According to statistics from Kaspersky, in the first quarter of 2024, the percentage of Industrial Control Systems- ICS computers globally on which malicious objects were blocked decreased by 1.3 percentage points- pp from the first quarter of the previous year, to 24.4%. However, in Africa, the prevalence of malware remained nearly unchanged, at a significantly higher level compared to other regions, with 32.4% of ICS computers facing cyberthreats in the first quarter of 2024. Specifically, in South Africa, the figures were 23.5% in Q1 2023 and 25.5% in Q1 2024, while in Kenya they were 28.1% and 30.5%, and in Nigeria, they increased from 25.3% to 28%.
Internet, initial-access tool for cyber attacks
During the first quarter of 2024, Kaspersky’s protection solutions blocked malware from 10,865 different malware families across various categories on industrial automation systems. The African region is particularly susceptible to threats spread via the Internet, which are the most common initial-access tools for cyber attackers. Additionally, the region leads in charts of malware spread via removable devices, with 5.6% of ICS computers affected, compared to the global figure of 1.13%. This method provides cyber attackers with an alternative route to bypass perimeter safeguards and spread within internal infrastructure.
Malicious objects utilized for the initial infection of computers encompass perilous Internet resources, often added to denylists (which were blocked on 8.78% of ICS computers in Africa), malicious scripts, phishing pages (6.9%), and malicious documents (1.83%). These entities typically serve as the opening gambit in the attack sequence, and consequently, security solutions more frequently intercept them. This trend is commonly reflected in Kaspersky Security Network statistics.
Following the initial breach, malicious objects carry secondary malware such as spyware, ransomware, and miners to victims’ systems. Spyware (comprising Trojan-Spy malware, backdoors, and keyloggers), predominantly employed for financial theft or data exfiltration, is prevalent both globally and in Africa (intercepted on 6.65% of ICS computers in Africa).
Malware heightened in African region
Worms and viruses constitute self-propagating malware varieties. To proliferate throughout ICS networks, viruses and worms exploit removable media, network folders, infected files (including backups), and network vulnerabilities in outdated software. This category of malware exhibits heightened activity levels in African nations compared to other regions and the global average. The exceptionally elevated rates of self-propagating malware in the region likely indicate a substantial portion of OT infrastructure lacking adequate protection from security solutions (thus serving as a continuous source for malware propagation), highlighting the imperative need to bolster cybersecurity practices and adhere to stringent cybersecurity protocols.
ICS computers in Africa continue to encounter clandestine crypto-mining programs, including miners in the form of executable files for Windows and web miners, although this type of malware has been on the decline in recent years. If successfully deployed, these programs afford cybercriminals a steady stream of revenue by harnessing the victim’s computer processing power.
Given the widespread use of AutoCAD software in ICS organizations, cybercriminals also attempt to exploit this and similar programs by crafting specialized malware. Detection of such malware increased in the first quarter of 2024 compared to previous quarters.
Ransomware
The Middle East and Africa lead among regions where ransomware is disseminated, albeit in relatively low numbers (0.28% and 0.27% of ICS computers, respectively). Nonetheless, this presents a significant risk to organizations, particularly if cybercriminals opt for the data encryption scenario.
Security mindset
Head for Kaspersky’s ICS Cyber Emergency Response Team, Evgeny Goncharov, says “Africa is actively integrating technologies, but it’s important to keep cybersecurity in mind and apply it to both new technologies and currently used solutions. By a security mindset we mean implementing reliable solutions, setting up security policies and educating employees depending on their level of relation with OT. This applies to all infrastructures, but is especially important in operational technology, where risks of material consequences are very high and impact on safety is possible. We hope organisations in Africa will set the stage in the region for a future where technology and security go hand in hand.”
To keep ICS computers protected from various threats, Kaspersky experts recommend:

Using security solutions for operation technology endpoints and networks, such as Kaspersky Industrial Cybersecurity to ensure comprehensive protection for all industry critical systems.
Regularly updating operating systems and application software that are part of the enterprise’s industrial network. Apply security fixes and patches to ICS network equipment as soon as they are available.
Conducting regular security audits of operation technology networks to identify and eliminate security issues.
Undertaking dedicated ICS security training for IT security teams and OT engineers, which is crucial to improve responses to new and advanced malicious techniques.
Using ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological processes and main enterprise assets.
Protect IT infrastructure using solutions for timely detection of cyberthreats, investigation, and effective remediation of incidents, such as Kaspersky Next.
Providing the security team responsible for protecting industrial control systems with up-to-date threat intelligence. ICS Threat Intelligence. Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems and how to mitigate them.

Source: Kaspersky
 The post Key Cyberthreats- Trojan Spy, Ransomware: African Industries first appeared on IT News Africa | Business Technology, Telecoms and Startup News.