The internet has always been an open ground for various forms of attack by scammers, spammers and all sorts of cyber crimes. But the playing turf is gradually shifting from desktop to mobile. Especially because many people access the internet from their mobile devices and hence the increased vulnerability.
With Africa being a "mobile first" and then "mobile only" continent, the risk of vulnerability to mobile malware is very high compared to other continents with high security awareness.
Based on Check Point’s first quarter of 2016 ThreatCloud World Cyber Threat Map, Nigeria is the 16th highest ranked country, moving up two places from 18th position in the preceding quarter. Mind you, the higher the ranking the greater the risk of cyber-attack.
Developing and African nations are highly represented in the upper rankings of the index, and Nigeria was surpassed by a handful of other African countries, including Namibia and Malawi in second and fourth spots respectively. In stark contrast, Kenya improved their ranking by 24 places, moving from 45th position at the end of 2015, to 69th at the end of the quarter. While Kenya's improvement could reflect a growing maturity in security awareness, the same cannot be said of Nigeria which is battling with several internal issues.
But what I find even more interesting is the fact that China is the country with the most frequent attacks on Nigeria.
I was almost tempted to ask what my beloved country has done to China to warrant these attacks, but lo and behold Nigeria is not the only country China is attacking, as they are attacking several countries simultaneously. In fact going by the real-time information on the live map, China happens to be the most attacking country (as of this publication), with Germany, USA, Russia and Sweden occupying the the 2nd, 3rd, 4th and 5th positions on the log.
India, Turkey, Sri-Lanka, USA and Israel in that order happen to be the most targeted countries. It still remains uncertain what the debate is all about or the reason for the attacks per se, but its obviously not helping the many innocent mobile internet users.
“It’s not immediately clear why the East and West African hubs are experiencing such different moves in terms of cyber-attacks, and we are generally seeing a lot of volatility month to month for many of the countries on the index. But this quarter, mobile malware ranked as one of the ten most prevalent attack types affecting corporate networks and devices for the first time ever.” - Rick Rogers, Area Manager for East and West Africa, Check Point Software Technologies
While further speaking on the impact on the number of attacks in the region, Rick affirms that “individuals who run their businesses off mobile devices, as well as organisations who have a bring-your-own-device policy, will need to prepare for this in their security strategy. It is necessary to apply the same level of security to mobile as required by traditional networks and PCs, and security professionals must have a coherent, over-arching threat management approach that addresses this.”
Check Point identified the previously unknown HummingBad agent as a large contributor to the new top ten positioning of mobile threats as it targets Android devices specifically, facilitating malicious activity such as installing a key-loggers, stealing credentials and bypassing encrypted email containers used by companies, allowing for interception of corporate data. It was the third highest threat in Kenya in Q1 and seventh in Nigeria.
Also, more than 1,500 different malware families were detected during January, 1,400 in February and 1,300 in March. Throughout the quarter, the Conficker and Sality families were two of the most commonly used malware variants in the quarter, with Sality ranking first in both Nigeria and Kenya. In mobile devices specifically, Hummingbad ended the quarter as the top threat globally.
For now the way to go especially in Africa is still largely mobile, but we’ve gotten to a point where we need to match that with the necessary precautionary measures lest we face the consequences.