Read time: 3 minutes

Rapid rise in cyber attacks against small businesses in Kenya, Nigeria

Small businesses in Kenya face a 47% increase in internet attacks in 2022, while counterparts in Nigeria are dealing with an 89% increase in Remote Desktop Protocol attacks, according to Kaspersky.

Kaspersky assessed the dynamics of attacks on small and medium-sized businesses between January and April 2022 and the same period in 2021, to identify which threats pose an increasing danger to entrepreneurs.

The release of the company’s research is well-timed, given the focus on cyber security and Africa’s threat landscape this week during the ITWeb Security Summit 2022 (ITWSS2022) hosted in Johannesburg.

Kaspersky’s researchers said compared to the number of infections in 2021 (88 455), there has been a clear increase in 2022, with 130 111 infections detected in the first four months of the year.

The company added that when a small business owner is faced with the responsibilities of production economics, financial reports and marketing all at the same time, cybersecurity can often appear complicated and, at times, unnecessary.

“However, this disregard for IT security is being exploited by cybercriminals,” the company stated.

ITWeb reported that in his keynote presentation at ITWSS2022, Lt Colonel James Emerson, VP of the National White Collar Crime Centre (NW3C) in the US, said, “South Africa had the third-highest number of cyber crime victims in the world as I understand the statistics available publicly. This cost South Africa somewhere in the neighbourhood of 2.2 billion rand according to Accenture.”

He added that in 2021, web applications, e-mail applications and virtual private networks were compromised at every level. In addition, 66 zero day exploits were detected - roughly twice the number from the previous year.

In 2022, the number of Trojan-PSW (Password Stealing Ware) detections in Kenya increased by 16% when compared to the same period in 2021 - 12 639 detections in 2022 compared to 10 934 in 2021. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the corporate network and steal sensitive information.

Another popular attack tool used on small businesses in Kenya is Internet attacks, specifically, web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&C centres, etc. The number of these attacks increased by 47% in the country.

With the shift towards remote working, many companies have introduced the Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home. While the overall number of attacks on RDP has decreased slightly in Kenya, globally this threat is still a challenge. For example, in the first trimester of 2021 there were about 47.5 million attacks in the U.S., whereas for the same period in 2022 the number had risen to 51 million.

Denis Parinov, security researcher at Kaspersky, said, “With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups. Cybercriminals are already way ahead of the curve, so much so that virtually every organisation will experience a breach attempt at some point. For small companies today, it's not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development.”

Attacks in Nigeria

Small businesses in Nigeria are facing an 89% increase in Remote Desktop Protocol attacks in 2022, according to Kaspersky.

The company underlines the threat posed by Trojan-PSW (Password Stealing Ware) or malware that steals passwords, along with other account information, which then allows attackers to gain access to the corporate network and steal sensitive information.

This year the number of Trojan-PSW (Password Stealing Ware) detections in Nigeria more than doubled from 1076 in 2021 to 2654 when compared to the same period in 2021, the cyber security firm announced.

Another popular attack tool used on small businesses is internet attacks, specifically, web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&C centres, etc.

While the number of these attacks decreased in the first four months of 2022 in Nigeria (56 836 infections in 2022 compared to 99 146 infections in 2021), internet attacks are still a concern and need to be protected against.

Kaspersky added that with the shift towards remote working, many companies have introduced the Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.

The number of attacks on RDP has increased significantly in Nigeria, by 89%. In the first four months of 2021, there were 161 000 RDP attacks detected and blocked by Kaspersky in the country. For the same period in 2022 the number has risen to 303 500 attacks.

Daily newsletter