A sharp rise in cyberattacks across Africa has highlighted an escalating trend in data-driven cyberthreats, with businesses and individuals increasingly being targeted by sophisticated malware and spyware.
New data from Kaspersky, revealed at the ongoing GITEX Africa 2025 conference in Morocco, shows a 14-percent increase in spyware incidents and a 26-percent spike in password-stealing malware attacks, underscoring the continent’s growing cybersecurity challenges.
The Johannesburg-based cybersecurity and digital privacy company said cybercriminals have intensified their efforts to exploit vulnerabilities in both corporate and individual networks, with phishing and ransomware attacks remaining significant threats.
“Our statistics show an increase in attack detections for several types of cyberthreats, and the factors driving these increases are multifaceted,” Kaspersky lead cybersecurity researcher Maher Yamout said on Wednesday.
He noted that the continuing shift toward hybrid work models and the push by companies towards digitisation of operations has left most African businesses exposed to advanced cyberthreats.
“In the B2C [Business-to-Customer] space, the explosion of digital financial services, coupled with low digital literacy rates, makes individuals prime targets for opportunistic attacks,” Yamout added.
In 2024 alone, Kaspersky detected 131.5 million web-based threats in Africa, including nearly 20 million in Kenya, 17 million in South Africa, and 12.6 million in Morocco. Businesses bore the brunt of these attacks, with web threats increasing by 1.2 percent compared to 2023.
Beyond online threats, local device-based malware has surged, particularly in Nigeria (169 percent increase), Ethiopia (86 percent), South Africa (32 percent), Senegal (11 percent), and Morocco (nine percent).
These threats, often spread through USB drives or other external media, pose serious risks to corporate and government networks.
Kaspersky urged African organisations to adopt a unified cybersecurity approach, enhance collaboration, invest in specialised training and promote digital literacy to combat the growing threat landscape.
To mitigate cyber risks, Kaspersky called on individuals to avoid downloading applications from untrusted sources, enable two-factor authentication, use strong passwords and regularly update their security software.
It also advised businesses to strengthen endpoint security, restrict exposure of remote desktop services and back up corporate data regularly to prevent loss in the event of an attack.
JN/APA