Eight African nations have ranked among the 20 most targeted countries for cyberattacks globally, with Ethiopia leading the list at a 100% Normalised Risk Index.
This is according to Check Point Software Technologies’ January 2025 Global Threat Index, which reveals that FakeUpdates malware is at the top of cybercrime, enabling large-scale ransomware attacks across the continent.
FakeUpdates is a downloader malware that cybercriminals use to launch ransomware attacks. First detected in 2018, FakeUpdates typically infiltrates systems through deceptive browser update prompts on compromised websites.
Ethiopia Leads as Most Attacked
Ethiopia ranks first globally with a 100% Normalised Risk Index, making it the most targeted nation out of 109 surveyed. Zimbabwe, Angola, and Uganda follow, securing positions within the top 10. Nigeria, which was ranked 13th in the previous report, has moved up to 11th place with an increased risk index of 62.7.
The rankings for other African countries in the top 20 are:
- Zimbabwe – 5th place (77.7)
- Angola – 9th place (66.1)
- Uganda – 10th place (64.5)
- Nigeria – 11th place (62.7)
- Kenya – 14th place (59.4)
- Ghana – 16th place (58.9)
- Mozambique – 17th place (57.9)
South Africa, which previously ranked higher, has dropped three spots to 66th place, while Egypt ranks 97th, making it the least attacked country in Africa.
How FakeUpdates Malware Fuels Cyber Threats
Security experts have traced several ransomware attacks back to FakeUpdates, which continues to be a favoured tool among cybercriminals. A recent investigation found that an affiliate of the ransomware group RansomHub used a Python-based backdoor to maintain access and deploy ransomware.
This technique, coupled with lateral movement via Remote Desktop Protocol (RDP), allowed attackers to establish prolonged access through scheduled tasks.
Maya Horowitz, VP of Research at Check Point Software, stated: “AI is transforming the cyber threat landscape, with cybercriminals rapidly evolving their methods, leveraging AI to automate and scale their tactics and enhance their capabilities. To effectively combat these threats, organizations must move beyond traditional defences and adopt proactive, adaptive AI-powered security measures that anticipate emerging risks.”
Other Malware Threats on the Rise
Beyond FakeUpdates, the report identified other highly active malware families:
- Formbook – An infostealer malware that extracts credentials, logs keystrokes, and downloads additional malicious files.
- Remcos – A Remote Access Trojan (RAT) that exploits Windows vulnerabilities to bypass security restrictions.
For mobile devices, the most active threats include:
- Anubis – A banking trojan capable of bypassing multi-factor authentication and recording keystrokes.
- AhMyth – A remote access trojan that disguises itself as a legitimate app to steal sensitive information.
- Necro – An Android malware that downloads and executes malicious components.
Most Targeted Sectors and Ransomware Groups
According to the report, the education, government, and telecommunications sectors are the most attacked industries globally. Among ransomware groups, Clop was identified as the most active, responsible for 10% of known attacks. It was followed by FunkSec (8%) and RansomHub (7%).
The findings highlight the growing cybersecurity risks faced by African nations, reinforcing the need for stronger digital defences against evolving threats.
