of post intrusion ransomware.
This is according to the McAfee Threats Report: November 2020 released by device-to-cloud cybersecurity company McAfee Corp.
An examination of cybercriminal activity related to malware and the evolution of cyber threats in Q2 2020, the company witnessed an average of 419 new threats per minute as overall new malware samples grew by 11.5%.
In addition attacks on cloud services users reached nearly 7.5 million; mobile malware grew 15% driven by Android Mobby Adware surge, and publicly disclosed security incidents rose 22%; with incidents targeting technology industry increase by 91%.
The company added that a significant proliferation in malicious Donoff Microsoft Office documents attacks propelled new PowerShell malware up 117%, and the global impact of COVID-19 prompted cybercriminals to adjust their cybercrime campaigns to lure victims with pandemic themes and exploit the realities of a workforce working from home.
Raj Samani, McAfee fellow and chief scientist, said: “The second quarter of 2020 saw continued developments in innovative threat categories such as PowerShell malware and the quick adaptation by cybercriminals to target organisations through employees working from remote environments. What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”
Samani added that broadly speaking the year has witnessed a spike in the use of COVID for fraudsters. “…take South Africa for example with malicious file detections in the hundreds of thousands and quite frankly continuing to rise. The impact of these attempts is of course a concern, since they are intended to defraud the citizens at a time when we all need as much support as we can.”
However, it is the capability of post intrusion ransomware that represents the most serious threat to businesses in Africa says Samani.
“There exists a small group of criminals so adept at extorting companies that their actions are literally causing the wheels of the economy to stop turning until millions are deposited into criminal enterprise. We have to recognise that cyber is not an IT issue but the basis of our economy, and broader society,” he adds.
Samani senses that businesses are in a continual crisis. “With major vulnerabilities, or the capability of threat groups improving it does feel we jump from one major escalation to another. Although this is the nature of the cyber professional. Since we have to get everything right all of the time, the bad guys only need to be right once!”
He advocates that businesses be absolutely clear about the systems, people and processes required to maintain the core business and ensuring that appropriate resilience is built in this organisation is crucial.
“Trying to work this out during a crisis is far, far too late,” said Samani.