While Africa took longer than the rest of the world to fully embrace the internet, it soon made up for lost time as the mobile revolution swept the continent during the last decade, allowing tens of millions of Africans to leapfrog desktop computing and access the transformative mobile products and services of the digital economy. Today, there are over 525 million African internet users, which is more than in North America and the Middle East combined.
With that exponential growth comes increased attention from opportunity-seeking hackers and fraudsters determined to find holes in nascent online security systems and exploit them. While the value of the African hacks thus far pales in comparison to what is going on in more developed economies, the number of attacks that enterprises withstand has grown. African enterprises are attacked by malicious hackers more frequently than enterprises elsewhere in the world, according to Check Point Software research.
Here are key data breaches and security stories over the last year in the most important economies in sub-Saharan Africa.
Shadow Kill Hackers hit Johannesburg
In October, Johannesburg woke up to the news that the city's municipal website and billing services had been hacked by a group calling themselves Shadow Kill Hackers. The group was demanding a ransom of four bitcoins, approximately $30,000 at the time, in order to stop the group releasing all of the data they had procured onto the internet.
A ransom note was posted to several employees of the city, which simply read "All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information." The group then posted screenshots on Twitter to prove they had hacked into the city's Active Directory server.
The sense of dread was heightened by news that several prominent South African banks went offline at the same time, but the group put out a statement saying that the bank hack had nothing to do with them. As a precaution the city took all of its services offline while it implemented security procedures.
Though the hack was termed as ransomware by some media outlets, technically it was not -- the hacker group apparently accessed data and then used it to ask for ransom, but did not use software that encrypted data (the usual definition ransomware). After the data breach, the city acknowledged its impact, but said it would not pay the ransom.
"The City of Johannesburg can confirm that the recent cyberattack on our ICT systems have had a significant impact on our ability to deliver services to our residents," City Councillor Funzela Ngobeni said in a statement. "I can confirm that the City will not concede to their demands and we are confident that we will be able to restore systems to full functionality."
In the days following the attack, city services slowly came back online, though city officials did not detail what procedures they implemented to get systems up and running again safely. Though the ransom demanded was small, relative to a big city budget, the breach showed how data breachers can bring important public services in a major city to a halt.
Operation reWired nets Nigerian scammers
In Africa's most populous country, Nigeria, most cyberattacks go unreported and there seems to be a worrying lack of commitment from the government to take cybersecurity seriously. There have been numerous hacks of government-owned websites over the past decade, yet apparently not a lot has been done to tighten security. From the National Assembly website, to the Small and Medium Enterprises Commission, and even the Nigerian Court of Appeal -- each of those critical sites has been hacked in the last few years without an effective response from the government.
Most of the cybercrime emanating from Nigeria seems to occur in the form of 419 scams and other confidence tricks but surely it is only a matter of time before larger, more sophisticated hacking becomes commonplace.
One piece of good news was the announcement in September from the U.S. Department of Justice that it had been working with the Nigerian authorities on Operation reWired to crack down on a number of business email compromise schemes, which had led to losses of over US $1.3 billion in 2018. In a typical scenario, according to the FBI, two men in the U.K. and Nigeria sent emails to an executive at a company in Connecticut, in the U.S. The emails appeared to be from the company's CEO, who was located overseas. "The purported CEO was requesting a wire transfer of funds," the FBI said in a press release. "The email looked legitimate, so the company's controller sent multiple wire transfers totaling more than US US $500,000. But as it turns out, the CEO's email account had been spoofed--and the money went straight into accounts managed by the criminals."
Individuals from all over the world have been arrested in the operation, including from Ghana and Kenya. The sweep resulted in the seizure of nearly US$3.7 million and the disruption and recovery of approximately $118 million in fraudulent wire transfers, according to the U.S. DOJ.
SilentCards hits Kenyan banks, and expands
After getting away with a 400 million Ksh US $4 million from an unnamed bank late 2018, the hacker group SilentCards proceeded to lift 11 million shillings from several Barclays ATMs in Nairobi over Easter weekend last year, and from there went on to hit other banking institutions as well as various small and medium-size enterprises, according to cybersecurity firm OnNet.
What's worse, after focusing on Kenya, throughout the year, the group went on to hit neighboring countries in east Africa and from there, into Central Africa. Banks have been hit in Tanzania, Rwanda and Uganda. The full list of companies hit by the group includes mobile banking service providers, ISPs, hedge funds, betting firms and government financial agencies, according to OnNet. From 2018 to mid-2019, the group had made away with a total of 2 billion shillings, OnNet said.
This group is allegedly led by an ex-police officer who became a bank employee, then quit with the knowledge that he had gained and began exploiting loopholes in the banking infrastructure to carry out the hacks. It's been reported that the group frequently buys legitimate bank cards from poor students who don't ask too many questions, and uses them to conduct the looting.
In addition, the group is known to work with bank insiders who bring rogue laptops loaded with remote access tools like GoToMyPC and Teamviewer into the workplace, and proceed to load legitimate workstations with keyloggers, monitoring software designed to record keystrokes made by a user. The keyloggers were apparently inherited from a hacking group known as Forkbombo, from which the SilentCards member split to go out on their own. SilentCards has now become the most successful hacker group in Central and East Africa.
And the most targeted African nation is Namibia
While the cost of data breaches in Africa is less than that suffered by more developed markets, organizations in Africa were attacked on average 1502 times per week, compared to 596 attacks per organization globally, according to a Check Point research report in October. The most surprising conclusion from the report, given the reputation of other countries on the continent, was that the African nation most targeted by cybercriminals was Namibia. The reason is not because there is an extraordinary amount of wealth in that country relative to others. There is, however, a distinct lack of regulation and security to protect against unscrupulous elements.
The Namibian CyberSecurity Bill was first tabled in 2017, but it had numerous flaws that made it unsatisfactory, and nearly three years later, the bill has still not become law while the nature of online threats keeps changing and becoming more and more sophisticated.
Meanwhile the other nations that have the dubious distinction of being among those that are most targeted in sub-Saharan Africa are, in descending order after Namibia: Zambia, South Africa, and Nigeria.
Prevention is key to security
Common threads throughout the big African data breaches and security stories over the past year include government institutions that are vulnerable to players with sophisticated online tools and private enterprises that fall prey to insider threats. While cybersecurity regulations would help, prevention is key.
Eighty-four percent of the malicious files in Africa were delivered via the internet, compared to 63 percent of malicious files globally, according to Check Point. "As such, it's essential that organizations deploy latest generation anti-malware solutions on their networks as well as on employees' mobile devices, to protect all enterprise endpoints," said Maya Horowitz, director, Threat Intelligence & Research, Products at Check Point, in a statement accompanying the October report. "They should also educate employees about the dangers of opening email attachments, downloading resources or clicking on links that do not come from a trusted source or contact."