By Timi Odueso
On August 12, 2022, the South African Reserve Bank (SARB) — the country's apex bank and financial regulator — suffered a cyberattack by unknown hackers.
While the SARB claimed months later that the hack had no impact on its systems or operations, it's more alarming to know that the apex bank had to be informed about it by the US Federal Bureau of Investigation (FBI). It was apparently in the dark until then about the breach.
South Africa isn't the only African country to have its central bank suffer a data breach. Months before the SARB hack, in May 2022, the Bank of Zambia had fallen victim to the ransomware hacker collective known as Hive.
According to Bloomberg, Hive shipped sensitive test data from the bank, and disrupted some of its applications, including the bureau de change monitoring system.
The hackers also demanded an undisclosed ransom from the bank, which it refused to pay. In November, the Central Bank of Gambia suffered two separate cyberattacks.
In the first instance, hackers allegedly demanded a $2.5 million ransom in exchange for not leaking the bank's data. Then the country's civil servants were locked out of their accounts.
The losses
Across the continent, commercial banks in countries like Angola and Morocco have also reported cyberattacks from hackers who have threatened to release sensitive data to the public. Commercial banks in Nigeria, for example, lose $30 million annually to cybercrime
The source of most of these hacks on Africa's financial institutions is still unknown, but some like pan-African investigative publication Africa Intelligence speculate that the increase is due to the 2022 Russia-Ukraine war forcing many hackers abandon eastern Europe in search of other targets.
In April 2022, the FBI claimed that South Africa and other African nations were part of a group of 135 countries whose infrastructure was being targeted by Russian hackers.
Africa's cybersecurity worries aren't restricted to banks alone. In March 2022, the South African division of credit reporting company TransUnion confirmed that Brazil-based hacker collective N4ughtysecTU had stolen 4TB of data and was demanding a $15 million ransom.
The hackers also announced that they were targeting other African companies, including Absa Bank.
A few months later, in June, African multinational supermarket retailer ShopRite, which has about 3,150 stores serving 30 million customers, suffered a hacker attack from global cyber terrorist group RansomHouse.
The hackers stole 600 GB worth of customer data, including photos of government-issued IDs, and demanded a ransom.
Between 2018 and 2022, African financial institutions were specifically targeted by France-based cyberterrorists OPERA1ER. During that time, the group reportedly stole $11 million from African companies, with its actual damage estimated at $30 million.
Presently, Africa is losing $4 billion annually to cybercrime, costing the continent at least 10% of its gross domestic product (GDP).
Crypto crime
The cost will only keep increasing as cybercrime is on the rise in Africa. Between Q1 and Q2 2022, cybersecurity leader Kaspersky reported that phishing cyberattacks— the most prominent form of cybercrime — increased significantly, with Kenya and Nigeria experiencing a 438% and 174% increase in that period.
In Q2 alone, between April and June, Africa recorded over 10 million phishing attacks, a 234% increase over the previous quarter. Kaspersky also reported that 8.7% of online Africans suffered phishing attacks in 2022.
While phishing remains the most common type of cybercrime across the world and in Africa, crypto crime is also quickly gaining ground.
In 2021 alone, Kenyans lost $120 million to crypto crime while South Africans lost $99 million, per the Global State of Scams report.
South Africa has also become the subject of two record-breaking crypto scams: first, Mirror Trading International (MTI) defrauded hundreds of thousands of people of about $589 million.
Later on, crypto investment firm Africrypt scammed investors of about $3.6 billion of bitcoin. Globally, over $20 billion was lost to crypto crime in 2022. How much of that chunk is Africa's is unknown at this moment.
Other than crypto, mobile money fraud also accounts for Africa’s rising cybercrime rates. Africa leads the world’s trillion-dollar mobile money market with 70% of the sector's $1.04 trillion transaction volume.
The sector is experiencing its own share of cybercrime. In Nigeria, for example, telecom service provider MTN reported a $53 million mobile money fraud just two months after launching mobile money in the country in 2022.
More recently, Kenya telco Safaricom announced that it had fallen victim to a massive mobile money fraud worth $4 million.
Awareness needed
The good news is that African governments aren't taking the rise in cybercrime lying down. So far, 33 of Africa's 54 countries including Nigeria, South Africa and Egypt have enacted some form of cybersecurity legislation.
Not only are the countries enacting cybersecurity laws, they are also creating data protection laws that force companies to employ standard cybersecurity protocols. Interpol reports that at least 90% of African businesses are operating without the necessary cybersecurity protocols.
There are also organisations like the Ciberobs and TradePass organising cybersecurity events like Cyberx Africa Summit in Kenya, and the Cyber Africa Forum in Côte d’Ivoire.
These events, attended by thousands globally, sensitise users and companies alike to the importance of cybersecurity.
“Awareness is the biggest advancement we’re making now. People need to know about these cybersecurity risks," said Franck Kie, managing partner at Ciberobs in an interview with TechCabal last year.
“Countries like Morocco, Mauritius, Kenya, Togo, South Africa, and even Côte d’Ivoire are definitely putting cybersecurity at the top of their lists.”
With a growing list of cybersecurity legislation, events and experts, Africa may yet be able to combat its rising cybersecurity threats.
