The 2021 figures on cybercrime in Africa, compiled by Interpol and private companies in the sector, show how unprepared some countries are for cyberattacks. Explanations.
Online extortion, false transfer orders, DDoS attacks, hacking… cybercrime in Africa has grown in recent years, to the almost general indifference of governments and international institutions.
Some African countries, such as Nigeria and Ivory Coast, known to harbor the highest number of cybercriminals on the continent, are seeing cybercrime drop. But the phenomenon has grown in Morocco, Kenya, Tunisia and Ghana.
South Africa, which remains the African country from which emanate the most cyber threats, remains at the top of all rankings devoted to cybercrime. We particularly remembera large-scale attack that had paralyzed several ports in the country in July 2021. But South Africa is no exception.
Despite a drop of more than 44% in the number of cybercrimes committed from Nigeria, the latter remains the capital of “fraud on the president” (FOVI), with 64% of the FOVI committed in Africa.
The phenomenon of 'grazers', who combine persuasion with skill in committing online scams, is also a Nigerian specialty. A report, published in 2020 and authored by Agari's Cyber Intelligence Division (ACID), highlights that 60% of global FOVI threat actors are based in 11 countries in Africa.
The report also notes that “83% of African attackers, and 50% of global FOVI threat actors, came from Nigeria” last year. Figures certainly overestimated, but not very far from reality.
Massive attacks kept secret
However, it is above all the large-scale attacks that are of concern in Africa. Because beyond ransomware or small private attacks, the threat of hacking and general failures caused by denial of service attacks (DDos) sometimes cause irreparable damage.
This was the case, for example, of the Mirai botnet attack in Liberia in 2016, which crippled the entire country's internet infrastructure. In 2019, RSAWEB, one of South Africa's leading internet service providers (ISPs), was crippled for an entire day following a DDoS attack. Another attack, in early 2021, targeted the National Bank of Ethiopia. Finally, in Kenya, an attack compromised the Kaseya cloud service, shutting down dozens of businesses for almost five days.
Read: Cyberattacks cripple South African ports
Massive attacks which have, for the most part, been kept secret by the authorities of the various countries to avoid repercussions on the economies of these States.
The lack of information sharing by authorities responsible for cybersecurity in Africa is a major reason for the proliferation of DDoS attacks. The same goes for hacking, which essentially exploits security flaws in corporate or institutional networks. Two major threats that could be scaled back if the details of the attacks were revealed by the different countries, estimates Interpol.
The role of sovereign data in “cyberhygiene”
It is therefore, in part, a crisis of confidence that prevents an effective response to cyberattacks in Africa. Part of the responsibility also lies with processors of African data, namely American and Chinese companies.
In Africa, whole countries store their data abroad, like the Democratic Republic of Congo (DRC) which still has no data center. Other countries have their data centers built by foreign private companies, which only offer an economic advantage, but no guarantee of data integrity.
Indeed, data centers often require an impeccable security infrastructure and are the first targets of cyberattacks in the world. It is clear that African countries without experience in data networking at the national or regional levels have no experience in cybersecurity.
The figures on cyberattacks should therefore be put into perspective. In a country like South Africa, if cyber threats are omnipresent, the country nevertheless enjoys exemplary digital sovereignty on the continent. A kind of long-term investment that allows the country to make breathtaking technological advances, like DABUS artificial intelligence.
An irreversible crisis of confidence?
A balance between sovereignty and security is therefore the ideal in Africa. As the Interpol report points out, cooperation in terms of cybersecurity in Africa often remains mere slogans.
In May 2021, Interpol had established an African “desk” for joint operations against cybercrime. The AFJOC project, which brought together 49 signatory African countries, however, did not yield any real results, except for the arrest of the pirate Dr Hex in Morocco.
This highlights the crisis of confidence that exists vis-à-vis international bodies which, although justified, must imperatively give rise to an alternative. Because, in the era of globalization, digital nationalism is counterproductive, especially in Africa where a great delay must be caught up.
Indeed, the installation of telecommunications infrastructure and internet penetration are progressing slowly but surely. However, cybercrime is spreading at a much faster rate in Africa.
Dakar Forum – Cybercrime at the center of the debates: https://t.co/5ub2DEvLw6 #Afrique pic.twitter.com/kCT3blO2H3
— AllAfrica Fr (@AllAfricafrench) December 7, 2021