Somali Magazine Sep 24,2023-A new report by cybersecurity giant Kaspersky shows that African nations are at risk of cyberattacks ranging from malicious scripts, phishing pages, Trojans, spyware, and miners are increasing in number and frequency
Kespersky survey shows that Industrial Control System (ICS) computers in Africa received more cyberattacks in the six months to June 2023, exposing the rising cybersecurity risks across the continent that could jeopardize industries.
According to the ICS CERT landscape report, these attacks were detected on 40.3 per cent of ICS computers on the continent placing Africa first among other regions.
The report further revealed that malicious objects of all types were detected and blocked with top industries under attack indicated as energy (45 per cent), engineering & integration (44 per cent) and building automation (40 percent). All these attacks were blocked after detection.
Cyberattacks on industrial computers are considered to be extremely dangerous. This is because they may cause material losses and production downtime for the controlled production line or even entire plants. Moreover, industrial enterprises put out of service can seriously undermine a region’s social welfare, ecology and macroeconomics.
An analysis of the most significant and targeted threats detected on ICS computers in selected countries of Africa in the first half of 2023 shows that the threat landscape can vary between countries. It also varies between industries due to the differences in the security maturity of different countries/industries and the current focus of threat actors.
In South Africa, malware was detected and blocked on 29.1 per cent of ICS computers in the half to June. In Nigeria, malware accounted for 32.6 percent, while in Kenya it was on 34.5 percent of machines.
A low-risk attack on IT infrastructure can still be a significant threat to operational technology (OT). While overall, the threat types that find their way to ICS computers remains relatively the same, there is a rise in the share of ICS computers facing malicious scripts and phishing pages along with Trojans, spyware and miners, which would be normally delivered by the malicious scripts.
“Crypto miners are generally overlooked as a significant threat, which is not a good approach. While the influence of miners on the office network may be insignificant, in the course of their work and distribution, they can lead to the denial of service for some components of the automated control system,” security expert at Kaspersky Kirill Kruglov said.
In the half, Africa had the highest percentage of ICS computers on which spyware was blocked (9.8 percent). The Middle East and Southeast Asia had similarly high percentages (8.3 per cent and 8.1 per cent). The global average stands at 6.1 per cent.
Africa registered highest percentage of ICS computers (14.8 per cent) on which attacks from denylisted internet resources were blocked. The global average is 11.3 per cent. Denylisting is a security capability that reduces harmful security attacks by denying access to listed elements
Viruses and worms spread across ICS networks by means of removable media, shared folders, infected files, such as backups, and network attacks on outdated software.
The percentage of ICS computers on which worms were detected in Africa at 7 percent. In comparison, the global average of 2.3 per cent makes Africa the leader by percentage of ICS computers on which threats were detected after removable devices were connected.
“In some regions, legacy ICS systems that lack modern security features are still in use. These systems are often more vulnerable to cyber threats and require significant upgrades. Additionally, some critical infrastructure in Africa is located in remote areas with limited connectivity, which can make it difficult to monitor and secure ICS assets effectively,” Head of Kaspersky ICS CERT Evgeny Goncharov noted.
Way forward in curbing cyberattack in Africa
According to Kaspersky, firms need to conduct regular security assessments of OT systems to identify and eliminate possible cyber security issues. This way, they can also establish continuous vulnerability assessment and triage as a basement for an effective vulnerability management process.
Additionally, firms need to perform timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
They also need to improve their response to new and advanced malicious techniques by building and strengthening their teams’ incident prevention, detection, and response skills. Dedicated OT security training for IT security teams and OT personnel is one of the key measures helping to achieve this.
“By understanding these risks, organizations can make informed decisions, allocate resources wisely, and efficiently fortify their defenses. In doing so, they not only protect their bottom line but also contribute to a safer and more secure digital ecosystem for all,” Goncharov noted.