A sharp surge in cyber threats is sweeping across Nigeria, with password stealer infections climbing 66% and spyware incidents rising 53% in the first half of 2025 compared to the same period in 2024.
This is according to new data released by global cybersecurity company, Kaspersky, shared ahead of its participation in GITEX Nigeria, one of the region’s most significant technology events taking place on September 3-4 in Lagos.
Across sub-Saharan Africa, the scale of threats is even more alarming, with 42.4 million web attacks and 95.6 million on-device attacks between January and June 2025.
Spyware cases more than doubled, password stealers increased by 64%, while backdoor infections rose 12% year-on-year.
In Nigeria alone, Kaspersky security solutions blocked 1.46 million online attack attempts during the first half of the year. Nearly one in five citizens (19.9%) were targeted, with threats ranging from phishing scams, botnets, and fake Wi-Fi networks to Remote Desktop Protocol exploits.
Beyond web-based threats, 4.97 million on-device attacks were also intercepted, where 28.6% of Nigerian users suffered infections via USB drives, CDs, DVDs, and hidden installers. These included ransomware, worms, trojans, spyware, backdoors, and password stealers.
Phishing activity showed a mixed trend. While overall phishing detections dropped by 52%, the attacks became more focused. Financially motivated phishing, targeting banks, e-commerce platforms, and payment systems, surged by 46%.
Kaspersky recorded more than 595,000 finance-related phishing attempts in Nigeria during the six-month period. Exploits targeting vulnerabilities in applications like Microsoft Office also remain a persistent danger.
Industrial systems are equally vulnerable. In the same reporting period, 26.5% of Industrial Control Systems (ICS) computers in Nigeria faced cyberattacks, with virus and worm infections posing serious threats to sectors such as power, construction, engineering, and biometrics.
Africa, according to Kaspersky, records one of the highest global rates of malicious objects detected on ICS systems.
Commenting on the findings, Chris Norton, general manager for sub-Saharan Africa at Kaspersky, warned of the risks.
“Every day, more people in Africa and in Nigeria specifically are moving their businesses, banking, and even daily errands online. But with this opportunity comes a challenge. Cybercriminals are also becoming more active, targeting not only big companies and government networks, but also ordinary people, small businesses, and industrial infrastructures we depend on.”
At GITEX Nigeria 2025, Kaspersky will deliver workshops and hands-on sessions. Attendees will learn how to use real-time intelligence to detect and respond to active threats, gain insights on building a cyber-aware workforce, explore cloud container security, and participate in the Kaspersky Interactive Protection Simulation (KIPS), an exercise designed to expose common cybersecurity mistakes among decision-makers.
In its report, Kaspersky also highlighted its ongoing partnership with Nigerian institutions. Earlier in August, it signed a Memorandum of Understanding (MoU) with the Small and Medium Enterprises Development Agency of Nigeria (SMEDAN) to strengthen SME cyber resilience. Norton explained:
“Earlier this month, Kaspersky signed an MoU with the Small and Medium Enterprises Development Agency of Nigeria (SMEDAN). That agreement is about giving SMEs more knowledge to protect themselves.
“Our role at GITEX Nigeria builds on that. For us, it is about supporting Nigeria and the broader region so that digital growth goes hand in hand with digital safety.”
With the peak in cyber threats and attacks, Kaspersky’s 2025 warning report reveals cybercriminals are growing at a huge scale just as Nigeria expands its digital footprint.
