By Emmanuel Ogbodo
Nigeria has been ranked 19th among 112 countries facing significant cyber-attacks and threats, according to Check Point Software Technologies’ Global Threat Index for July 2024. The report notes that more African countries are now among the most attacked globally.
The research focused on the Normalised Risk Index (NRI), which measures the gap between a country’s cybersecurity posture and its vulnerability to attacks. The ranking also took into account the number of attacks and the number of affected organisations in each country.
Ethiopia topped the list with an NRI of 100%, while Zimbabwe ranked third globally with an NRI of 77.1%. Nigeria experienced a sharp increase in risk, placing 19th with an NRI of 58.5%. Kenya and Ghana also saw significant increases, ranking 11th and 15th, respectively, while Zambia ranked 63rd with an NRI of 40.5%.
South Africa moved up to 59th globally (from 61st in June) with an NRI of 42%. The Maldives, Angola, and Mauritius also ranked among the top 20 most vulnerable countries, taking fourth, fifth, and ninth places, respectively.
Issam El Haddioui, Head of Security, Sales Engineering for Check Point Africa, emphasised the urgent need for improved cybersecurity for African businesses due to the evolving threat landscape and recent vulnerabilities like the CrowdStrike Falcon sensor exploit. Maya Horowitz, VP of Research at Check Point Software, highlighted the rise of malware like Remcos as an example of cyber criminals’ opportunistic nature and urged African organisations to adopt strong endpoint protection, vigilant monitoring, and comprehensive user education.
The report identified top malware families impacting Africa in July, including FakeUpdates (SocGholish), which uses fake browser update prompts to install Remote Access Trojans (RATs) like AsyncRAT. Remcos, often used for unauthorised system access, became more prevalent following the CrowdStrike update issue. Additionally, Qbot targeted organisations with credential theft and ransomware, while Phorpiex orchestrated large-scale spam campaigns, particularly in Zimbabwe and Mozambique. Vidar, an infostealer malware-as-a-service, also posed a significant threat, collecting sensitive data from browsers and digital wallets.
