Insights from four editions of Interpol's Africa Cyber Assessment Report

also ft. South Africa cyber recap

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

HIGHLIIGHT

Insights from four editions of Interpol’s Africa Cyber Assessment Report

If you haven’t seen it yet, the 4th Edition of the Africa Cyber Assessment Report by Interpol (with support from Group-IB) is out and there are promising things to pick up, like how once again, there is a spike in cybercrime across the continent, so much that 30% of all crimes in West and East Africa are now categoritically cybercrimes.

Old issues like online scams and business email compromise still top the list, but new issues such as ransomware and digital sextortion are becoming more prominent. Like every issue of the annual report, there are interesting things to pick on, but for more actionable i, you have to cross-analyze with past editions of the report. We did, and here are some of the most actionable insights we found:

1. Consistency in Top Threats: Across all four reports, online scams (especially phishing) and Business Email Compromise (BEC) consistently rank as the most prevalent and impactful cybercrimes in Africa. There remains a persistent vulnerability to social engineering tactics.

2. Rise of Ransomware: While mentioned in the 2021 report, ransomware attacks have escalated over the years, with the 2024 and 2025 reports highlighting a significant increase in attacks against critical infrastructure. This signals a shift towards more targeted and high-impact attacks by cybercriminals.

3. Technological Advancement of Criminals: The reports show a clear progression in the sophistication of cybercriminals. The 2021 report focused on relatively simpler attack vectors. By the 2025 report, there is a clear emphasis on criminals using Artificial Intelligence (AI), deepfakes, and advanced social engineering to perpetrate fraud and extortion.

4. Emergence of Crimeware-as-a-Service (CaaS): Both the 2022 and 2025 reports introduce and emphasize the growth of CaaS, where criminals can purchase tools and services to carry out attacks. This lowers the barrier to entry for aspiring cybercriminals and facilitates the scaling of malicious operations.

5. Law Enforcement and Legislative Development: The reports also reflect a growing response from African nations. Later reports (2024 and 2025) detail more specific legislative updates, the establishment of dedicated cybercrime units, and increased international cooperation through initiatives like INTERPOL's AFJOC. However, challenges such as fragmented legal frameworks, limited resources, and the need for greater public-private partnerships are recurring themes.

ICYMI: Interpol strikes again

6. Shift in Focus from Botnets to Human-centric Attacks: While botnets were a key threat in the 2021 report, they are less prominent in later reports. The focus has shifted towards threats that exploit human psychology and vulnerabilities, such as phishing, BEC, and various forms of online scams. This might also reflect the growing use of LLMs, which can personalize attacks much better than botnets.

7. Financial Impact: The estimated financial losses due to cybercrime have been consistently high and are reported to be growing, underscoring the significant economic threat that cybercrime poses to the continent's development.

ICYMI: Asian cybercrime syndicates expand to Africa

Eastplat breach

Eastern Platinum (EASTPLATS), a multinational mining company with business operations in South Africa, disclosed earlier this month that its system had been breached. Eastern Platinum Limited (Eastplats) said on May 27, 2025, that they identified a cybersecurity breach affecting its internal IT systems. The company said it took immediate steps to contain the threat and has brought in cybersecurity experts to investigate the extent of the breach and to take corrective measures. Eastplats said it confirmed that its business operations have not been disrupted by this incident, but some internal company files were leaked by unauthorized third parties on the dark web. The company said it’s currently reviewing the leaked files to meet its legal obligations and protect its business interests.

South Africa is one of the most digitally advanced countries in Africa, hosting almost half of the continent’s largest businesses. Cyber incidents in South Africa are regulated via the National Cybersecurity Policy Framework (NCPF) and the POPI Act. However, the country remains open to cyberattacks. In 2024, South Africa was ranked second among African countries with the most data breaches, totalling around 34,561,576 data breaches and ranking 39th globally. This year alone, high-profile breaches include the South African Airways breach, the Astral Foods breach, and the breach of the government-run weather service. The country has recorded other major attacks in different sectors, leading to several losses in revenue and digital disruptions.

FEATURES

• A recent report from The Hacker News details a series of cyber attacks, tracked as CL-CRI-1014 by Palo Alto Networks Unit 42, that have been targeting financial institutions across Africa since at least July 2023. Believed to be the work of initial access brokers (IABs), these threat actors utilize a combination of open-source and publicly available tools like PoshC2, Chisel, and Classroom Spy to gain and maintain access to their targets' networks, often disguising their malicious payloads as legitimate software from well-known companies.

• In this recent article from the Atlantic Council, it is argued that African countries must urgently improve their preparedness for and response to cyberattacks to avoid significant political, financial, and reputational damage. The piece highlights that as the continent undergoes a rapid digital transformation, public institutions are becoming increasingly vulnerable, yet responses to cyber incidents are often slow, siloed, and hampered by a culture of blame rather than readiness.

HEADLINE

• Bots pushed anti-China narrative ahead of Ghana mining ban

• Financial crime: MoMo fraud and illicit financial flows in Ghana

• Ethiopia, Namibia, São Tomé and Príncipe step up digitalization

• Kenyan bank CEOs warn of cybersecurity talent shortage as attacks surge

• Africa vs. deepfakes: the new frontline in digital disinformation

• Government targets loan defaulters with NIN, credit score linkage, but what about the big thieves?

• SIM holds 2 NINs after Airtel moved it from an active subscriber to a new user

ACROSS THE WORLD

• Who is most at risk from the billions of leaked Facebook and Google passwords?

• Europe’s growing fear: how Trump might use U.S. tech dominance against it

• Israeli officials say Iran is exploiting security cameras to guide missile strikes

OPPORTUNITIES

• Digital Freedom Fund

• Challenges and solutions in Africa’s cybersecurity landscape grow in its cyber strength and resilience.

• Connecting the unconnected funding program