Africa is still dealing with cybercrime, with Ethiopia at the top.

Ethiopia is the most commonly targeted country by malware, as cyber criminals continue to use legitimate platforms to avoid detection while establishing persistence.

This is according to Check Point's Global Threat Index for February 2025, which shows the rise of AsyncRAT, a remote access Trojan (RAT) that is still evolving as a significant threat in the cyber scene.

Zimbabwe, Uganda, Nigeria, Angola, Kenya, Mozambique, and Ghana are among the top 20 most heavily targeted countries. South Africa was ranked 59th with a Normalised Risk Index of 40, a drop from 66th last month.

According to Check Point security analysts, AsyncRAT is increasingly being used in cybercrime activities, with malware distributed through platforms such as TryCloudflare and Dropbox.

Clop remains a major player in the ransomware area, using the "double extortion" approach to threaten victims with the public release of stolen data in exchange for a ransom, said the report.

This, according to the company, reflects the growing practice of exploiting legitimate platforms to circumvent security measures and maintain persistence across targeted networks.

According to the cyber security firm, the attacks often begin with phishing emails including Dropbox URLs, followed by a multi-step infection process using LNK, JavaScript, and BAT files.

“The cyber security landscape in South Africa reflects the broader challenges facing Africa. With increasing digital transformation in critical sectors such as finance, education, and government, we are also witnessing a sharp rise in sophisticated cyber threats," says Lionel Dartnall, SADC country manager, Check Point Software Technologies.

"Cybercriminals are leveraging legitimate platforms to deploy malware and avoid detection. Organisations must remain vigilant and implement proactive security measures to mitigate the risks of such evolving threats,” adds Maya Horowitz, VP of research at Check Point Software.