In Africa, the agriculture, forestry and fishing sectors, followed by government services, industries most targeted by cyberattacks, with small and medium businesses bearing the brunt of attacks.

This is among the findings of Mimecast’s Global Threat Intelligence Report 2024 H1, which also found that file share abuse attacks predominantly come from domains including adobe.com, sharepoint.com and google.com.

The report analyses the threat landscape during the first six months of 2024 and offers actionable steps for organisations of all sizes to improve cyber defences. Key findings from the report include:

 

Spam and impersonation emails still favoured

In Africa, cyberattacks still predominantly use spam and impersonation emails to infiltrate defences, relying on malicious links to deliver payloads to victims’ systems.

Attacks are increasingly employing multiple layers of false information, requiring more interaction from victims. Victims are forced to click through links, respond to CAPTCHAs, and engage with false multi-factor authentication requests.

Additional obfuscation layers allow these types of attacks to fly under the radar, gaining entry where malware would be denied.

 

AI-enabled scams emerge

Globally, attackers are using generative AI more often to create phishing templates, and this trend is starting to trickle into Africa. In one case, attackers targeted corporate employees by sending 380 000 emails with an attached PDF document. Clicking on the file opens the PDF in a web browser and displays a page hosted on an AI development service.

AI-driven attacks are not just impacting businesses. Attackers are increasingly targeting consumers, using distribution lists to send mass emails that pass security checks and notify recipients of an imminent deduction or charge. This prompts recipients to contact an AI bot call centre to collect information.

In May 2024, Mimecast detected more than 1,6-million email messages in this type of campaign.

 

Small businesses remain the prime target for cyber threats in Africa

As observed in the Q4 2023 report, small and medium businesses experience the highest volume of cyber threats.  Mimecast saw this peak below 40 threats per user (TPU) in Q1 2024 and at above 40 TPU in Q2 2024. Employees at both small and medium businesses continue to see more than twice the number of threats compared to users at large enterprises.

Analysing businesses of all sizes, the average number of TPUs slightly increased from just above mid-20 TPUs during Q4 2023 to mid-20 TPUs (Q2 2024). The threats impacting large enterprises increased in the first quarter and slightly jumped in the second quarter of this year.

“Our report, along with many others, reveals that cyber actors are increasingly targeting SMEs rather than just big businesses. We are also seeing a rise in cyber-attacks on agriculture, forestry, fishing, and government services as more governments in the region turn to the food economy to foster economic growth, reduce poverty, and improve food security,” says Brian Pinnock, vice-president and sales director: EMEA at Mimecast.

“With Africa containing some of the fastest-growing economies, and SMEs accounting for an estimated 40% of GDP in South Africa, the need for cybersecurity companies to offer tools and solutions is greater than ever.”