Check Point® Software Technologies Ltd., a leading AI-powered, cloud-delivered cybersecurity platform provider, has published its Global Threat Index for May 2024.
The Index assesses the cybersecurity risk of countries worldwide, with a lower rank indicating higher risk and a higher rank indicating lower risk.
The May 2024 Index highlights significant variations in cybersecurity risk levels across African countries. Egypt ranked highest on the Index among the 111 countries surveyed, followed by Namibia (108th) and South Africa (68th). Ethiopia and Zimbabwe faced the highest risks, being placed second and third respectively on the Index. Other African countries continue to face cybersecurity challenges with Angola (5), Maldives (6), Kenya (9), Ghana (11), Mauritius (18), Morocco (21), Uganda (23) and Nigeria (40) having among the lowest rankings.
Egypt, Namibia and South Africa’s positions in the Global Threat Index for May 2024 underscore the effectiveness of their strategic approaches to cybersecurity. Their success serves as a model for other African nations striving to improve their cybersecurity posture.
Vincent Mabaso, Distribution Lead: Africa, Check Point Software Technologies
Last month, researchers uncovered a malspam campaign orchestrated by the Phorpiex botnet. The millions of phishing emails sent contained LockBit Black – based on LockBit3 but unaffiliated with the Ransomware group. In an unrelated development, the actual LockBit3 ransomware-as-a-Service (RaaS) group surged in prevalence after a short hiatus following a global takedown by law enforcement, accounting for 33% of published attacks.
The original operators of the Phorpiex botnet shut down and sold the source code in August 2021. However, by December 2021, Check Point Research (CPR) discovered it had reemerged as a new variant called “Twizt”, operating in a decentralized peer-to-peer model.
In April of this year, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) found evidence that Phorpiex botnet, which ranked sixth in last month’s threat index, were being used to send millions of phishing emails as part of a LockBit3 ransomware campaign. These emails carried ZIP attachments that, when the deceptive .doc.scr files within were executed, triggered the ransomware encryption process. The campaign used over 1,500 unique IP addresses, primarily from Kazakhstan, Uzbekistan, Iran, Russia, and China.
Meanwhile, the Check Point Threat Index highlights insights from “shame sites” run by double-extortion ransomware groups posting victim information to pressure non-paying targets. In May, LockBit3 reasserted its dominance, accounting for 33% of published attacks. They were followed by Inc. Ransom with 7% and Play with a detection rate of 5%. Inc. Ransom recently claimed responsibility for a major cyber incident that disrupted public services at Leicester City Council in the UK, allegedly stealing over 3 terabytes of data and causing a widespread system shutdown.
While law enforcement bodies managed to temporarily disrupt the LockBit3 cybergang by exposing one of its leaders and affiliates in addition to releasing over 7,000 LockBit decryption keys, it is still not enough for a complete takedown of the threat. It is not surprising to see them regroup and deploy new tactics to continue in their pursuits.
Ransomware is one the most disruptive methods of attack employed by cybercriminals. Once they have infiltrated the network and extracted information, the options are limited for the target, especially if they cannot afford to pay the ransom demands. That is why organisations must be alert to the risks and prioritise preventative measures.
Maya Horowitz, VP of Research, Check Point Software